mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 05:49:57 +00:00
Code Issues Projects Releases Wiki Activity

libiec61850: patch CVE-2024-26529

Browse Source 
Details https://nvd.nist.gov/vuln/detail/CVE-2024-26529

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
This commit is contained in:
Ankur Tyagi
2025-10-21 19:34:05 +13:00
committed by Anuj Mittal
parent ab31e7fd40
commit 1c8594a797
2 changed files with 34 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-networking/recipes-connectivity/libiec61850/files/CVE-2024-26529.patch
+33
View File
@@ -0,0 +1,33 @@
From e29799cba6f1d08cf6463a2b190c0e6502b885df Mon Sep 17 00:00:00 2001
From: Michael Zillgith <michael.zillgith@mz-automation.de>
Date: Fri, 2 Feb 2024 06:44:47 +0000
Subject: [PATCH] CVE-2024-26529
fixed - null pointer dereference in mmsServer_handleDeleteNamedVariableListRequest when receiving malformed message (LIB61850-430)
CVE: CVE-2024-26529
Upstream-Status: Backport [https://github.com/mz-automation/libiec61850/commit/cf94d64206cf53298edf4799a75b31657bb7cbb3]
(cherry picked from commit cf94d64206cf53298edf4799a75b31657bb7cbb3)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
src/mms/iso_mms/server/mms_named_variable_list_service.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/mms/iso_mms/server/mms_named_variable_list_service.c b/src/mms/iso_mms/server/mms_named_variable_list_service.c
index 3a27061c..3365f771 100644
--- a/src/mms/iso_mms/server/mms_named_variable_list_service.c
+++ b/src/mms/iso_mms/server/mms_named_variable_list_service.c
@@ -140,6 +140,12 @@ mmsServer_handleDeleteNamedVariableListRequest(MmsServerConnection connection,
mmsMsg_createMmsRejectPdu(&invokeId, MMS_ERROR_REJECT_INVALID_PDU, response);
goto exit_function;
}
+
+ if (request->listOfVariableListName == NULL)
+ {
+ mmsMsg_createMmsRejectPdu(&invokeId, MMS_ERROR_REJECT_INVALID_PDU, response);
+ goto exit_function;
+ }
long scopeOfDelete = DeleteNamedVariableListRequest__scopeOfDelete_specific;
meta-networking/recipes-connectivity/libiec61850/libiec61850_1.5.3.bb
+1
View File
@@ -18,6 +18,7 @@ SRCREV = "6f557c490f0b46ab5d7ef1b01bb3bc9fab3f442f"
SRC_URI = "git://github.com/mz-automation/${BPN}.git;branch=v1.5;protocol=https \
file://0001-pyiec61850-don-t-break-CMAKE_INSTALL_PATH-by-trying-.patch \
file://0001-pyiec61850-Use-CMAKE_INSTALL_LIBDIR-from-GNUInstallD.patch \
file://CVE-2024-26529.patch \
"
S = "${WORKDIR}/git"