mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-13 17:39:57 +00:00
Code Issues Projects Releases Wiki Activity

wolfssl: patch CVE-2026-5447

Browse Source 
Backport commit from the PR[1] mentioned in the nvd[2]

[1]https://github.com/wolfSSL/wolfssl/pull/10112
[2]https://nvd.nist.gov/vuln/detail/CVE-2026-5447

Dropped unit test changes during the backport.

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
This commit is contained in:
Ankur Tyagi
2026-04-30 23:46:45 +12:00
committed by Anuj Mittal
parent f75da20d3e
commit 2306b7a87e
2 changed files with 66 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-5447.patch
+65
View File
@@ -0,0 +1,65 @@
From 4d7eccf50dab080185d3a8763491e3febbcc257a Mon Sep 17 00:00:00 2001
From: Eric Blankenhorn <eric@wolfssl.com>
Date: Tue, 31 Mar 2026 08:56:23 -0500
Subject: [PATCH] Fix CertFromX509 copy length check
(cherry picked from commit 772cda3d489d867935202d59393a2ac85a5e6ef0)
CVE: CVE-2026-5447
Upstream-Status: Backport [https://github.com/wolfSSL/wolfssl/commit/772cda3d489d867935202d59393a2ac85a5e6ef0]
Dropped unit test changes during the backport.
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
src/x509.c | 33 ++++++++++++++++++---------------
1 file changed, 18 insertions(+), 15 deletions(-)
diff --git a/src/x509.c b/src/x509.c
index 62e3774f4..cf44c7146 100644
--- a/src/x509.c
+++ b/src/x509.c
@@ -10622,25 +10622,28 @@ static int CertFromX509(Cert* cert, WOLFSSL_X509* x509)
return WOLFSSL_FAILURE;
}
- if (x509->authKeyIdSz < sizeof(cert->akid)) {
#ifdef WOLFSSL_AKID_NAME
- cert->rawAkid = 0;
- if (x509->authKeyIdSrc) {
- XMEMCPY(cert->akid, x509->authKeyIdSrc, x509->authKeyIdSrcSz);
- cert->akidSz = (int)x509->authKeyIdSrcSz;
- cert->rawAkid = 1;
+ cert->rawAkid = 0;
+ if (x509->authKeyIdSrc) {
+ if (x509->authKeyIdSrcSz > sizeof(cert->akid)) {
+ WOLFSSL_MSG("Auth Key ID too large");
+ WOLFSSL_ERROR_VERBOSE(BUFFER_E);
+ return WOLFSSL_FAILURE;
}
- else
+ XMEMCPY(cert->akid, x509->authKeyIdSrc, x509->authKeyIdSrcSz);
+ cert->akidSz = (int)x509->authKeyIdSrcSz;
+ cert->rawAkid = 1;
+ }
+ else
#endif
- if (x509->authKeyId) {
- XMEMCPY(cert->akid, x509->authKeyId, x509->authKeyIdSz);
- cert->akidSz = (int)x509->authKeyIdSz;
+ if (x509->authKeyId) {
+ if (x509->authKeyIdSz > sizeof(cert->akid)) {
+ WOLFSSL_MSG("Auth Key ID too large");
+ WOLFSSL_ERROR_VERBOSE(BUFFER_E);
+ return WOLFSSL_FAILURE;
}
- }
- else {
- WOLFSSL_MSG("Auth Key ID too large");
- WOLFSSL_ERROR_VERBOSE(BUFFER_E);
- return WOLFSSL_FAILURE;
+ XMEMCPY(cert->akid, x509->authKeyId, x509->authKeyIdSz);
+ cert->akidSz = (int)x509->authKeyIdSz;
}
for (i = 0; i < x509->certPoliciesNb; i++) {
meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb
+1
View File
@@ -43,6 +43,7 @@ SRC_URI = " \
file://CVE-2026-5392.patch \
file://CVE-2026-5446-1.patch \
file://CVE-2026-5446-2.patch \
file://CVE-2026-5447.patch \
"
SRCREV = "b077c81eb635392e694ccedbab8b644297ec0285"