mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-16 16:27:27 +00:00
libiec61850: patch CVE-2024-45969
Details https://nvd.nist.gov/vuln/detail/CVE-2024-45969 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
This commit is contained in:
@@ -0,0 +1,32 @@
|
|||||||
|
From 9dfac54daace18d3d3b0ef09d8beecc562e29c1d Mon Sep 17 00:00:00 2001
|
||||||
|
From: Michael Zillgith <michael.zillgith@mz-automation.de>
|
||||||
|
Date: Wed, 27 Mar 2024 12:26:58 +0000
|
||||||
|
Subject: [PATCH] - ACSE: added check for minimum message size (LIB61850-438)
|
||||||
|
|
||||||
|
CVE: CVE-2024-45969
|
||||||
|
Upstream-Status: Backport [https://github.com/mz-automation/libiec61850/commit/7afa40390b26ad1f4cf93deaa0052fe7e357ef33]
|
||||||
|
(cherry picked from commit 7afa40390b26ad1f4cf93deaa0052fe7e357ef33)
|
||||||
|
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
|
||||||
|
---
|
||||||
|
src/mms/iso_acse/acse.c | 8 ++++++++
|
||||||
|
1 file changed, 8 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/mms/iso_acse/acse.c b/src/mms/iso_acse/acse.c
|
||||||
|
index f46b024d..40ecafe0 100644
|
||||||
|
--- a/src/mms/iso_acse/acse.c
|
||||||
|
+++ b/src/mms/iso_acse/acse.c
|
||||||
|
@@ -420,6 +420,14 @@ AcseConnection_parseMessage(AcseConnection* self, ByteBuffer* message)
|
||||||
|
{
|
||||||
|
AcseIndication indication = ACSE_ERROR;
|
||||||
|
|
||||||
|
+ if (message == NULL || message->size < 1)
|
||||||
|
+ {
|
||||||
|
+ if (DEBUG_ACSE)
|
||||||
|
+ printf("ACSE: invalid message - no payload\n");
|
||||||
|
+
|
||||||
|
+ return ACSE_ERROR;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
uint8_t* buffer = message->buffer;
|
||||||
|
|
||||||
|
int messageSize = message->size;
|
||||||
@@ -21,6 +21,7 @@ SRC_URI = "git://github.com/mz-automation/${BPN}.git;branch=v1.5;protocol=https
|
|||||||
file://CVE-2024-26529.patch \
|
file://CVE-2024-26529.patch \
|
||||||
file://CVE-2024-45970.patch \
|
file://CVE-2024-45970.patch \
|
||||||
file://CVE-2024-45971.patch \
|
file://CVE-2024-45971.patch \
|
||||||
|
file://CVE-2024-45969.patch \
|
||||||
"
|
"
|
||||||
|
|
||||||
S = "${WORKDIR}/git"
|
S = "${WORKDIR}/git"
|
||||||
|
|||||||
Reference in New Issue
Block a user