diff --git a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-4159.patch b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-4159.patch new file mode 100644 index 0000000000..982cbd09af --- /dev/null +++ b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-4159.patch @@ -0,0 +1,32 @@ +From 4de19e3894e81eeaf3079b1270813d0a2b7fe69c Mon Sep 17 00:00:00 2001 +From: Josh Holtrop +Date: Tue, 10 Mar 2026 17:26:28 -0400 +Subject: [PATCH] Avoid one-byte read outside of allocated encrypted content + buffer in wc_PKCS7_DecodeEnvelopedData() + +(cherry picked from commit d37b51c3cef6897e117364ab8b1a257e52a634c0) + +CVE: CVE-2026-4159 +Upstream-Status: Backport [https://github.com/wolfSSL/wolfssl/commit/d37b51c3cef6897e117364ab8b1a257e52a634c0] +Signed-off-by: Ankur Tyagi +--- + wolfcrypt/src/pkcs7.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c +index 4ba96c90d..e65ddd493 100644 +--- a/wolfcrypt/src/pkcs7.c ++++ b/wolfcrypt/src/pkcs7.c +@@ -12853,6 +12853,12 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* in, + /* use cached content */ + encryptedContent = pkcs7->cachedEncryptedContent; + encryptedContentSz = (int)pkcs7->cachedEncryptedContentSz; ++ ++ if (encryptedContentSz <= 0) { ++ ret = BUFFER_E; ++ break; ++ } ++ + padLen = encryptedContent[encryptedContentSz-1]; + + /* copy plaintext to output */ diff --git a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb index 1f5b051d16..992591fb90 100644 --- a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb +++ b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb @@ -35,6 +35,7 @@ SRC_URI = " \ file://CVE-2026-3229-3.patch \ file://CVE-2026-3230.patch \ file://CVE-2026-3547.patch \ + file://CVE-2026-4159.patch \ " SRCREV = "b077c81eb635392e694ccedbab8b644297ec0285"