mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-16 04:17:25 +00:00
libupnp: Fix CVE-2020-13848
Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-13848 Upstream-Status: Accepted [https://github.com/pupnp/pupnp/commit/c805c1de1141cb22f74c0d94dd5664bda37398e0] CVE: CVE-2020-13848 Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit is contained in:
committed by
Armin Kuster
parent
d126440422
commit
c1a5068322
@@ -0,0 +1,75 @@
|
|||||||
|
From c805c1de1141cb22f74c0d94dd5664bda37398e0 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Marcelo Roberto Jimenez <marcelo.jimenez@gmail.com>
|
||||||
|
Date: Thu, 4 Jun 2020 12:03:03 -0300
|
||||||
|
Subject: [PATCH] Fixes #177: NULL pointer dereference in
|
||||||
|
FindServiceControlURLPath
|
||||||
|
|
||||||
|
Also fixes its dual bug in FindServiceEventURLPath.
|
||||||
|
|
||||||
|
Reference:
|
||||||
|
https://nvd.nist.gov/vuln/detail/CVE-2020-13848
|
||||||
|
|
||||||
|
Upstream-Status: Accepted [https://github.com/pupnp/pupnp/commit/c805c1de1141cb22f74c0d94dd5664bda37398e0]
|
||||||
|
CVE: CVE-2020-13848
|
||||||
|
Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
|
||||||
|
|
||||||
|
---
|
||||||
|
ChangeLog | 6 ++++++
|
||||||
|
upnp/src/genlib/service_table/service_table.c | 16 ++++++++++------
|
||||||
|
2 files changed, 16 insertions(+), 6 deletions(-)
|
||||||
|
diff --git a/ChangeLog b/ChangeLog
|
||||||
|
index 4a956fc..265d268 100644
|
||||||
|
--- a/ChangeLog
|
||||||
|
+++ b/ChangeLog
|
||||||
|
@@ -2,6 +2,12 @@
|
||||||
|
Version 1.8.4
|
||||||
|
*******************************************************************************
|
||||||
|
|
||||||
|
+2020-06-04 Patrik Lantz pjlantz(at)github
|
||||||
|
+
|
||||||
|
+ Fixes #177
|
||||||
|
+
|
||||||
|
+ NULL pointer dereference in FindServiceControlURLPath
|
||||||
|
+
|
||||||
|
2017-11-17 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
|
||||||
|
|
||||||
|
GitHub #57 - 1.8.3 broke ABI without changing SONAME
|
||||||
|
diff --git a/upnp/src/genlib/service_table/service_table.c b/upnp/src/genlib/service_table/service_table.c
|
||||||
|
index 98c2c0f..f3ee4e5 100644
|
||||||
|
--- a/upnp/src/genlib/service_table/service_table.c
|
||||||
|
+++ b/upnp/src/genlib/service_table/service_table.c
|
||||||
|
@@ -300,12 +300,11 @@ FindServiceEventURLPath( service_table * table,
|
||||||
|
uri_type parsed_url;
|
||||||
|
uri_type parsed_url_in;
|
||||||
|
|
||||||
|
- if( ( table )
|
||||||
|
- &&
|
||||||
|
- ( parse_uri( eventURLPath,
|
||||||
|
- strlen( eventURLPath ),
|
||||||
|
- &parsed_url_in ) == HTTP_SUCCESS ) ) {
|
||||||
|
-
|
||||||
|
+ if (!table || !eventURLPath) {
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
+ if (parse_uri(eventURLPath, strlen(eventURLPath), &parsed_url_in) ==
|
||||||
|
+ HTTP_SUCCESS) {
|
||||||
|
finger = table->serviceList;
|
||||||
|
while( finger ) {
|
||||||
|
if( finger->eventURL )
|
||||||
|
@@ -352,11 +351,11 @@ FindServiceControlURLPath( service_table * table,
|
||||||
|
uri_type parsed_url;
|
||||||
|
uri_type parsed_url_in;
|
||||||
|
|
||||||
|
- if( ( table )
|
||||||
|
- &&
|
||||||
|
- ( parse_uri
|
||||||
|
- ( controlURLPath, strlen( controlURLPath ),
|
||||||
|
- &parsed_url_in ) == HTTP_SUCCESS ) ) {
|
||||||
|
+ if (!table || !controlURLPath) {
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
+ if (parse_uri(controlURLPath, strlen(controlURLPath), &parsed_url_in) ==
|
||||||
|
+ HTTP_SUCCESS) {
|
||||||
|
finger = table->serviceList;
|
||||||
|
while( finger ) {
|
||||||
|
if( finger->controlURL )
|
||||||
@@ -12,7 +12,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=394a0f17b97f33426275571e15920434"
|
|||||||
PV = "1.8.4+git${SRCPV}"
|
PV = "1.8.4+git${SRCPV}"
|
||||||
# release-1.8.4
|
# release-1.8.4
|
||||||
SRCREV = "d5a01fc9895daae98a0c5a8c7d3afce46add529d"
|
SRCREV = "d5a01fc9895daae98a0c5a8c7d3afce46add529d"
|
||||||
SRC_URI = "git://github.com/mrjimenez/pupnp.git;protocol=https"
|
SRC_URI = "git://github.com/mrjimenez/pupnp.git;protocol=https \
|
||||||
|
file://CVE-2020-13848.patch"
|
||||||
|
|
||||||
S="${WORKDIR}/git"
|
S="${WORKDIR}/git"
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user