mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 05:49:57 +00:00
Code Issues Projects Releases Wiki Activity

libyang: backport a fix for CVE-2023-26916

Browse Source 
This patch fixes a bug in libyang which could cause a null
pointer dereference from a call to strcmp.

Since this recipe includes ptests, the tests were run twice
(once before the patch and once after) with the same results:
all tests passing except utest_types, which is skipped.

Signed-off-by: Natasha Bailey <nat.bailey@windriver.com>
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit is contained in:
Natasha Bailey
2023-06-01 10:52:08 -07:00
committed by Armin Kuster
parent 84782522d1
commit c6ae6d504d
2 changed files with 58 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-extended/libyang/libyang/CVE-2023-26916.patch
+57
View File
@@ -0,0 +1,57 @@
From dc668d296f9f05aeab6315d44cff3208641e3096 Mon Sep 17 00:00:00 2001
From: Michal Vasko <mvasko@cesnet.cz>
Date: Mon, 13 Feb 2023 10:23:13 +0100
Subject: [PATCH] schema compile UPDATE do not implement 2 same modules
CVE: CVE-2023-26916
Upstream-Status: Backport [https://github.com/CESNET/libyang/commit/dc668d296f9f05aeab6315d44cff3208641e3096]
Refs #1979
---
src/schema_compile.c | 20 +++++++-------------
1 file changed, 7 insertions(+), 13 deletions(-)
diff --git a/src/schema_compile.c b/src/schema_compile.c
index ed768ba0..68c0d681 100644
--- a/src/schema_compile.c
+++ b/src/schema_compile.c
@@ -1748,7 +1748,7 @@ lys_has_compiled_import_r(struct lys_module *mod)
LY_ERR
lys_implement(struct lys_module *mod, const char **features, struct lys_glob_unres *unres)
{
- LY_ERR ret;
+ LY_ERR r;
struct lys_module *m;
assert(!mod->implemented);
@@ -1757,21 +1757,15 @@ lys_implement(struct lys_module *mod, const char **features, struct lys_glob_unr
m = ly_ctx_get_module_implemented(mod->ctx, mod->name);
if (m) {
assert(m != mod);
- if (!strcmp(mod->name, "yang") && (strcmp(m->revision, mod->revision) > 0)) {
- /* special case for newer internal module, continue */
- LOGVRB("Internal module \"%s@%s\" is already implemented in revision \"%s\", using it instead.",
- mod->name, mod->revision ? mod->revision : "<none>", m->revision ? m->revision : "<none>");
- } else {
- LOGERR(mod->ctx, LY_EDENIED, "Module \"%s@%s\" is already implemented in revision \"%s\".",
- mod->name, mod->revision ? mod->revision : "<none>", m->revision ? m->revision : "<none>");
- return LY_EDENIED;
- }
+ LOGERR(mod->ctx, LY_EDENIED, "Module \"%s@%s\" is already implemented in revision \"%s\".",
+ mod->name, mod->revision ? mod->revision : "<none>", m->revision ? m->revision : "<none>");
+ return LY_EDENIED;
}
/* set features */
- ret = lys_set_features(mod->parsed, features);
- if (ret && (ret != LY_EEXIST)) {
- return ret;
+ r = lys_set_features(mod->parsed, features);
+ if (r && (r != LY_EEXIST)) {
+ return r;
}
/*
--
2.34.1
meta-oe/recipes-extended/libyang/libyang_2.0.164.bb
+1
View File
@@ -11,6 +11,7 @@ SRCREV = "a0cc89516ab5eca84d01c85309f320a94752a64c"
SRC_URI = "git://github.com/CESNET/libyang.git;branch=master;protocol=https \
file://libyang-add-stdint-h.patch \
file://run-ptest \
file://CVE-2023-26916.patch \
"
S = "${WORKDIR}/git"