mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-15 16:07:26 +00:00
cyrus-sasl: CVE-2022-24407 failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands
Source: https://github.com/cyrusimap/cyrus-sasl MR: 118497 Type: Security Fix Disposition: Backport from https://github.com/cyrusimap/cyrus-sasl/commit/9eff746c9daecbcc0041b09a5a51ba30738cdcbc ChangeID: 4736aae2b7d8986787b1666cfd6eecd590915120 Description: CVE-2022-24407 cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands. Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit is contained in:
committed by
Armin Kuster
parent
bf2822d599
commit
e5b177aea4
@@ -0,0 +1,27 @@
|
|||||||
|
From 078f98ea154475d953ce5b7cd851732f4dc270a7 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Hitendra Prajapati <hprajapati@mvista.com>
|
||||||
|
Date: Tue, 5 Jul 2022 09:31:07 +0530
|
||||||
|
Subject: [PATCH] CVE-2022-24407
|
||||||
|
|
||||||
|
Upstream-Status: Backport [https://github.com/cyrusimap/cyrus-sasl/commit/9eff746c9daecbcc0041b09a5a51ba30738cdcbc]
|
||||||
|
CVE: CVE-2022-24407
|
||||||
|
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
|
||||||
|
---
|
||||||
|
plugins/sql.c | 1 +
|
||||||
|
1 file changed, 1 insertion(+)
|
||||||
|
|
||||||
|
diff --git a/plugins/sql.c b/plugins/sql.c
|
||||||
|
index 6ac81c2f..d90dbac9 100644
|
||||||
|
--- a/plugins/sql.c
|
||||||
|
+++ b/plugins/sql.c
|
||||||
|
@@ -1127,6 +1127,7 @@ static int sql_auxprop_lookup(void *glob_context,
|
||||||
|
done:
|
||||||
|
if (escap_userid) sparams->utils->free(escap_userid);
|
||||||
|
if (escap_realm) sparams->utils->free(escap_realm);
|
||||||
|
+ if (escap_passwd) sparams->utils->free(escap_passwd);
|
||||||
|
if (conn) settings->sql_engine->sql_close(conn);
|
||||||
|
if (userid) sparams->utils->free(userid);
|
||||||
|
if (realm) sparams->utils->free(realm);
|
||||||
|
--
|
||||||
|
2.25.1
|
||||||
|
|
||||||
@@ -14,6 +14,7 @@ SRC_URI = "git://github.com/cyrusimap/cyrus-sasl;protocol=https;branch=cyrus-sas
|
|||||||
file://saslauthd.service \
|
file://saslauthd.service \
|
||||||
file://saslauthd.conf \
|
file://saslauthd.conf \
|
||||||
file://CVE-2019-19906.patch \
|
file://CVE-2019-19906.patch \
|
||||||
|
file://CVE-2022-24407.patch \
|
||||||
"
|
"
|
||||||
|
|
||||||
UPSTREAM_CHECK_URI = "https://github.com/cyrusimap/cyrus-sasl/archives"
|
UPSTREAM_CHECK_URI = "https://github.com/cyrusimap/cyrus-sasl/archives"
|
||||||
|
|||||||
Reference in New Issue
Block a user