mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 05:49:57 +00:00
Code Issues Projects Releases Wiki Activity

znc: patch CVE-2024-39844

Browse Source 
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-39844

Backport commit[1] from https://github.com/znc/znc/releases/tag/znc-1.9.1
[1] https://github.com/znc/znc/commit/8cbf8d628174ddf23da680f3f117dc54da0eb06e

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
This commit is contained in:
Ankur Tyagi
2026-01-09 22:28:39 +13:00
committed by Anuj Mittal
parent bfd8dda3ba
commit e90c455347
2 changed files with 63 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-networking/recipes-irc/znc/znc/CVE-2024-39844.patch
+62
View File
@@ -0,0 +1,62 @@
From d3867e667ec813a448a0845087a8d87bad58402d Mon Sep 17 00:00:00 2001
From: Alexey Sokolov <alexey+znc@asokolov.org>
Date: Mon, 1 Jul 2024 09:59:16 +0100
Subject: [PATCH] Fix RCE vulnerability in modtcl
Remote attacker could execute arbitrary code embedded into the kick
reason while kicking someone on a channel.
To mitigate this for existing installations, simply unload the modtcl
module for every user, if it's loaded.
Note that only users with admin rights can load modtcl at all.
While at it, also escape the channel name.
Discovered by Johannes Kuhn (DasBrain)
Patch by https://github.com/glguy
CVE-2024-39844
CVE: CVE-2024-39844
Upstream-Status: Backport [https://github.com/znc/znc/commit/8cbf8d628174ddf23da680f3f117dc54da0eb06e]
(cherry picked from commit 8cbf8d628174ddf23da680f3f117dc54da0eb06e)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
modules/modtcl.cpp | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/modules/modtcl.cpp b/modules/modtcl.cpp
index c64bc43f..58e68f51 100644
--- a/modules/modtcl.cpp
+++ b/modules/modtcl.cpp
@@ -248,8 +248,9 @@ class CModTcl : public CModule {
// chan specific
unsigned int nLength = vChans.size();
for (unsigned int n = 0; n < nLength; n++) {
+ CString sChannel = TclEscape(CString(vChans[n]->GetName()));
sCommand = "Binds::ProcessNick {" + sOldNick + "} {" + sHost +
- "} - {" + vChans[n]->GetName() + "} {" + sNewNickTmp +
+ "} - {" + sChannel + "} {" + sNewNickTmp +
"}";
int i = Tcl_Eval(interp, sCommand.c_str());
if (i != TCL_OK) {
@@ -260,14 +261,16 @@ class CModTcl : public CModule {
void OnKick(const CNick& OpNick, const CString& sKickedNick, CChan& Channel,
const CString& sMessage) override {
+ CString sMes = TclEscape(sMessage);
CString sOpNick = TclEscape(CString(OpNick.GetNick()));
CString sNick = TclEscape(sKickedNick);
CString sOpHost =
TclEscape(CString(OpNick.GetIdent() + "@" + OpNick.GetHost()));
+ CString sChannel = TclEscape(Channel.GetName());
CString sCommand = "Binds::ProcessKick {" + sOpNick + "} {" + sOpHost +
- "} - {" + Channel.GetName() + "} {" + sNick + "} {" +
- sMessage + "}";
+ "} - {" + sChannel + "} {" + sNick + "} {" +
+ sMes + "}";
int i = Tcl_Eval(interp, sCommand.c_str());
if (i != TCL_OK) {
PutModule(Tcl_GetStringResult(interp));
meta-networking/recipes-irc/znc/znc_1.8.2.bb
+1
View File
@@ -7,6 +7,7 @@ DEPENDS = "openssl zlib icu"
SRC_URI = "git://github.com/znc/znc.git;name=znc;branch=master;protocol=https \ SRC_URI = "git://github.com/znc/znc.git;name=znc;branch=master;protocol=https \
git://github.com/jimloco/Csocket.git;destsuffix=git/third_party/Csocket;name=Csocket;branch=master;protocol=https \ git://github.com/jimloco/Csocket.git;destsuffix=git/third_party/Csocket;name=Csocket;branch=master;protocol=https \
file://CVE-2024-39844.patch \
" "
SRCREV_znc = "bf253640d33d03331310778e001fb6f5aba2989e" SRCREV_znc = "bf253640d33d03331310778e001fb6f5aba2989e"
SRCREV_Csocket = "e8d9e0bb248c521c2c7fa01e1c6a116d929c41b4" SRCREV_Csocket = "e8d9e0bb248c521c2c7fa01e1c6a116d929c41b4"