mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-06-13 17:39:57 +00:00
squid: patch CVE-2025-59362
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-59362 Pick the PR content that's referenced in the nvd report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
Gyorgy Sarvari
@@ -0,0 +1,51 @@
|
|||||||
|
From 4b9784928c87225605fd223b6fa0e5b42d039359 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Alex Rousskov <rousskov@measurement-factory.com>
|
||||||
|
Date: Sat, 30 Aug 2025 06:49:36 +0000
|
||||||
|
Subject: [PATCH] Fix ASN.1 encoding of long SNMP OIDs (#2149)
|
||||||
|
|
||||||
|
CVE: CVE-2025-59362
|
||||||
|
Upstream-Status: Backport [https://github.com/squid-cache/squid/commit/0d89165ee6da10e6fa50c44998b3cd16d59400e9]
|
||||||
|
---
|
||||||
|
lib/snmplib/asn1.c | 13 +++++++++++++
|
||||||
|
1 file changed, 13 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/lib/snmplib/asn1.c b/lib/snmplib/asn1.c
|
||||||
|
index 8a4e471..0bb1f0b 100644
|
||||||
|
--- a/lib/snmplib/asn1.c
|
||||||
|
+++ b/lib/snmplib/asn1.c
|
||||||
|
@@ -771,6 +771,7 @@ asn_build_objid(u_char * data, int *datalength,
|
||||||
|
* lastbyte ::= 0 7bitvalue
|
||||||
|
*/
|
||||||
|
u_char buf[MAX_OID_LEN];
|
||||||
|
+ u_char *bufEnd = buf + sizeof(buf);
|
||||||
|
u_char *bp = buf;
|
||||||
|
oid *op = objid;
|
||||||
|
int asnlength;
|
||||||
|
@@ -789,6 +790,10 @@ asn_build_objid(u_char * data, int *datalength,
|
||||||
|
while (objidlength-- > 0) {
|
||||||
|
subid = *op++;
|
||||||
|
if (subid < 127) { /* off by one? */
|
||||||
|
+ if (bp >= bufEnd) {
|
||||||
|
+ snmp_set_api_error(SNMPERR_ASN_ENCODE);
|
||||||
|
+ return (NULL);
|
||||||
|
+ }
|
||||||
|
*bp++ = subid;
|
||||||
|
} else {
|
||||||
|
mask = 0x7F; /* handle subid == 0 case */
|
||||||
|
@@ -806,8 +811,16 @@ asn_build_objid(u_char * data, int *datalength,
|
||||||
|
/* fix a mask that got truncated above */
|
||||||
|
if (mask == 0x1E00000)
|
||||||
|
mask = 0xFE00000;
|
||||||
|
+ if (bp >= bufEnd) {
|
||||||
|
+ snmp_set_api_error(SNMPERR_ASN_ENCODE);
|
||||||
|
+ return (NULL);
|
||||||
|
+ }
|
||||||
|
*bp++ = (u_char) (((subid & mask) >> bits) | ASN_BIT8);
|
||||||
|
}
|
||||||
|
+ if (bp >= bufEnd) {
|
||||||
|
+ snmp_set_api_error(SNMPERR_ASN_ENCODE);
|
||||||
|
+ return (NULL);
|
||||||
|
+ }
|
||||||
|
*bp++ = (u_char) (subid & mask);
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -37,6 +37,7 @@ SRC_URI = "http://www.squid-cache.org/Versions/v${MAJ_VER}/${BPN}-${PV}.tar.bz2
|
|||||||
file://CVE-2022-41317.patch \
|
file://CVE-2022-41317.patch \
|
||||||
file://CVE-2022-41318.patch \
|
file://CVE-2022-41318.patch \
|
||||||
file://CVE-2023-46724.patch \
|
file://CVE-2023-46724.patch \
|
||||||
|
file://CVE-2025-59362.patch \
|
||||||
"
|
"
|
||||||
|
|
||||||
SRC_URI:remove:toolchain-clang = "file://0001-configure-Check-for-Wno-error-format-truncation-comp.patch"
|
SRC_URI:remove:toolchain-clang = "file://0001-configure-Check-for-Wno-error-format-truncation-comp.patch"
|
||||||
|
|||||||
Reference in New Issue
Block a user