wolfssl: patch CVE-2026-5778

Backport commit from the PR[1] mentioned in the nvd[2] [1]https://github.com/wolfSSL/wolfssl/pull/10125 [2]https://nvd.nist.gov/vuln/detail/CVE-2026-5778 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-06-13 17:39:57 +00:00 · 2026-04-30 23:46:47 +12:00
parent 0722748606
commit f52f32952c
2 changed files with 39 additions and 0 deletions
@@ -0,0 +1,38 @@
+From 0eee2c2d172a28dc9159211d0d22323c980a48f4 Mon Sep 17 00:00:00 2001
+From: Kareem <kareem@wolfssl.com>
+Date: Thu, 2 Apr 2026 16:41:55 -0700
+Subject: [PATCH] Add sz check to ChachaAEADDecrypt to prevent potential
+ underflow.
+
+Thanks to Zou Dikai for the report.
+
+(cherry picked from commit 5b6b138964058ab8d30474bc9fdfb5ffcb3a4726)
+
+CVE: CVE-2026-5778
+Upstream-Status: Backport [https://github.com/wolfSSL/wolfssl/commit/5b6b138964058ab8d30474bc9fdfb5ffcb3a4726]
+Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
+---
+ src/internal.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/src/internal.c b/src/internal.c
+index 6af03cbf0..40d1dd7cc 100644
+--- a/src/internal.c
+++ b/src/internal.c
+@@ -19310,10 +19310,15 @@ int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input,
+     byte tag[POLY1305_AUTH_SZ];
+     byte poly[CHACHA20_256_KEY_SIZE]; /* generated key for mac */
+     int ret    = 0;
+-    int msgLen = (sz - ssl->specs.aead_mac_size);
+    int msgLen = 0;
+     Keys* keys = &ssl->keys;
+     byte* seq = NULL;
+ 
+    if (sz < ssl->specs.aead_mac_size) {
+        return BAD_FUNC_ARG;
+    }
+    msgLen = (sz - ssl->specs.aead_mac_size);
+
+     #ifdef CHACHA_AEAD_TEST
+        int i;
+        printf("input before decrypt :\n");
@@ -46,6 +46,7 @@ SRC_URI = " \
    file://CVE-2026-5447.patch \
    file://CVE-2026-5772-1.patch \
    file://CVE-2026-5772-2.patch \
+    file://CVE-2026-5778.patch \
 "

 SRCREV = "b077c81eb635392e694ccedbab8b644297ec0285"