diff --git a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-5778.patch b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-5778.patch new file mode 100644 index 0000000000..b640b41bd0 --- /dev/null +++ b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-5778.patch @@ -0,0 +1,38 @@ +From 0eee2c2d172a28dc9159211d0d22323c980a48f4 Mon Sep 17 00:00:00 2001 +From: Kareem +Date: Thu, 2 Apr 2026 16:41:55 -0700 +Subject: [PATCH] Add sz check to ChachaAEADDecrypt to prevent potential + underflow. + +Thanks to Zou Dikai for the report. + +(cherry picked from commit 5b6b138964058ab8d30474bc9fdfb5ffcb3a4726) + +CVE: CVE-2026-5778 +Upstream-Status: Backport [https://github.com/wolfSSL/wolfssl/commit/5b6b138964058ab8d30474bc9fdfb5ffcb3a4726] +Signed-off-by: Ankur Tyagi +--- + src/internal.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/src/internal.c b/src/internal.c +index 6af03cbf0..40d1dd7cc 100644 +--- a/src/internal.c ++++ b/src/internal.c +@@ -19310,10 +19310,15 @@ int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input, + byte tag[POLY1305_AUTH_SZ]; + byte poly[CHACHA20_256_KEY_SIZE]; /* generated key for mac */ + int ret = 0; +- int msgLen = (sz - ssl->specs.aead_mac_size); ++ int msgLen = 0; + Keys* keys = &ssl->keys; + byte* seq = NULL; + ++ if (sz < ssl->specs.aead_mac_size) { ++ return BAD_FUNC_ARG; ++ } ++ msgLen = (sz - ssl->specs.aead_mac_size); ++ + #ifdef CHACHA_AEAD_TEST + int i; + printf("input before decrypt :\n"); diff --git a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb index 54a1e401d4..7a55c6dcde 100644 --- a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb +++ b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb @@ -46,6 +46,7 @@ SRC_URI = " \ file://CVE-2026-5447.patch \ file://CVE-2026-5772-1.patch \ file://CVE-2026-5772-2.patch \ + file://CVE-2026-5778.patch \ " SRCREV = "b077c81eb635392e694ccedbab8b644297ec0285"