mirrors/meta-security
1
0
Fork 0
mirror of https://git.yoctoproject.org/meta-security synced 2026-01-11 15:00:34 +00:00
Code Issues Projects Releases Wiki Activity
Files
282d281042995e7927812031298ca17f8a0445cd
meta-security/recipes-ids/suricata/files/CVE-2024-32664.patch
Hitendra Prajapati e3fddbbdbf suricata: Fix multiple CVEs 
Backport fixes for:

* CVE-2024-32663 - Upstream-Status: Backport from e68ec4b227 && c0af92295e
* CVE-2024-32664 - Upstream-Status: Backport from d5ffecf11a
* CVE-2024-32867 - Upstream-Status: Backport from 2f39ba75f1 && 7137d5e7ab && 1e110d0a71 && e6267758ed

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
2025-11-22 22:56:53 +02:00

54 lines
2.2 KiB
Diff
Raw Blame History

From d5ffecf11ad2c6fe89265e518f5d7443caf26ba4 Mon Sep 17 00:00:00 2001
From: Philippe Antoine <pantoine@oisf.net>
Date: Thu, 28 Mar 2024 14:00:02 +0100
Subject: [PATCH] util/base64: fix buffer overflow
Ticket: 6902
In case the caller of DecodeBase64 does not supply a big enough
output buffer.
(cherry picked from commit fd47e67dc65f9111895c88fb406c938b1f857325)
CVE: CVE-2024-32664
Upstream-Status: Backport [https://github.com/OISF/suricata/commit/d5ffecf11ad2c6fe89265e518f5d7443caf26ba4]
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
src/util-base64.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/util-base64.c b/src/util-base64.c
index 4a4a5d1..d973f0e 100644
--- a/src/util-base64.c
+++ b/src/util-base64.c
@@ -156,6 +156,8 @@ Base64Ecode DecodeBase64(uint8_t *dest, uint32_t dest_size, const uint8_t *src,
ecode = BASE64_ECODE_BUF;
break;
}
+ if (dest_size - *decoded_bytes < ASCII_BLOCK)
+ return BASE64_ECODE_BUF;
/* Decode base-64 block into ascii block and move pointer */
DecodeBase64Block(dptr, b64);
@@ -183,7 +185,7 @@ Base64Ecode DecodeBase64(uint8_t *dest, uint32_t dest_size, const uint8_t *src,
/* if the destination size is not at least 3 Bytes long, it'll give a dynamic
* buffer overflow while decoding, so, return and let the caller take care of the
* remaining bytes to be decoded which should always be < 4 at this stage */
- if (dest_size - *decoded_bytes < 3)
+ if (dest_size - *decoded_bytes < ASCII_BLOCK)
return BASE64_ECODE_BUF;
*decoded_bytes += numDecoded_blk;
DecodeBase64Block(dptr, b64);
@@ -193,6 +195,8 @@ Base64Ecode DecodeBase64(uint8_t *dest, uint32_t dest_size, const uint8_t *src,
/* Finish remaining b64 bytes by padding */
if (valid && bbidx > 0 && (mode != BASE64_MODE_RFC2045)) {
/* Decode remaining */
+ if (dest_size - *decoded_bytes < ASCII_BLOCK)
+ return BASE64_ECODE_BUF;
*decoded_bytes += ASCII_BLOCK - (B64_BLOCK - bbidx);
DecodeBase64Block(dptr, b64);
}
--
2.50.1
Reference in New Issue View Git Blame Copy Permalink