mirror of
https://git.yoctoproject.org/poky
synced 2026-07-15 15:37:03 +00:00
libsoup: fix for CVE-2026-2369
Pick patch from [1] also mentioned at Debian report in [2] [1] https://gitlab.gnome.org/GNOME/libsoup/-/commit/af4bde990270b825b7d110a495cc65de9e2ec32f [2] https://security-tracker.debian.org/tracker/CVE-2026-2369 Note: Issue introduced by the fix for CVE-2025-32052. (From OE-Core rev: 6ca4635dfe2c7fb277af3409931c66f7863af890) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Paul Barker <paul@pbarker.dev>
This commit is contained in:
committed by
Paul Barker
parent
8820ef32b5
commit
61f170a32d
@@ -0,0 +1,32 @@
|
||||
From af4bde990270b825b7d110a495cc65de9e2ec32f Mon Sep 17 00:00:00 2001
|
||||
From: Samuel Dainard <>
|
||||
Date: Wed, 11 Feb 2026 10:19:04 -0600
|
||||
Subject: [PATCH] sniffer: Handle potential underflow
|
||||
|
||||
Closes #498
|
||||
|
||||
CVE: CVE-2026-2369
|
||||
Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/af4bde990270b825b7d110a495cc65de9e2ec32f]
|
||||
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
|
||||
---
|
||||
libsoup/content-sniffer/soup-content-sniffer.c | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/libsoup/content-sniffer/soup-content-sniffer.c b/libsoup/content-sniffer/soup-content-sniffer.c
|
||||
index a5e18d5..594d0bb 100644
|
||||
--- a/libsoup/content-sniffer/soup-content-sniffer.c
|
||||
+++ b/libsoup/content-sniffer/soup-content-sniffer.c
|
||||
@@ -524,6 +524,10 @@ sniff_unknown (SoupContentSniffer *sniffer, GBytes *buffer,
|
||||
if (!sniff_scriptable && type_row->scriptable)
|
||||
continue;
|
||||
|
||||
+ /* Ensure we have data to sniff - prevents underflow in resource_length - 1 */
|
||||
+ if (resource_length == 0)
|
||||
+ continue;
|
||||
+
|
||||
if (type_row->has_ws) {
|
||||
guint index_stream = 0;
|
||||
guint index_pattern = 0;
|
||||
--
|
||||
2.50.1
|
||||
|
||||
@@ -52,6 +52,7 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
|
||||
file://CVE-2025-32049-3.patch \
|
||||
file://CVE-2025-32049-4.patch \
|
||||
file://CVE-2025-11021.patch \
|
||||
file://CVE-2026-2369.patch \
|
||||
"
|
||||
SRC_URI[sha256sum] = "291c67725f36ed90ea43efff25064b69c5a2d1981488477c05c481a3b4b0c5aa"
|
||||
|
||||
|
||||
Reference in New Issue
Block a user