diff options
| author |   Yogita Urade <yogita.urade@windriver.com> | 2024-03-12 11:44:23 +0000 |
|---|---|---|
| committer |   Armin Kuster <akuster808@gmail.com> | 2024-03-25 07:11:05 -0400 |
| commit | 1a3b9da20a4744afaae4a74d0f16c47d888fa235 (patch) | |
| tree | 3a7ee07438b57a5b0943b45ee376f124d0ec9fc4 | |
| parent | da98a75f37830e69ded0207cc6c73182ab00ec50 (diff) | |
| download | meta-openembedded-contrib-1a3b9da20a4744afaae4a74d0f16c47d888fa235.tar.gz | |
c-ares: fix CVE-2024-25629
c-ares is a C library for asynchronous DNS requests.
`ares__read_line()` is used to parse local configuration
files such as `/etc/resolv.conf`, `/etc/nsswitch.conf`,
the `HOSTALIASES` file, and if using a c-ares version
prior to 1.27.0, the `/etc/hosts` file. If any of these
configuration files has an embedded `NULL` character as
the first character in a new line, it can lead to
attempting to read memory prior to the start of the given
buffer which may result in a crash. This issue is fixed
in c-ares 1.27.0. No known workarounds exist.
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-25629
https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q
https://security-tracker.debian.org/tracker/CVE-2024-25629
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
| -rw-r--r-- | meta-oe/recipes-support/c-ares/c-ares/CVE-2024-25629.patch | 34 | ||||
| -rw-r--r-- | meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb | 1 |
2 files changed, 35 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/c-ares/c-ares/CVE-2024-25629.patch b/meta-oe/recipes-support/c-ares/c-ares/CVE-2024-25629.patch new file mode 100644 index 0000000000..4c97eda3c7 --- /dev/null +++ b/meta-oe/recipes-support/c-ares/c-ares/CVE-2024-25629.patch @@ -0,0 +1,34 @@ +From: a804c04ddc8245fc8adf0e92368709639125e183 Mon Sep 17 00:00:00 2001 +From: Brad House <brad@brad-house.com> +Date: Mon, 11 Mar 2024 14:29:39 +0000 +Subject: [PATCH] Merge pull request from GHSA-mg26-v6qh-x48q + +CVE: CVE-2024-25629 +Upstream-Status: Backport [https://github.com/c-ares/c-ares/commit/a804c04ddc8245fc8adf0e92368709639125e183] + +Signed-off-by: Yogita Urade <yogita.urade@windriver.com> +--- + src/lib/ares__read_line.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/src/lib/ares__read_line.c b/src/lib/ares__read_line.c +index c62ad2a..d6625a3 100644 +--- a/src/lib/ares__read_line.c ++++ b/src/lib/ares__read_line.c +@@ -49,6 +49,14 @@ int ares__read_line(FILE *fp, char **buf, size_t *bufsize) + if (!fgets(*buf + offset, bytestoread, fp)) + return (offset != 0) ? 0 : (ferror(fp)) ? ARES_EFILE : ARES_EOF; + len = offset + strlen(*buf + offset); ++ ++ /* Probably means there was an embedded NULL as the first character in ++ * the line, throw away line */ ++ if (len == 0) { ++ offset = 0; ++ continue; ++ } ++ + if ((*buf)[len - 1] == '\n') + { + (*buf)[len - 1] = 0; +-- +2.40.0 diff --git a/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb b/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb index b6cdd801e5..838046146f 100644 --- a/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb +++ b/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb @@ -10,6 +10,7 @@ SRC_URI = "git://github.com/c-ares/c-ares.git;branch=main;protocol=https \ file://CVE-2023-31130.patch \ file://CVE-2023-32067.patch \ file://CVE-2023-31147.patch \ + file://CVE-2024-25629.patch \ " SRCREV = "2aa086f822aad5017a6f2061ef656f237a62d0ed" |