libuv: fix CVE-2024-24806

Upstream-Status: Backport[https://github.com/libuv/libuv/commit/0f2d7e784a256b54b2385043438848047bc2a629]
Upstream-Status: Backport[https://github.com/libuv/libuv/commit/3530bcc30350d4a6ccf35d2f7b33e23292b9de70]>

Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

3 files changed, 65 insertions, 1 deletions

diff --git a/meta-oe/recipes-connectivity/libuv/libuv/CVE-2024-24806-1.patch b/meta-oe/recipes-connectivity/libuv/libuv/CVE-2024-24806-1.patch
new file mode 100644
index 0000000000..426388c3bf
--- /dev/null
+++ b/meta-oe/recipes-connectivity/libuv/libuv/CVE-2024-24806-1.patch
@@ -0,0 +1,32 @@
+From 40dad53252e82eb4ee6e0c000e0c9ab15c7af312 Mon Sep 17 00:00:00 2001
+From: Ben Noordhuis <info@bnoordhuis.nl>
+Date: Thu, 18 Jan 2024 14:51:40 +0100
+Subject: [PATCH] fix: always zero-terminate idna output
+
+CVE: CVE-2024-24806
+Upstream commit: 0f2d7e784a256b54b2385043438848047bc2a629
+
+Fixes: https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6
+---
+ src/idna.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/src/idna.c b/src/idna.c
+index 13ffac6b..874f1caf 100644
+--- a/src/idna.c
++++ b/src/idna.c
+@@ -284,8 +284,9 @@ long uv__idna_toascii(const char* s, const char* se, char* d, char* de) {
+       return rc;
+   }
+ 
+-  if (d < de)
+-    *d++ = '\0';
++  if (d >= de)
++    return UV_EINVAL;
+ 
++  *d++ = '\0';
+   return d - ds;  /* Number of bytes written. */
+ }
+-- 
+2.43.0
+
diff --git a/meta-oe/recipes-connectivity/libuv/libuv/CVE-2024-24806-2.patch b/meta-oe/recipes-connectivity/libuv/libuv/CVE-2024-24806-2.patch
new file mode 100644
index 0000000000..f231cf96b9
--- /dev/null
+++ b/meta-oe/recipes-connectivity/libuv/libuv/CVE-2024-24806-2.patch
@@ -0,0 +1,30 @@
+From 6b8bce71f3ea435fcb286d49df1204c23ef3ea01 Mon Sep 17 00:00:00 2001
+From: Ben Noordhuis <info@bnoordhuis.nl>
+Date: Thu, 18 Jan 2024 14:52:38 +0100
+Subject: [PATCH] fix: reject zero-length idna inputs
+
+CVE: CVE-2024-24806
+Upstream commit: 3530bcc30350d4a6ccf35d2f7b33e23292b9de70
+
+Fixes: https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6
+---
+ src/idna.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/idna.c b/src/idna.c
+index 874f1caf..97edf06c 100644
+--- a/src/idna.c
++++ b/src/idna.c
+@@ -254,6 +254,9 @@ long uv__idna_toascii(const char* s, const char* se, char* d, char* de) {
+   char* ds;
+   int rc;
+ 
++  if (s == se)
++    return UV_EINVAL;
++
+   ds = d;
+ 
+   for (si = s; si < se; /* empty */) {
+-- 
+2.43.0
+
diff --git a/meta-oe/recipes-connectivity/libuv/libuv_1.36.0.bb b/meta-oe/recipes-connectivity/libuv/libuv_1.36.0.bb
index 41e95f56ae..da99b41fdd 100644
--- a/meta-oe/recipes-connectivity/libuv/libuv_1.36.0.bb
+++ b/meta-oe/recipes-connectivity/libuv/libuv_1.36.0.bb
@@ -6,7 +6,9 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=a68902a430e32200263d182d44924d47"
 
 SRCREV = "533b738838ad8407032e14b6772b29ef9af63cfa"
 SRC_URI = "git://github.com/libuv/libuv;branch=v1.x;protocol=https \
-           file://CVE-2020-8252.patch"
+           file://CVE-2020-8252.patch \
+           file://CVE-2024-24806-1.patch \
+           file://CVE-2024-24806-2.patch"
 
 S = "${WORKDIR}/git"