diff options
Diffstat (limited to 'meta-oe/recipes-connectivity/libuv/libuv/CVE-2024-24806-2.patch')
-rw-r--r-- | meta-oe/recipes-connectivity/libuv/libuv/CVE-2024-24806-2.patch | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/meta-oe/recipes-connectivity/libuv/libuv/CVE-2024-24806-2.patch b/meta-oe/recipes-connectivity/libuv/libuv/CVE-2024-24806-2.patch new file mode 100644 index 0000000000..f231cf96b9 --- /dev/null +++ b/meta-oe/recipes-connectivity/libuv/libuv/CVE-2024-24806-2.patch @@ -0,0 +1,30 @@ +From 6b8bce71f3ea435fcb286d49df1204c23ef3ea01 Mon Sep 17 00:00:00 2001 +From: Ben Noordhuis <info@bnoordhuis.nl> +Date: Thu, 18 Jan 2024 14:52:38 +0100 +Subject: [PATCH] fix: reject zero-length idna inputs + +CVE: CVE-2024-24806 +Upstream commit: 3530bcc30350d4a6ccf35d2f7b33e23292b9de70 + +Fixes: https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6 +--- + src/idna.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/idna.c b/src/idna.c +index 874f1caf..97edf06c 100644 +--- a/src/idna.c ++++ b/src/idna.c +@@ -254,6 +254,9 @@ long uv__idna_toascii(const char* s, const char* se, char* d, char* de) { + char* ds; + int rc; + ++ if (s == se) ++ return UV_EINVAL; ++ + ds = d; + + for (si = s; si < se; /* empty */) { +-- +2.43.0 + |