diff options
Diffstat (limited to 'meta/recipes-connectivity/libuv/libuv/CVE-2024-24806-2.patch')
-rw-r--r-- | meta/recipes-connectivity/libuv/libuv/CVE-2024-24806-2.patch | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/libuv/libuv/CVE-2024-24806-2.patch b/meta/recipes-connectivity/libuv/libuv/CVE-2024-24806-2.patch new file mode 100644 index 0000000000..b0ed5f0ea2 --- /dev/null +++ b/meta/recipes-connectivity/libuv/libuv/CVE-2024-24806-2.patch @@ -0,0 +1,44 @@ +From 96f881c8f600da33ec4ecec450ec491990ce613b Mon Sep 17 00:00:00 2001 +From: Ben Noordhuis <info@bnoordhuis.nl> +Date: Thu, 18 Jan 2024 14:52:38 +0100 +Subject: [PATCH] fix: reject zero-length idna inputs + +Upstream-Status: Backport [https://github.com/libuv/libuv/commit/3530bcc30350d4a6ccf35d2f7b33e23292b9de70] +CVE: CVE-2024-24806 + +Fixes: https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6 +Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com> +--- + src/idna.c | 3 +++ + test/test-idna.c | 1 + + 2 files changed, 4 insertions(+) + +diff --git a/src/idna.c b/src/idna.c +index ce7f2746..858b19d0 100644 +--- a/src/idna.c ++++ b/src/idna.c +@@ -274,6 +274,9 @@ long uv__idna_toascii(const char* s, const char* se, char* d, char* de) { + char* ds; + int rc; + ++ if (s == se) ++ return UV_EINVAL; ++ + ds = d; + + si = s; +diff --git a/test/test-idna.c b/test/test-idna.c +index d079be55..d59b521e 100644 +--- a/test/test-idna.c ++++ b/test/test-idna.c +@@ -114,6 +114,7 @@ TEST_IMPL(utf8_decode1_overrun) { + ASSERT_EQ(p, b + 1); + + b[0] = 0x7F; ++ ASSERT_EQ(UV_EINVAL, uv__idna_toascii(b, b + 0, c, c + 1)); + ASSERT_EQ(UV_EINVAL, uv__idna_toascii(b, b + 1, c, c + 1)); + + return 0; +-- +2.43.0 + |