From: Ankur Tyagi <[email protected]> Details https://nvd.nist.gov/vuln/detail/CVE-2024-43167
Signed-off-by: Ankur Tyagi <[email protected]> --- .../unbound/unbound/CVE-2024-43167.patch | 46 +++++++++++++++++++ .../recipes-support/unbound/unbound_1.19.3.bb | 1 + 2 files changed, 47 insertions(+) create mode 100644 meta-networking/recipes-support/unbound/unbound/CVE-2024-43167.patch diff --git a/meta-networking/recipes-support/unbound/unbound/CVE-2024-43167.patch b/meta-networking/recipes-support/unbound/unbound/CVE-2024-43167.patch new file mode 100644 index 0000000000..23efc49338 --- /dev/null +++ b/meta-networking/recipes-support/unbound/unbound/CVE-2024-43167.patch @@ -0,0 +1,46 @@ +From 81b41525fd07660f60ccca0378d1e1650d0b45b7 Mon Sep 17 00:00:00 2001 +From: zhailiangliang <[email protected]> +Date: Tue, 21 May 2024 08:40:16 +0000 +Subject: [PATCH] fix null pointer dereference issue in function ub_ctx_set_fwd + of file libunbound/libunbound.c + +CVE: CVE-2024-43167 +Upstream-Status: Backport [https://github.com/NLnetLabs/unbound/commit/8e43e2574c4e02f79c562a061581cdcefe136912] +(cherry picked from commit 8e43e2574c4e02f79c562a061581cdcefe136912) +Signed-off-by: Ankur Tyagi <[email protected]> +--- + libunbound/libunbound.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/libunbound/libunbound.c b/libunbound/libunbound.c +index 80a82bb4..c52114d9 100644 +--- a/libunbound/libunbound.c ++++ b/libunbound/libunbound.c +@@ -976,7 +976,8 @@ ub_ctx_set_fwd(struct ub_ctx* ctx, const char* addr) + if(!addr) { + /* disable fwd mode - the root stub should be first. */ + if(ctx->env->cfg->forwards && +- strcmp(ctx->env->cfg->forwards->name, ".") == 0) { ++ (ctx->env->cfg->forwards->name && ++ strcmp(ctx->env->cfg->forwards->name, ".") == 0)) { + s = ctx->env->cfg->forwards; + ctx->env->cfg->forwards = s->next; + s->next = NULL; +@@ -996,7 +997,8 @@ ub_ctx_set_fwd(struct ub_ctx* ctx, const char* addr) + /* it parses, add root stub in front of list */ + lock_basic_lock(&ctx->cfglock); + if(!ctx->env->cfg->forwards || +- strcmp(ctx->env->cfg->forwards->name, ".") != 0) { ++ (ctx->env->cfg->forwards->name && ++ strcmp(ctx->env->cfg->forwards->name, ".") != 0)) { + s = calloc(1, sizeof(*s)); + if(!s) { + lock_basic_unlock(&ctx->cfglock); +@@ -1014,6 +1016,7 @@ ub_ctx_set_fwd(struct ub_ctx* ctx, const char* addr) + ctx->env->cfg->forwards = s; + } else { + log_assert(ctx->env->cfg->forwards); ++ log_assert(ctx->env->cfg->forwards->name); + s = ctx->env->cfg->forwards; + } + dupl = strdup(addr); diff --git a/meta-networking/recipes-support/unbound/unbound_1.19.3.bb b/meta-networking/recipes-support/unbound/unbound_1.19.3.bb index 0542ae454b..9a537c2dc2 100644 --- a/meta-networking/recipes-support/unbound/unbound_1.19.3.bb +++ b/meta-networking/recipes-support/unbound/unbound_1.19.3.bb @@ -13,6 +13,7 @@ SRC_URI = "git://github.com/NLnetLabs/unbound.git;protocol=https;nobranch=1 \ file://CVE-2024-8508.patch \ file://CVE-2024-33655.patch \ file://CVE-2025-11411.patch \ + file://CVE-2024-43167.patch \ " SRCREV = "48b6c60a24e9a5d6d369a7a37c9fe2a767f26abd"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#122682): https://lists.openembedded.org/g/openembedded-devel/message/122682 Mute This Topic: https://lists.openembedded.org/mt/116806380/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
