Details: https://nvd.nist.gov/vuln/detail/CVE-2024-53984
Pick the patch referenced by the nvd report. Signed-off-by: Gyorgy Sarvari <[email protected]> --- .../nanopb/nanopb/CVE-2024-53984.patch | 36 +++++++++++++++++++ .../recipes-devtools/nanopb/nanopb_0.4.5.bb | 4 ++- 2 files changed, 39 insertions(+), 1 deletion(-) create mode 100644 meta-oe/dynamic-layers/meta-python/recipes-devtools/nanopb/nanopb/CVE-2024-53984.patch diff --git a/meta-oe/dynamic-layers/meta-python/recipes-devtools/nanopb/nanopb/CVE-2024-53984.patch b/meta-oe/dynamic-layers/meta-python/recipes-devtools/nanopb/nanopb/CVE-2024-53984.patch new file mode 100644 index 0000000000..c7a0c3f007 --- /dev/null +++ b/meta-oe/dynamic-layers/meta-python/recipes-devtools/nanopb/nanopb/CVE-2024-53984.patch @@ -0,0 +1,36 @@ +From 84e8fb3da74d3b83179700284ce47c98a8804ab1 Mon Sep 17 00:00:00 2001 +From: Petteri Aimonen <[email protected]> +Date: Sun, 1 Dec 2024 11:40:38 +0200 +Subject: [PATCH] Fix memory not released on error return (GHSA-xwqq-qxmw-hj5r) + +When all of the following conditions apply: + +* Compile time option PB_ENABLE_MALLOC is enabled. +* Message contains at least one field with FT_POINTER field type. +* Custom stream callback is used with unknown stream length (stream.bytes_left = SIZE_MAX) +* pb_decode_ex() function is used with flag PB_DECODE_DELIMITED. +* The input message is corrupted (accidentally or maliciously) in the length prefix. + +Then the pb_decode_ex() function does not automatically call pb_release(), like is done for other failure cases. +This could lead to memory leak and potential denial-of-service. + +CVE: CVE-2024-53984 +Upstream-Status: Backport [https://github.com/nanopb/nanopb/commit/2b86c255aa52250438d5aba124d0e86db495b378] +Signed-off-by: Gyorgy Sarvari <[email protected]> +--- + pb_decode.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/pb_decode.c b/pb_decode.c +index b194825..2a22607 100644 +--- a/pb_decode.c ++++ b/pb_decode.c +@@ -1156,7 +1156,7 @@ bool checkreturn pb_decode_ex(pb_istream_t *stream, const pb_msgdesc_t *fields, + status = pb_decode_inner(&substream, fields, dest_struct, flags); + + if (!pb_close_string_substream(stream, &substream)) +- return false; ++ status = false; + } + + #ifdef PB_ENABLE_MALLOC diff --git a/meta-oe/dynamic-layers/meta-python/recipes-devtools/nanopb/nanopb_0.4.5.bb b/meta-oe/dynamic-layers/meta-python/recipes-devtools/nanopb/nanopb_0.4.5.bb index 4b1853cc80..6edb2f11ce 100644 --- a/meta-oe/dynamic-layers/meta-python/recipes-devtools/nanopb/nanopb_0.4.5.bb +++ b/meta-oe/dynamic-layers/meta-python/recipes-devtools/nanopb/nanopb_0.4.5.bb @@ -4,7 +4,9 @@ LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=9db4b73a55a3994384112efcdb37c01f" DEPENDS = "protobuf-native" -SRC_URI = "git://github.com/nanopb/nanopb.git;branch=master;protocol=https" +SRC_URI = "git://github.com/nanopb/nanopb.git;branch=master;protocol=https \ + file://CVE-2024-53984.patch \ + " SRCREV = "c9124132a604047d0ef97a09c0e99cd9bed2c818" S = "${WORKDIR}/git"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#122914): https://lists.openembedded.org/g/openembedded-devel/message/122914 Mute This Topic: https://lists.openembedded.org/mt/116939926/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
