[oe] [meta-networking][kirkstone][PATCH 4/5] libiec61850: patch CVE-2024-45969

Thu, 29 Jan 2026 23:06:31 -0800 

Details: https://nvd.nist.gov/vuln/detail/CVE-2024-45969

Backport the patch that is referenced by the NVD advisory.

Signed-off-by: Gyorgy Sarvari <[email protected]>
---
 .../libiec61850/files/CVE-2024-45969.patch    | 31 +++++++++++++++++++
 .../libiec61850/libiec61850_1.5.1.bb          |  3 +-
 2 files changed, 33 insertions(+), 1 deletion(-)
 create mode 100644 
meta-networking/recipes-connectivity/libiec61850/files/CVE-2024-45969.patch

diff --git 
a/meta-networking/recipes-connectivity/libiec61850/files/CVE-2024-45969.patch 
b/meta-networking/recipes-connectivity/libiec61850/files/CVE-2024-45969.patch
new file mode 100644
index 0000000000..d1dc8f0e6e
--- /dev/null
+++ 
b/meta-networking/recipes-connectivity/libiec61850/files/CVE-2024-45969.patch
@@ -0,0 +1,31 @@
+From d1afa7d8946ff05f73440e1fb5c14adcd5058b0d Mon Sep 17 00:00:00 2001
+From: Michael Zillgith <[email protected]>
+Date: Wed, 27 Mar 2024 12:26:58 +0000
+Subject: [PATCH] - ACSE: added check for minimum message size (LIB61850-438)
+
+CVE: CVE-2024-45969
+Upstream-Status: Backport 
[https://github.com/mz-automation/libiec61850/commit/7afa40390b26ad1f4cf93deaa0052fe7e357ef33]
+Signed-off-by: Gyorgy Sarvari <[email protected]>
+---
+ src/mms/iso_acse/acse.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/src/mms/iso_acse/acse.c b/src/mms/iso_acse/acse.c
+index 60b0f534..1f4d6eb9 100644
+--- a/src/mms/iso_acse/acse.c
++++ b/src/mms/iso_acse/acse.c
+@@ -420,6 +420,14 @@ AcseConnection_parseMessage(AcseConnection* self, 
ByteBuffer* message)
+ {
+     AcseIndication indication = ACSE_ERROR;
+ 
++    if (message == NULL || message->size < 1)
++    {
++        if (DEBUG_ACSE)
++            printf("ACSE: invalid message - no payload\n");
++
++        return ACSE_ERROR;
++    }
++
+     uint8_t* buffer = message->buffer;
+ 
+     int messageSize = message->size;
diff --git 
a/meta-networking/recipes-connectivity/libiec61850/libiec61850_1.5.1.bb 
b/meta-networking/recipes-connectivity/libiec61850/libiec61850_1.5.1.bb
index 3e5fc91dad..d36a3c9306 100644
--- a/meta-networking/recipes-connectivity/libiec61850/libiec61850_1.5.1.bb
+++ b/meta-networking/recipes-connectivity/libiec61850/libiec61850_1.5.1.bb
@@ -18,7 +18,8 @@ SRCREV = "210cf30897631fe2006ac50483caf8fd616622a2"
 SRC_URI = 
"git://github.com/mz-automation/${BPN}.git;branch=v1.5;protocol=https \
            
file://0001-pyiec61850-don-t-break-CMAKE_INSTALL_PATH-by-trying-.patch \
            
file://0001-pyiec61850-Use-CMAKE_INSTALL_LIBDIR-from-GNUInstallD.patch \
-"
+           file://CVE-2024-45969.patch \
+           "
 
 S = "${WORKDIR}/git"
 

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#124000): 
https://lists.openembedded.org/g/openembedded-devel/message/124000
Mute This Topic: https://lists.openembedded.org/mt/117540993/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to