Details: https://nvd.nist.gov/vuln/detail/CVE-2024-5629
Backport the patch that is indicated to solve the issue based on the upstream project's Jira ticket[1] (which comes from the NVD report). [1]: https://jira.mongodb.org/browse/PYTHON-4305 Signed-off-by: Gyorgy Sarvari <[email protected]> --- .../python3-pymongo/CVE-2024-5629.patch | 49 +++++++++++++++++++ .../python/python3-pymongo_4.1.1.bb | 1 + 2 files changed, 50 insertions(+) create mode 100644 meta-python/recipes-devtools/python/python3-pymongo/CVE-2024-5629.patch diff --git a/meta-python/recipes-devtools/python/python3-pymongo/CVE-2024-5629.patch b/meta-python/recipes-devtools/python/python3-pymongo/CVE-2024-5629.patch new file mode 100644 index 0000000000..0b0822a756 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-pymongo/CVE-2024-5629.patch @@ -0,0 +1,49 @@ +From a9454ae060fffa609cc02b129441679b7d248d8f Mon Sep 17 00:00:00 2001 +From: Shane Harvey <[email protected]> +Date: Wed, 27 Mar 2024 16:51:23 -0700 +Subject: [PATCH] PYTHON-4305 Fix bson size check (#1564) + +CVE: CVE-2024-5629 +Upstream-Status: Backport [https://github.com/mongodb/mongo-python-driver/commit/372b5d68d5a57ccc43b33407cd23f0bc79d99283] +Signed-off-by: Gyorgy Sarvari <[email protected]> +--- + bson/_cbsonmodule.c | 11 +++++------ + 1 file changed, 5 insertions(+), 6 deletions(-) + +diff --git a/bson/_cbsonmodule.c b/bson/_cbsonmodule.c +index 1a296db..73370e2 100644 +--- a/bson/_cbsonmodule.c ++++ b/bson/_cbsonmodule.c +@@ -2052,6 +2052,7 @@ static PyObject* get_value(PyObject* self, PyObject* name, const char* buffer, + uint32_t c_w_s_size; + uint32_t code_size; + uint32_t scope_size; ++ uint32_t len; + PyObject* code; + PyObject* scope; + PyObject* code_type; +@@ -2071,7 +2072,8 @@ static PyObject* get_value(PyObject* self, PyObject* name, const char* buffer, + memcpy(&code_size, buffer + *position, 4); + code_size = BSON_UINT32_FROM_LE(code_size); + /* code_w_scope length + code length + code + scope length */ +- if (!code_size || max < code_size || max < 4 + 4 + code_size + 4) { ++ len = 4 + 4 + code_size + 4; ++ if (!code_size || max < code_size || max < len || len < code_size) { + goto invalid; + } + *position += 4; +@@ -2089,12 +2091,9 @@ static PyObject* get_value(PyObject* self, PyObject* name, const char* buffer, + + memcpy(&scope_size, buffer + *position, 4); + scope_size = BSON_UINT32_FROM_LE(scope_size); +- if (scope_size < BSON_MIN_SIZE) { +- Py_DECREF(code); +- goto invalid; +- } + /* code length + code + scope length + scope */ +- if ((4 + code_size + 4 + scope_size) != c_w_s_size) { ++ len = 4 + 4 + code_size + scope_size; ++ if (scope_size < BSON_MIN_SIZE || len != c_w_s_size || len < scope_size) { + Py_DECREF(code); + goto invalid; + } diff --git a/meta-python/recipes-devtools/python/python3-pymongo_4.1.1.bb b/meta-python/recipes-devtools/python/python3-pymongo_4.1.1.bb index 7bde4ff681..d26ea5d2e8 100644 --- a/meta-python/recipes-devtools/python/python3-pymongo_4.1.1.bb +++ b/meta-python/recipes-devtools/python/python3-pymongo_4.1.1.bb @@ -8,6 +8,7 @@ HOMEPAGE = "http://github.com/mongodb/mongo-python-driver"; LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=86d3f3a95c324c9479bd8986968f4327" +SRC_URI += "file://CVE-2024-5629.patch" SRC_URI[sha256sum] = "d7b8f25c9b0043cbaf77b8b895814e33e7a3c807a097377c07e1bd49946030d5" inherit pypi setuptools3
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#123998): https://lists.openembedded.org/g/openembedded-devel/message/123998 Mute This Topic: https://lists.openembedded.org/mt/117540991/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
