openclaw/tqma6-yocto-mirror
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
16accb6b246789ef1d36dd79b6f9da4d83cc4a76
tqma6-yocto-mirror/sources/poky/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4969.patch

47 lines
2.0 KiB
Diff
Raw Normal View History

Complete Yocto mirror with license table for TQMa6UL (2038-compliance) - 264 license table entries with exact download URLs (224/264 resolved) - Complete sources/ directory with all BitBake recipes - Build configuration: tqma6ul-multi-mba6ulx, spaetzle (musl) - Full traceability for Softwarefreigabeantrag - GCC 13.4.0, Linux 6.6.102, U-Boot 2023.04, musl 1.2.4 - License distribution: GPL-2.0 (24), MIT (23), GPL-2.0+ (18), BSD-3 (16)
2026-03-01 20:58:18 +00:00
From 07b94e27afafebf31ef3cd868866a1e383750086 Mon Sep 17 00:00:00 2001
From: Milan Crha <mcrha@redhat.com>
Date: Mon, 19 May 2025 17:48:27 +0200
Subject: [PATCH] soup-multipart: Verify array bounds before accessing its
members
The boundary could be at a place which, calculated, pointed
before the beginning of the array. Check the bounds, to avoid
read out of the array bounds.
Closes https://gitlab.gnome.org/GNOME/libsoup/-/issues/447
Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/07b94e27afafebf31ef3cd868866a1e383750086]
CVE: CVE-2025-4969
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Refresh the patch, remove the test part, following commit in libsoup3 has a
type refactor, which make the test is not suitable for libsoup2
[0d7e672e forms: Use GBytes instead of SoupMessageBody]
The test part will cause libsoup-2.3-native build failed on fedora40/41:
../libsoup-2.74.3/tests/multipart-test.c:578:63: error: passing argument 2 of soup_multipart_new_from_message from incompatible pointer type [-Wincompatible-pointer-types]
578 | multipart = soup_multipart_new_from_message (headers, bytes);
| ^~~~~
| |
| GBytes * {aka struct _GBytes *}
---
libsoup/soup-multipart.c | 2 +-
1 files changed, 1 insertions(+), 1 deletion(-)
diff --git a/libsoup/soup-multipart.c b/libsoup/soup-multipart.c
index dd93973..b3611db 100644
--- a/libsoup/soup-multipart.c
+++ b/libsoup/soup-multipart.c
@@ -108,7 +108,7 @@ find_boundary (const char *start, const char *end,
continue;
/* Check that it's at start of line */
- if (!(b == start || (b[-1] == '\n' && b[-2] == '\r')))
+ if (!(b == start || (b - start >= 2 && b[-1] == '\n' && b[-2] == '\r')))
continue;
/* Check for "--" or "\r\n" after boundary */
--
2.49.0
Reference in New Issue Copy Permalink