openclaw/tqma6-yocto-mirror
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
16accb6b246789ef1d36dd79b6f9da4d83cc4a76
tqma6-yocto-mirror/sources/poky/meta/recipes-connectivity/connman/connman/CVE-2025-32743.patch
Siggi (OpenClaw Agent) 16accb6b24 Complete Yocto mirror with license table for TQMa6UL (2038-compliance) 
- 264 license table entries with exact download URLs (224/264 resolved)
- Complete sources/ directory with all BitBake recipes
- Build configuration: tqma6ul-multi-mba6ulx, spaetzle (musl)
- Full traceability for Softwarefreigabeantrag
- GCC 13.4.0, Linux 6.6.102, U-Boot 2023.04, musl 1.2.4
- License distribution: GPL-2.0 (24), MIT (23), GPL-2.0+ (18), BSD-3 (16)
2026-03-01 21:14:11 +00:00

49 lines
1.6 KiB
Diff
Raw Blame History

From d90b911f6760959bdf1393c39fe8d1118315490f Mon Sep 17 00:00:00 2001
From: Praveen Kumar <praveen.kumar@windriver.com>
Date: Thu, 24 Apr 2025 11:39:29 +0000
Subject: [PATCH] dnsproxy: Fix NULL/empty lookup causing potential crash
In ConnMan through 1.44, the lookup string in ns_resolv in dnsproxy.c
can be NULL or an empty string when the TC (Truncated) bit is set in
a DNS response. This allows attackers to cause a denial of service
(application crash) or possibly execute arbitrary code, because those
lookup values lead to incorrect length calculations and incorrect
memcpy operations.
This patch includes a check to make sure loookup value is valid before
using it. This helps avoid unexpected value when the input is empty or
incorrect.
Fixes: CVE-2025-32743
CVE: CVE-2025-32743
Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=d90b911f6760959bdf1393c39fe8d1118315490f]
Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
---
src/dnsproxy.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/dnsproxy.c b/src/dnsproxy.c
index 7ebffbc..1a5a4f3 100644
--- a/src/dnsproxy.c
+++ b/src/dnsproxy.c
@@ -1669,8 +1669,13 @@ static int ns_resolv(struct server_data *server, struct request_data *req,
gpointer request, gpointer name)
{
int sk = -1;
+ int err;
const char *lookup = (const char *)name;
- int err = ns_try_resolv_from_cache(req, request, lookup);
+
+ if (!lookup || strlen(lookup) == 0)
+ return -EINVAL;
+
+ err = ns_try_resolv_from_cache(req, request, lookup);
if (err > 0)
/* cache hit */
--
2.40.0
Reference in New Issue View Git Blame Copy Permalink