tqma6-yocto-mirror/sources/poky/meta/recipes-connectivity/ofono/ofono/CVE-2024-7544.patch

From a240705a0d5d41eca6de4125ab2349ecde4c873a Mon Sep 17 00:00:00 2001
From: Ivaylo Dimitrov <ivo.g.dimitrov.75@gmail.com>
Date: Tue, 3 Dec 2024 21:43:49 +0200
Subject: [PATCH] stkutil: Fix CVE-2024-7544

CVE: CVE-2024-7544
Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=a240705a0d5d41eca6de4125ab2349ecde4c873a]
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
 src/stkutil.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/stkutil.c b/src/stkutil.c
index fdd11ad..475caaa 100644
--- a/src/stkutil.c
+++ b/src/stkutil.c
@@ -1898,6 +1898,10 @@ static bool parse_dataobj_mms_id(struct comprehension_tlv_iter *iter,
 
 	data = comprehension_tlv_iter_get_data(iter);
 	mi->len = len;
+
+	if (len > sizeof(mi->id))
+		return false;
+
 	memcpy(mi->id, data, len);
 
 	return true;
-- 
2.25.1