[meta-oe,scarthgap,1/1] iniparser: Fix CVE-2025-0633

Message ID	20250424045341.919932-1-soumya.sambu@windriver.com
State	New
Headers	show Return-Path: <soumya.sambu@windriver.com> ip: 205.220.166.238, mailfrom: prvs=6209b1bf77=soumya.sambu@windriver.com) From: ssambu <soumya.sambu@windriver.com> To: <openembedded-devel@lists.openembedded.org> Subject: [oe][meta-oe][scarthgap][PATCH 1/1] iniparser: Fix CVE-2025-0633 Date: Thu, 24 Apr 2025 04:53:41 +0000 Message-ID: <20250424045341.919932-1-soumya.sambu@windriver.com> MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Series	[meta-oe,scarthgap,1/1] iniparser: Fix CVE-2025-0633 \| expand [meta-oe,scarthgap,1/1] iniparser: Fix CVE-2025-0633

Message ID

20250424045341.919932-1-soumya.sambu@windriver.com

State

New

Headers

From: ssambu <soumya.sambu@windriver.com>
To: <openembedded-devel@lists.openembedded.org>
Subject: [oe][meta-oe][scarthgap][PATCH 1/1] iniparser: Fix CVE-2025-0633
Date: Thu, 24 Apr 2025 04:53:41 +0000
Message-ID: <20250424045341.919932-1-soumya.sambu@windriver.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
X-Sensitive_Customer_Information: Yes
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.0.680,FMLib:17.12.80.40
 definitions=2025-04-24_01,2025-04-22_01,2025-02-21_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
 lowpriorityscore=0
 priorityscore=1501 clxscore=1015 adultscore=0 spamscore=0 bulkscore=0
 impostorscore=0 malwarescore=0 mlxlogscore=999 mlxscore=0 suspectscore=0
 phishscore=0 classifier=spam authscore=0 authtc=n/a authcc= route=outbound
 adjust=0 reason=mlx scancount=1 engine=8.21.0-2504070000
 definitions=main-2504240028
Content-Transfer-Encoding: quoted-printable
X-MIME-Autoconverted: from 8bit to quoted-printable by
 mx0a-0064b401.pphosted.com id 53O4oZK3001436
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Thu, 24 Apr 2025 04:53:51 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/117086

Series

[meta-oe,scarthgap,1/1] iniparser: Fix CVE-2025-0633 | expand

Commit Message

Sambu, Soumya April 24, 2025, 4:53 a.m. UTC

From: Soumya Sambu <soumya.sambu@windriver.com>

Heap-based Buffer Overflow vulnerability in iniparser_dumpsection_ini() in
iniparser allows attacker to read out of bound memory

References:
https://nvd.nist.gov/vuln/detail/CVE-2025-0633
https://ubuntu.com/security/CVE-2025-0633

Upstream patch:
https://gitlab.com/iniparser/iniparser/-/commit/072a39a772a38c475e35a1be311304ca99e9de7f

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
---
 .../iniparser/iniparser/CVE-2025-0633.patch   | 37 +++++++++++++++++++
 .../iniparser/iniparser_4.1.bb                |  1 +
 2 files changed, 38 insertions(+)
 create mode 100644 meta-oe/recipes-support/iniparser/iniparser/CVE-2025-0633.patch

diff --git a/meta-oe/recipes-support/iniparser/iniparser/CVE-2025-0633.patch b/meta-oe/recipes-support/iniparser/iniparser/CVE-2025-0633.patch
new file mode 100644
index 0000000000..a9d2a19b2c
--- /dev/null
+++ b/meta-oe/recipes-support/iniparser/iniparser/CVE-2025-0633.patch
@@ -0,0 +1,37 @@ 
+From 072a39a772a38c475e35a1be311304ca99e9de7f Mon Sep 17 00:00:00 2001
+From: Lars Möllendorf <lars@moellendorf.eu>
+Date: Sun, 26 Jan 2025 08:48:23 +0100
+Subject: [PATCH] Fix heap overflow in `iniparser_dumpsection_ini()`
+
+...reported in #177
+
+As suggested by the issue reporter this is fixed by returning from
+`iniparser_dumpsection_ini()` in case the length of the passed section name
+of dictionary to dump was bigger than the size of the internal buffer used
+to copy this string to.
+
+Changelog: changed
+
+CVE: CVE-2025-0633
+
+Upstream-Status: Backport [https://gitlab.com/iniparser/iniparser/-/commit/072a39a772a38c475e35a1be311304ca99e9de7f]
+
+Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
+---
+ src/iniparser.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/iniparser.c b/src/iniparser.c
+index dbceb20..2aeecf4 100644
+--- a/src/iniparser.c
++++ b/src/iniparser.c
+@@ -301,6 +301,7 @@ void iniparser_dumpsection_ini(const dictionary * d, const char * s, FILE * f)
+
+     if (d==NULL || f==NULL) return ;
+     if (! iniparser_find_entry(d, s)) return ;
++    if (strlen(s) > sizeof(keym)) return;
+
+     seclen  = (int)strlen(s);
+     fprintf(f, "\n[%s]\n", s);
+--
+2.40.0
diff --git a/meta-oe/recipes-support/iniparser/iniparser_4.1.bb b/meta-oe/recipes-support/iniparser/iniparser_4.1.bb
index c80668d279..13a3a1f979 100644
--- a/meta-oe/recipes-support/iniparser/iniparser_4.1.bb
+++ b/meta-oe/recipes-support/iniparser/iniparser_4.1.bb
@@ -12,6 +12,7 @@  SRC_URI = "git://github.com/ndevilla/iniparser.git;protocol=https;branch=master
            file://0001-iniparser.pc-Make-libpath-a-variable.patch \
 	   file://Add-CMake-support.patch \
            file://CVE-2023-33461.patch \
+           file://CVE-2025-0633.patch \
 "
 
 SRCREV= "deb85ad4936d4ca32cc2260ce43323d47936410d"

[meta-oe,scarthgap,1/1] iniparser: Fix CVE-2025-0633

Commit Message

Patch