diff mbox series

[meta-oe,walnascar,2/4] redis: patch CVE-2025-27151

Message ID 20251007194936.146845-2-skandigraun@gmail.com
State New
Headers show
Series [meta-oe,walnascar,1/4] redis: ignore CVE-2025-21605 | expand

Commit Message

Gyorgy Sarvari Oct. 7, 2025, 7:49 p.m. UTC 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-27151

Backport the patch mentioned in the details.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 ...AOF-file-name-in-redis-check-aof-CVE.patch | 34 +++++++++++++++++++
 .../redis/redis/0001-CVE-2025-27151.patch     | 31 +++++++++++++++++
 .../recipes-extended/redis/redis_6.2.18.bb    |  1 +
 meta-oe/recipes-extended/redis/redis_7.2.8.bb |  1 +
 4 files changed, 67 insertions(+)
 create mode 100644 meta-oe/recipes-extended/redis/redis-7.2.8/0001-Check-length-of-AOF-file-name-in-redis-check-aof-CVE.patch
 create mode 100644 meta-oe/recipes-extended/redis/redis/0001-CVE-2025-27151.patch
diff mbox series

Patch

diff --git a/meta-oe/recipes-extended/redis/redis-7.2.8/0001-Check-length-of-AOF-file-name-in-redis-check-aof-CVE.patch b/meta-oe/recipes-extended/redis/redis-7.2.8/0001-Check-length-of-AOF-file-name-in-redis-check-aof-CVE.patch
new file mode 100644
index 0000000000..159f8341b2
--- /dev/null
+++ b/meta-oe/recipes-extended/redis/redis-7.2.8/0001-Check-length-of-AOF-file-name-in-redis-check-aof-CVE.patch
@@ -0,0 +1,34 @@ 
+From 1b71849d83940971b95b7c576cdfbc9ff60d48b2 Mon Sep 17 00:00:00 2001
+From: YaacovHazan <yaacov.hazan@redis.com>
+Date: Tue, 27 May 2025 10:23:27 +0300
+Subject: [PATCH] Check length of AOF file name in redis-check-aof
+ (CVE-2025-27151)
+
+Ensure that the length of the input file name does not exceed PATH_MAX
+
+CVE: CVE-2025-27151
+
+Upstream-Status: Backport [https://github.com/redis/redis/commit/d0eeee6e31f0fefb510007a8cfdf5dce729a8be9]
+
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/redis-check-aof.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/redis-check-aof.c b/src/redis-check-aof.c
+index e28126d..5b3ee2a 100644
+--- a/src/redis-check-aof.c
++++ b/src/redis-check-aof.c
+@@ -547,6 +547,12 @@ int redis_check_aof_main(int argc, char **argv) {
+         goto invalid_args;
+     }
+ 
++    /* Check if filepath is longer than PATH_MAX */
++    if (strlen(filepath) > PATH_MAX) {
++        printf("Error: filepath is too long (exceeds PATH_MAX)\n");
++        goto invalid_args;
++    }
++
+     /* In the glibc implementation dirname may modify their argument. */
+     memcpy(temp_filepath, filepath, strlen(filepath) + 1);
+     dirpath = dirname(temp_filepath);
diff --git a/meta-oe/recipes-extended/redis/redis/0001-CVE-2025-27151.patch b/meta-oe/recipes-extended/redis/redis/0001-CVE-2025-27151.patch
new file mode 100644
index 0000000000..dd2ce977a7
--- /dev/null
+++ b/meta-oe/recipes-extended/redis/redis/0001-CVE-2025-27151.patch
@@ -0,0 +1,31 @@ 
+From 96f00cb60cb6e73c66375264227872053385bea2 Mon Sep 17 00:00:00 2001
+From: Gyorgy Sarvari <skandigraun@gmail.com>
+Date: Tue, 7 Oct 2025 21:26:55 +0200
+Subject: [PATCH] CVE-2025-27151
+
+Ensure that the length of the input file name does not exceed PATH_MAX
+
+CVE: CVE-2025-27151
+Upstream-Status: Backport [https://github.com/redis/redis/commit/d0eeee6e31f0fefb510007a8cfdf5dce729a8be9]
+
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/redis-check-aof.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/redis-check-aof.c b/src/redis-check-aof.c
+index 1507e0a..f7dd5cb 100644
+--- a/src/redis-check-aof.c
++++ b/src/redis-check-aof.c
+@@ -164,6 +164,11 @@ int redis_check_aof_main(int argc, char **argv) {
+         exit(1);
+     }
+ 
++    if (strlen(filename) > PATH_MAX) {
++        printf("Error: filename is too long (exceeds PATH_MAX)\n");
++        exit(1);
++    }
++
+     FILE *fp = fopen(filename,"r+");
+     if (fp == NULL) {
+         printf("Cannot open file: %s\n", filename);
diff --git a/meta-oe/recipes-extended/redis/redis_6.2.18.bb b/meta-oe/recipes-extended/redis/redis_6.2.18.bb
index 13344beae4..179701bbf8 100644
--- a/meta-oe/recipes-extended/redis/redis_6.2.18.bb
+++ b/meta-oe/recipes-extended/redis/redis_6.2.18.bb
@@ -16,6 +16,7 @@  SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \
            file://0004-src-Do-not-reset-FINAL_LIBS.patch \
            file://0005-Define-_GNU_SOURCE-to-get-PTHREAD_MUTEX_INITIALIZER.patch \
            file://0006-Define-correct-gregs-for-RISCV32.patch \
+           file://0001-CVE-2025-27151.patch \
           "
 
 SRC_URI[sha256sum] = "470c75bac73d7390be4dd66479c6f29e86371c5d380ce0c7efb4ba2bbda3612d"
diff --git a/meta-oe/recipes-extended/redis/redis_7.2.8.bb b/meta-oe/recipes-extended/redis/redis_7.2.8.bb
index 38d8e5ffe9..fe811dcc7e 100644
--- a/meta-oe/recipes-extended/redis/redis_7.2.8.bb
+++ b/meta-oe/recipes-extended/redis/redis_7.2.8.bb
@@ -16,6 +16,7 @@  SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \
            file://0004-src-Do-not-reset-FINAL_LIBS.patch \
            file://0005-Define-_GNU_SOURCE-to-get-PTHREAD_MUTEX_INITIALIZER.patch \
            file://0006-Define-correct-gregs-for-RISCV32.patch \
+           file://0001-Check-length-of-AOF-file-name-in-redis-check-aof-CVE.patch \
           "
 
 SRC_URI[sha256sum] = "6be4fdfcdb2e5ac91454438246d00842d2671f792673390e742dfcaf1bf01574"