diff mbox series

[meta-networking,scarthgap,3/5] libiec61850: patch CVE-2024-26529

Message ID 20251021063407.232340-4-ankur.tyagi85@gmail.com
State New
Headers show
Series [meta-networking,scarthgap,1/5] libiec61850: upgrade 1.5.1 -> 1.5.3 | expand

Commit Message

Ankur Tyagi Oct. 21, 2025, 6:34 a.m. UTC 
Details https://nvd.nist.gov/vuln/detail/CVE-2024-26529

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
 .../libiec61850/files/CVE-2024-26529.patch    | 33 +++++++++++++++++++
 .../libiec61850/libiec61850_1.5.3.bb          |  1 +
 2 files changed, 34 insertions(+)
 create mode 100644 meta-networking/recipes-connectivity/libiec61850/files/CVE-2024-26529.patch
diff mbox series

Patch

diff --git a/meta-networking/recipes-connectivity/libiec61850/files/CVE-2024-26529.patch b/meta-networking/recipes-connectivity/libiec61850/files/CVE-2024-26529.patch
new file mode 100644
index 0000000000..ea3f472f30
--- /dev/null
+++ b/meta-networking/recipes-connectivity/libiec61850/files/CVE-2024-26529.patch
@@ -0,0 +1,33 @@ 
+From e29799cba6f1d08cf6463a2b190c0e6502b885df Mon Sep 17 00:00:00 2001
+From: Michael Zillgith <michael.zillgith@mz-automation.de>
+Date: Fri, 2 Feb 2024 06:44:47 +0000
+Subject: [PATCH] CVE-2024-26529
+
+fixed - null pointer dereference in mmsServer_handleDeleteNamedVariableListRequest when receiving malformed message (LIB61850-430)
+
+CVE: CVE-2024-26529
+Upstream-Status: Backport [https://github.com/mz-automation/libiec61850/commit/cf94d64206cf53298edf4799a75b31657bb7cbb3]
+
+(cherry picked from commit cf94d64206cf53298edf4799a75b31657bb7cbb3)
+Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
+---
+ src/mms/iso_mms/server/mms_named_variable_list_service.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/mms/iso_mms/server/mms_named_variable_list_service.c b/src/mms/iso_mms/server/mms_named_variable_list_service.c
+index 3a27061c..3365f771 100644
+--- a/src/mms/iso_mms/server/mms_named_variable_list_service.c
++++ b/src/mms/iso_mms/server/mms_named_variable_list_service.c
+@@ -140,6 +140,12 @@ mmsServer_handleDeleteNamedVariableListRequest(MmsServerConnection connection,
+         mmsMsg_createMmsRejectPdu(&invokeId, MMS_ERROR_REJECT_INVALID_PDU, response);
+         goto exit_function;
+     }
++
++    if (request->listOfVariableListName == NULL)
++    {
++        mmsMsg_createMmsRejectPdu(&invokeId, MMS_ERROR_REJECT_INVALID_PDU, response);
++        goto exit_function;
++    }
+  
+ 	long scopeOfDelete = DeleteNamedVariableListRequest__scopeOfDelete_specific;
+ 
diff --git a/meta-networking/recipes-connectivity/libiec61850/libiec61850_1.5.3.bb b/meta-networking/recipes-connectivity/libiec61850/libiec61850_1.5.3.bb
index fa9e84a29e..ec10f0990e 100644
--- a/meta-networking/recipes-connectivity/libiec61850/libiec61850_1.5.3.bb
+++ b/meta-networking/recipes-connectivity/libiec61850/libiec61850_1.5.3.bb
@@ -18,6 +18,7 @@  SRCREV = "6f557c490f0b46ab5d7ef1b01bb3bc9fab3f442f"
 SRC_URI = "git://github.com/mz-automation/${BPN}.git;branch=v1.5;protocol=https \
            file://0001-pyiec61850-don-t-break-CMAKE_INSTALL_PATH-by-trying-.patch \
            file://0001-pyiec61850-Use-CMAKE_INSTALL_LIBDIR-from-GNUInstallD.patch \
+           file://CVE-2024-26529.patch \
 "
 
 S = "${WORKDIR}/git"