diff mbox series

[meta-oe,kirkstone,3/8] nanopb: patch CVE-2024-53984

Message ID 20251225125139.2436941-3-skandigraun@gmail.com
State New
Headers show
Series [meta-networking,kirkstone,1/8] mtr: patch CVE-2025-49809 | expand

Commit Message

Gyorgy Sarvari Dec. 25, 2025, 12:51 p.m. UTC 
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-53984

Pick the patch referenced by the nvd report.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 .../nanopb/nanopb/CVE-2024-53984.patch        | 36 +++++++++++++++++++
 .../recipes-devtools/nanopb/nanopb_0.4.5.bb   |  4 ++-
 2 files changed, 39 insertions(+), 1 deletion(-)
 create mode 100644 meta-oe/dynamic-layers/meta-python/recipes-devtools/nanopb/nanopb/CVE-2024-53984.patch
diff mbox series

Patch

diff --git a/meta-oe/dynamic-layers/meta-python/recipes-devtools/nanopb/nanopb/CVE-2024-53984.patch b/meta-oe/dynamic-layers/meta-python/recipes-devtools/nanopb/nanopb/CVE-2024-53984.patch
new file mode 100644
index 0000000000..c7a0c3f007
--- /dev/null
+++ b/meta-oe/dynamic-layers/meta-python/recipes-devtools/nanopb/nanopb/CVE-2024-53984.patch
@@ -0,0 +1,36 @@ 
+From 84e8fb3da74d3b83179700284ce47c98a8804ab1 Mon Sep 17 00:00:00 2001
+From: Petteri Aimonen <jpa@git.mail.kapsi.fi>
+Date: Sun, 1 Dec 2024 11:40:38 +0200
+Subject: [PATCH] Fix memory not released on error return (GHSA-xwqq-qxmw-hj5r)
+
+When all of the following conditions apply:
+
+* Compile time option PB_ENABLE_MALLOC is enabled.
+* Message contains at least one field with FT_POINTER field type.
+* Custom stream callback is used with unknown stream length (stream.bytes_left = SIZE_MAX)
+* pb_decode_ex() function is used with flag PB_DECODE_DELIMITED.
+* The input message is corrupted (accidentally or maliciously) in the length prefix.
+
+Then the pb_decode_ex() function does not automatically call pb_release(), like is done for other failure cases.
+This could lead to memory leak and potential denial-of-service.
+
+CVE: CVE-2024-53984
+Upstream-Status: Backport [https://github.com/nanopb/nanopb/commit/2b86c255aa52250438d5aba124d0e86db495b378]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ pb_decode.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/pb_decode.c b/pb_decode.c
+index b194825..2a22607 100644
+--- a/pb_decode.c
++++ b/pb_decode.c
+@@ -1156,7 +1156,7 @@ bool checkreturn pb_decode_ex(pb_istream_t *stream, const pb_msgdesc_t *fields,
+       status = pb_decode_inner(&substream, fields, dest_struct, flags);
+ 
+       if (!pb_close_string_substream(stream, &substream))
+-        return false;
++        status = false;
+     }
+     
+ #ifdef PB_ENABLE_MALLOC
diff --git a/meta-oe/dynamic-layers/meta-python/recipes-devtools/nanopb/nanopb_0.4.5.bb b/meta-oe/dynamic-layers/meta-python/recipes-devtools/nanopb/nanopb_0.4.5.bb
index 4b1853cc80..6edb2f11ce 100644
--- a/meta-oe/dynamic-layers/meta-python/recipes-devtools/nanopb/nanopb_0.4.5.bb
+++ b/meta-oe/dynamic-layers/meta-python/recipes-devtools/nanopb/nanopb_0.4.5.bb
@@ -4,7 +4,9 @@  LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=9db4b73a55a3994384112efcdb37c01f"
 
 DEPENDS = "protobuf-native"
 
-SRC_URI = "git://github.com/nanopb/nanopb.git;branch=master;protocol=https"
+SRC_URI = "git://github.com/nanopb/nanopb.git;branch=master;protocol=https \
+           file://CVE-2024-53984.patch \
+           "
 SRCREV = "c9124132a604047d0ef97a09c0e99cd9bed2c818"
 
 S = "${WORKDIR}/git"