diff mbox series

[meta-networking,whinlatter,8/14] wolfssl: patch CVE-2026-4395

Message ID 20260405124916.2881008-8-ankur.tyagi85@gmail.com
State New
Headers show
Series [meta-multimedia,whinlatter,1/14] libde265: patch CVE-2026-33165 | expand

Commit Message

Ankur Tyagi April 5, 2026, 12:49 p.m. UTC 
From: Ankur Tyagi <ankur.tyagi85@gmail.com>

Details: https://nvd.nist.gov/vuln/detail/CVE-2026-4395

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
 .../wolfssl/files/CVE-2026-4395.patch         | 31 +++++++++++++++++++
 .../wolfssl/wolfssl_5.8.0.bb                  |  1 +
 2 files changed, 32 insertions(+)
 create mode 100644 meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-4395.patch
diff mbox series

Patch

diff --git a/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-4395.patch b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-4395.patch
new file mode 100644
index 0000000000..1289e169c4
--- /dev/null
+++ b/meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-4395.patch
@@ -0,0 +1,31 @@ 
+From 6a60f44e056f55f3cdc9d11384e5a5d5d0b1d628 Mon Sep 17 00:00:00 2001
+From: Kareem <kareem@wolfssl.com>
+Date: Mon, 16 Mar 2026 15:34:18 -0700
+Subject: [PATCH] Check raw pubkey length in wc_ecc_import_x963 before copying
+ to it for KCAPI case.
+
+(cherry picked from commit ddc177b669cff9d3c7e1b51751f9df73062b872a)
+
+CVE: CVE-2026-4395
+Upstream-Status: Backport [https://github.com/wolfSSL/wolfssl/commit/ddc177b669cff9d3c7e1b51751f9df73062b872a]
+Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
+---
+ wolfcrypt/src/ecc.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c
+index 1fd30cfd9..dcef45a1c 100644
+--- a/wolfcrypt/src/ecc.c
++++ b/wolfcrypt/src/ecc.c
+@@ -10784,7 +10784,10 @@ int wc_ecc_import_x963_ex(const byte* in, word32 inLen, ecc_key* key,
+             XMEMCPY(key->pubkey_raw, (byte*)in, inLen);
+     }
+ #elif defined(WOLFSSL_KCAPI_ECC)
+-    XMEMCPY(key->pubkey_raw, (byte*)in, inLen);
++    if (inLen <= (word32)sizeof(key->pubkey_raw))
++        XMEMCPY(key->pubkey_raw, (byte*)in, inLen);
++    else
++        err = BAD_FUNC_ARG;
+ #endif
+ 
+     if (err == MP_OKAY) {
diff --git a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb
index 992591fb90..a700e8a820 100644
--- a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb
+++ b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb
@@ -36,6 +36,7 @@  SRC_URI = " \
     file://CVE-2026-3230.patch \
     file://CVE-2026-3547.patch \
     file://CVE-2026-4159.patch \
+    file://CVE-2026-4395.patch \
 "
 
 SRCREV = "b077c81eb635392e694ccedbab8b644297ec0285"