From patchwork Tue Oct 21 06:34:02 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 72749 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 71F95CCD19F for ; Tue, 21 Oct 2025 06:34:22 +0000 (UTC) Received: from mail-pl1-f178.google.com (mail-pl1-f178.google.com [209.85.214.178]) by mx.groups.io with SMTP id smtpd.web11.5197.1761028458869202878 for ; Mon, 20 Oct 2025 23:34:18 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=Xzp35sDs; spf=pass (domain: gmail.com, ip: 209.85.214.178, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pl1-f178.google.com with SMTP id d9443c01a7336-27ee41e074dso61534175ad.1 for ; Mon, 20 Oct 2025 23:34:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1761028458; x=1761633258; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=jgUyQ5RcuAzUL5TERfKVxPqOMF1sNZgZnhlw0LVnTXQ=; b=Xzp35sDsxJs29CJokYKKgaO9vfRRr5IOwNprdfTBJu6K1nnWTM4tJ90wpOXs1nnPWM jJEmLucReEeFjD/FmurxuTFeMHwt3Za2CicE3Fsru7rTV5zRUfqj+AScSqRYJ9LjMMoK Y5omUhhV8lB54GLiNaGYAAUrsjfbUw0G1yCJ7ul+0CVRbqWnt69hNFKmzvtRJgd27whM pc2bHAWRSxwAJrFdk3cMtbqhd8ju/Sgh+A5N1O82+CL6TIGtTZ9fKPel1tKDKs7LTy3S c5gHtt2dBZ9gf9knc/vbbPCY6uHQDmGew5nTQaQqH6v0tXoWu5adx+2c+uoAuGED0WUy cY0g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1761028458; x=1761633258; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=jgUyQ5RcuAzUL5TERfKVxPqOMF1sNZgZnhlw0LVnTXQ=; b=kVUqUy4GUF61rw9EJd9hSW9HLSO1yqmFGygFYrzdKd/LzQuEgBVFoOxZb2rghPVYyJ LlJFkz5gP96Do6fSx/+xbTTzIjrO/SfAVQCS9y2Cq3ikfzMhORj8ZJZi3bfr4O1ek1wI IrKEgD1j2mwl+Ebi6eS3p4HbPwTYpN/WafR58uKbFJRDJ4EArVD+t/GJhkU4toJuYur+ q+JaEoy6SsjHCMt0FirgUK6XFsW9fe+M9C4k0cz1XByx+n4VPBU6TI/qh2/ftD1gIiej JBQhEFUr04EhcU53nsKOkKvnkXieorQpbhzrSnTnEvICIiMKuiOBiAn2m68xackR7J+h guUw== X-Gm-Message-State: AOJu0YxjNrrpY7O1S3y1QIxxce3lqIyJzpAzFACdAC/QDtW/MmpgokDF mqE6W1MOYlJXz47gw/a3UIfFhnVKxratofB7/ithnFuTtNH+rWgXIpCq8HnwUw== X-Gm-Gg: ASbGncvyNT6kEo3whUl6zBE0aIAAHOgwuVsV0Hc/BQafmRjKwOY5y5PLBSHGE3en2xo DCkl9fKfUNdRtggeRdDjQ5RanGBAm5wMgvx48FetdOG3Uqhsb6D4N91UXm+H2myE7Ttz4KB0I9v rVMJFYsM7EClTxw17s/3dFBZZPWY68RKHY+bfGNDA4NKmndMLCxa8bQ42IGfD1p95V5MJ818v0D 1KBfWBkjS08PyOJdghixQr+xs7MRltjZFi6OYESkTiXMRqm7WqFRbe6dzOwIRSOvX0df7sY5POv zXO6tgsRZt6/7pm9EPF9DcDGbvyWpkwpqLrYIXeH20T4EEL/9RXrNMpzIMeE/L71qj44dIY7pjU Ig5ppC5QMZlcXqtXrO5RR1poyBUkLVn2RZOhE6bwbD2TNncCQCwYpwH4nyVC3MuvPhj5X4g7aMi REhDs5J8LCakOPZTYgkfN8RtAS X-Google-Smtp-Source: AGHT+IH2YSKwuNjju6v28lZ2mX6qvZoRzYkEcc+irRC5X14+FcSnhZV84yqeADaqM1mB324k9bCeBw== X-Received: by 2002:a17:902:da88:b0:24c:9a51:9a33 with SMTP id d9443c01a7336-290c9cbc119mr196533335ad.22.1761028458008; Mon, 20 Oct 2025 23:34:18 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([147.161.216.252]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-292471da2f9sm99609595ad.62.2025.10.20.23.34.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 20 Oct 2025 23:34:17 -0700 (PDT) From: Ankur Tyagi To: openembedded-devel@lists.openembedded.org Cc: Wang Mingyu , Khem Raj , Ankur Tyagi Subject: [oe][meta-networking][scarthgap][PATCH 1/5] libiec61850: upgrade 1.5.1 -> 1.5.3 Date: Tue, 21 Oct 2025 19:34:02 +1300 Message-ID: <20251021063407.232340-1-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 21 Oct 2025 06:34:22 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/120827 From: Wang Mingyu Changelog: ============= - config file parser dynamically allocates linebuffer to allow multithreaded applications - parse time values in model configuration file - config file generator: added missing code for GSEControl - Config file generator: support multiple access points for GOOSE and SMV control blocks - config file generator: added code to add SMVCBs to config files - IED server: added code to create SMVCBs with the dynamic model API - MMS server: added support for write access with component alternate access - MMS client: added function MmsConnection_writeVariableComponent to write to variables with alternate component access - make write access to RCB elements configurable according to ReportSettings - Added function IedConnection_setLocalAddress to define local IP address and optionally local port of a client connection - IED server: added ControlAction_getSynchroCheck and ControlAction_getInterlockCheck functions - fixed - IEC 61580 server: dataset is not released when RCB.Datset is set to empty string by client - PAL: fixed wrong order of function arguments for fread and fwrite functions - MMS client: parsing of servicecsSupported in MMS init response is off by one - fixed - potential memory leaks in goose publisher code - fixed - server sends dchg report when only dupd is enabled in RCB - GOOSE subscriber: fixed - possible heap corruption in parseAllData due to missing validity check in bit-string handling - IED server: fixed problem with implicit ResvTms setting when reserved with RptEna - IED server: fixed - segmentation fault when compiled with CONFIG_MMS_THREADLESS_STACK - fixed - MMS server: messages can be corrupted when TCP buffer is full - fixed - .NET: IedConenction.WriteDataSetValues throws a NullReferenceException - fixed - server send invalid response- when client uses wrong ctlModel - fixed - IedConnection_setRCBValuesAsync crashes when RCB is already reserved by other client - fixed - outstanding call not released in IedConnection_getDataSetDirectoryAsync Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj (cherry picked from commit 1b0f933f5b079c60e03a9e73fc5f4957792b911a) Signed-off-by: Ankur Tyagi --- .../libiec61850/{libiec61850_1.5.1.bb => libiec61850_1.5.3.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-networking/recipes-connectivity/libiec61850/{libiec61850_1.5.1.bb => libiec61850_1.5.3.bb} (96%) diff --git a/meta-networking/recipes-connectivity/libiec61850/libiec61850_1.5.1.bb b/meta-networking/recipes-connectivity/libiec61850/libiec61850_1.5.3.bb similarity index 96% rename from meta-networking/recipes-connectivity/libiec61850/libiec61850_1.5.1.bb rename to meta-networking/recipes-connectivity/libiec61850/libiec61850_1.5.3.bb index 63476d3495..0e1f50164a 100644 --- a/meta-networking/recipes-connectivity/libiec61850/libiec61850_1.5.1.bb +++ b/meta-networking/recipes-connectivity/libiec61850/libiec61850_1.5.3.bb @@ -13,7 +13,7 @@ SECTION = "console/network" LICENSE = "GPL-3.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" DEPENDS = "swig-native python3" -SRCREV = "210cf30897631fe2006ac50483caf8fd616622a2" +SRCREV = "6f557c490f0b46ab5d7ef1b01bb3bc9fab3f442f" SRC_URI = "git://github.com/mz-automation/${BPN}.git;branch=v1.5;protocol=https \ file://0001-pyiec61850-don-t-break-CMAKE_INSTALL_PATH-by-trying-.patch \ From patchwork Tue Oct 21 06:34:04 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 72750 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 74754CCD19F for ; Tue, 21 Oct 2025 06:35:42 +0000 (UTC) Received: from mail-pl1-f172.google.com (mail-pl1-f172.google.com [209.85.214.172]) by mx.groups.io with SMTP id smtpd.web11.5208.1761028541828655394 for ; Mon, 20 Oct 2025 23:35:41 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=GVIHaD+J; spf=pass (domain: gmail.com, ip: 209.85.214.172, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pl1-f172.google.com with SMTP id d9443c01a7336-290ac2ef203so50925385ad.1 for ; Mon, 20 Oct 2025 23:35:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1761028541; x=1761633341; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=c6CGy3VW2ASkkJiPlOLNxrZwK1eadQwpwcJmHRa30SE=; b=GVIHaD+JTLonbGNexQnQILuiaDUMYk3xASqhsHJfpCj71GiNSuTBFvemLonraQpvOu /kXa0vpQsoz0jedFoA9j4wXBZOkPq/4Ah0bnDHXWcANPpP4NYncjuecEIvCixgiwJ1Gg aTdbv5srtKjRq1DE8TzHkD/ZwnDe7t3aDjpVY+wxuSqjh8dHK5Qs0fbt4SLlB0L5utgF XK8fsyNma9m7L4FZMC/QOjCkPlaZmyo9u8fUaG8BuIOYaTBnWGz2KWEY3pbegcJgOtoc fV9PC9xREZSVMUGQN2Ipf2NoAKLNPTzILViSrJn2XRwTaw3BaFglAuRW08kp9lYJNhav 4/Mw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1761028541; x=1761633341; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=c6CGy3VW2ASkkJiPlOLNxrZwK1eadQwpwcJmHRa30SE=; b=KSIv3lc3sgjDvpJE38St/qvJfPq3Ld9stzw73jzQYuWUSNFNRJm+o7x4CXr+PR+FC5 Ti3z9OSZVhatwNUC5ZDZq3Dp1pc3We/AnJsmqINdAdeiEntXuIoSXRkldpZfF/rfgRMY eaZQVD1gOTyv3INzl1nsZy0Z3UfsEpa5sUr8kogKi6ai+Oysu0z3pNTA96DVRjwp30F2 OB6LfhsaWZRRHkfz6LwQAgfEfGqfERgNhr35nDhHjvAy2aSUUOltSCmiY1In9h2zPpiU GlHgQofv1yab26HAaKEL/BDldfB1z8UHQJthjUDZ14xan507j3ejzkW8224I6ykMizRw Yl/A== X-Gm-Message-State: AOJu0YyeKCctX9/XBbII78YGWb9HcybKKDrh6vNZh6roX9fDyQEGhc34 mhNXaVMM2XP6p9vSy92FgEA4mUi2G+owu81jDwAYukQbh6UzEToFKh+gwUKT6g== X-Gm-Gg: ASbGncsa0oUsgBiNWtLMVoaFvV3bGI5KnTX4iE51ndtkxNjaya0LRYOvoYHstMF0T7K ouRinOqGGmDdVlaEUe7Usjayd0xTxYAhGfiOTV2qUgGGCNxrIQ8uNRU5Hvqobwydn2LkvELgXH5 tPB7LV9HJ1dP/hVK13PGyjcnf6iO4pqR/u/9bFwfqObNOpwc9Or9CLVyVAy19hDOLNnbEejfxVl sZSsKS4AGsxKTEzNAqQHzwGt0XP5TMn7Fqjy5ZYHwkpZoGN+eAXsTUxCV59+0t5NGlDKr9h1UHP SK0Y++ZEmTlEMP+dSxt6D1365/fvTZZtBlj+T7bNiwle62lBrO8E4WP9KuPlhZNzYKekwTiKhMc Y7a+kwgKDOVoN0VFxTrsQnjYlexZnU5GWQJDKLKw8scceuAKxFYArXjpcFVqntFMUD+DCy7tqs9 vEUKsJiAgUsLLf0Q== X-Google-Smtp-Source: AGHT+IEpOCEayzJZhhXluHgh+M085aL3hc3RI77e5qUW4BoJLapJRR4OeD74pmW/zvLrdk/gMEi8gg== X-Received: by 2002:a17:902:ce12:b0:271:479d:3de2 with SMTP id d9443c01a7336-290c9ca2a4bmr179926425ad.13.1761028540975; Mon, 20 Oct 2025 23:35:40 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([147.161.216.252]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-292471da2f9sm99609595ad.62.2025.10.20.23.35.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 20 Oct 2025 23:35:40 -0700 (PDT) From: Ankur Tyagi To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi Subject: [oe][meta-networking][scarthgap][PATCH 2/5] libiec61850: ignore CVE-2023-27772 Date: Tue, 21 Oct 2025 19:34:04 +1300 Message-ID: <20251021063407.232340-3-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251021063407.232340-1-ankur.tyagi85@gmail.com> References: <20251021063407.232340-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 21 Oct 2025 06:35:42 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/120828 Details https://nvd.nist.gov/vuln/detail/CVE-2023-27772 $ git tag --contains 79a8eaf | grep 1.5.3 v1.5.3 Signed-off-by: Ankur Tyagi --- .../recipes-connectivity/libiec61850/libiec61850_1.5.3.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-networking/recipes-connectivity/libiec61850/libiec61850_1.5.3.bb b/meta-networking/recipes-connectivity/libiec61850/libiec61850_1.5.3.bb index 0e1f50164a..fa9e84a29e 100644 --- a/meta-networking/recipes-connectivity/libiec61850/libiec61850_1.5.3.bb +++ b/meta-networking/recipes-connectivity/libiec61850/libiec61850_1.5.3.bb @@ -36,3 +36,5 @@ FILES:${PN} += " \ ${PYTHON_SITEPACKAGES_DIR}/iec61850.py \ ${PYTHON_SITEPACKAGES_DIR}/_iec61850.so \ " + +CVE_STATUS[CVE-2023-27772] = "fixed-version: The vulnerability has been addressed and the fix is included in current version (1.5.3)" From patchwork Tue Oct 21 06:34:05 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 72751 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5D924CCD1A7 for ; Tue, 21 Oct 2025 06:35:52 +0000 (UTC) Received: from mail-pl1-f177.google.com (mail-pl1-f177.google.com [209.85.214.177]) by mx.groups.io with SMTP id smtpd.web11.5210.1761028547566390796 for ; Mon, 20 Oct 2025 23:35:47 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=RLLcIdDY; spf=pass (domain: gmail.com, ip: 209.85.214.177, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pl1-f177.google.com with SMTP id d9443c01a7336-290cd62acc3so47158605ad.2 for ; Mon, 20 Oct 2025 23:35:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1761028547; x=1761633347; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=aXbMkB7shAgJquuMcg9/to1o2vRaTcrTIeNJ2RZwlKc=; b=RLLcIdDYq1PMYQL/EbPcjXMfoAv/kM9r4TA42zrCkTpRCoineEXBYLBDAuvE4h8pQv CFBkl8P8dr5Z7FbcyH2avuH6wsnmEH6aP6/u66PG4fnfGIjk+DHnTk6gGHYZ9DK41tS6 Tt542ZUE1w7KAubhLHxaGVXiVY4oipRuxShJ7D4/3MNQG40a+SonEikgPsnSSAyfRWrn rNlaoYF37n0Iu7dLgEV6BtoUtJok3Ii88wvgSHg/Wulgb6RRsH1gnoeII99AhKGEfFEU ig9VcYPEdV5VBaWPeM1jjEpqmoQf6KCdgZWfxR+nDB/IAYjbg+b55dCcwe8TfXqZEVXE 3VEQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1761028547; x=1761633347; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=aXbMkB7shAgJquuMcg9/to1o2vRaTcrTIeNJ2RZwlKc=; b=uTpGfJb/2GR9cf5f0LN+/lCXPAgE4HLOs9Y0+Dhxl/wI8JSfx7Nj9qGwdGZiVpEIFX 5kV9LYHRrWSMyOUjrBl4AveAcihrLwlutpiApXYKLR2eVwVxp+v7mlTs4Y+WpEaxwgDn uIER36apBRcC0rfWyifro6gLi0iJeW8kYqlEG9kR3R7PFUe+FMymDKc/VYltox+u0shN Wcix+2Xtm6dllYQnF0NSlyom6sNRWW+IACR+kIroruHoyOi6SQBm4NaNWxsZUzxGhuEQ msjzSUk3Ty3Gnf6Mo1DsMQiGv/gbot95/bd5rM6nh33CTumqe2fbWvn3i6jHD/itcOTz njTA== X-Gm-Message-State: AOJu0YybPCpAuN+XQ8sfzkkpFmlseKIXjpn+RUzcglLWEgrOl66iixyF k01c7AywsYq67ZatR8fJjDpydsTYKpxWylRwrNDuUsMVzrptfBH2LA/2BT0vLQ== X-Gm-Gg: ASbGncvwE6V3ykOARsvNbRtc938SNCipzskcg8lqNGtfB+N0fUtY2EJ6N9o7fBbN3Y3 YvO0mEfCn2ZLnW7aETLyvIl1z+1kAlAnm+9bap8FdXnUCV3eAqZe+GspzfGEUnISsp5kuxg6w5n 3CGQzxoJgSakVjurb52lyrHUDMU2fcwQ/kGjqLfUIeBRIKTBEWeL4e6AxV07bLNiyicuz4wEaRl da+gJysyesECrIrRY+9V6NGOX+93hKNvN6qQ+LwiH5LpvHflQExv604DRb2NQmvI2KI4eH6cPfG Xew2xXec9LxIqvyKZeUK1iMrnspZmO9N1E5lQh4RvXrQkveWz36riSmmAwSPGuasz3lOd3B+/k6 hz914wXyRTXqDNfeLge+qUgjGEok8Q6mBRQTVfY6jebOijjiJh+TVm3FA6iNvdM6ZeVfL6FbZiu e2a5sTP8akfx1rShFZ4R/cs0iljUYLUTMzDXE= X-Google-Smtp-Source: AGHT+IFapqU7f+DQGcEsHxF/C6b+hq9KKnJNRVvb15KfhrN7hjI9zjN/eGqqGu7OFomwgPPo2wlaOg== X-Received: by 2002:a17:902:ce12:b0:28e:7fce:6685 with SMTP id d9443c01a7336-290cb94792amr179153715ad.32.1761028546731; Mon, 20 Oct 2025 23:35:46 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([147.161.216.252]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-292471da2f9sm99609595ad.62.2025.10.20.23.35.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 20 Oct 2025 23:35:46 -0700 (PDT) From: Ankur Tyagi To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi Subject: [oe][meta-networking][scarthgap][PATCH 3/5] libiec61850: patch CVE-2024-26529 Date: Tue, 21 Oct 2025 19:34:05 +1300 Message-ID: <20251021063407.232340-4-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251021063407.232340-1-ankur.tyagi85@gmail.com> References: <20251021063407.232340-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 21 Oct 2025 06:35:52 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/120829 Details https://nvd.nist.gov/vuln/detail/CVE-2024-26529 Signed-off-by: Ankur Tyagi --- .../libiec61850/files/CVE-2024-26529.patch | 33 +++++++++++++++++++ .../libiec61850/libiec61850_1.5.3.bb | 1 + 2 files changed, 34 insertions(+) create mode 100644 meta-networking/recipes-connectivity/libiec61850/files/CVE-2024-26529.patch diff --git a/meta-networking/recipes-connectivity/libiec61850/files/CVE-2024-26529.patch b/meta-networking/recipes-connectivity/libiec61850/files/CVE-2024-26529.patch new file mode 100644 index 0000000000..ea3f472f30 --- /dev/null +++ b/meta-networking/recipes-connectivity/libiec61850/files/CVE-2024-26529.patch @@ -0,0 +1,33 @@ +From e29799cba6f1d08cf6463a2b190c0e6502b885df Mon Sep 17 00:00:00 2001 +From: Michael Zillgith +Date: Fri, 2 Feb 2024 06:44:47 +0000 +Subject: [PATCH] CVE-2024-26529 + +fixed - null pointer dereference in mmsServer_handleDeleteNamedVariableListRequest when receiving malformed message (LIB61850-430) + +CVE: CVE-2024-26529 +Upstream-Status: Backport [https://github.com/mz-automation/libiec61850/commit/cf94d64206cf53298edf4799a75b31657bb7cbb3] + +(cherry picked from commit cf94d64206cf53298edf4799a75b31657bb7cbb3) +Signed-off-by: Ankur Tyagi +--- + src/mms/iso_mms/server/mms_named_variable_list_service.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/mms/iso_mms/server/mms_named_variable_list_service.c b/src/mms/iso_mms/server/mms_named_variable_list_service.c +index 3a27061c..3365f771 100644 +--- a/src/mms/iso_mms/server/mms_named_variable_list_service.c ++++ b/src/mms/iso_mms/server/mms_named_variable_list_service.c +@@ -140,6 +140,12 @@ mmsServer_handleDeleteNamedVariableListRequest(MmsServerConnection connection, + mmsMsg_createMmsRejectPdu(&invokeId, MMS_ERROR_REJECT_INVALID_PDU, response); + goto exit_function; + } ++ ++ if (request->listOfVariableListName == NULL) ++ { ++ mmsMsg_createMmsRejectPdu(&invokeId, MMS_ERROR_REJECT_INVALID_PDU, response); ++ goto exit_function; ++ } + + long scopeOfDelete = DeleteNamedVariableListRequest__scopeOfDelete_specific; + diff --git a/meta-networking/recipes-connectivity/libiec61850/libiec61850_1.5.3.bb b/meta-networking/recipes-connectivity/libiec61850/libiec61850_1.5.3.bb index fa9e84a29e..ec10f0990e 100644 --- a/meta-networking/recipes-connectivity/libiec61850/libiec61850_1.5.3.bb +++ b/meta-networking/recipes-connectivity/libiec61850/libiec61850_1.5.3.bb @@ -18,6 +18,7 @@ SRCREV = "6f557c490f0b46ab5d7ef1b01bb3bc9fab3f442f" SRC_URI = "git://github.com/mz-automation/${BPN}.git;branch=v1.5;protocol=https \ file://0001-pyiec61850-don-t-break-CMAKE_INSTALL_PATH-by-trying-.patch \ file://0001-pyiec61850-Use-CMAKE_INSTALL_LIBDIR-from-GNUInstallD.patch \ + file://CVE-2024-26529.patch \ " S = "${WORKDIR}/git" From patchwork Tue Oct 21 06:34:06 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 72752 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5F0FDCCD19F for ; Tue, 21 Oct 2025 06:35:52 +0000 (UTC) Received: from mail-pg1-f177.google.com (mail-pg1-f177.google.com [209.85.215.177]) by mx.groups.io with SMTP id smtpd.web11.5212.1761028552015293404 for ; Mon, 20 Oct 2025 23:35:52 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=ILZi60eQ; spf=pass (domain: gmail.com, ip: 209.85.215.177, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pg1-f177.google.com with SMTP id 41be03b00d2f7-b4755f37c3eso4359819a12.3 for ; Mon, 20 Oct 2025 23:35:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1761028551; x=1761633351; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=GQx8Jyz6w3iwH9lllXMEpNgk/IgsKeyX8UeK1kcsQYI=; b=ILZi60eQUupt+SLrLaPKTfWeZRE0zqYnM2yoqXLmwmsLuvAvQ8vzpW3SrxbDbINTdk S6jTmpQOxiB5w6p3rCOzvsfuVFNxejvBVE6Xu2Re0uVBvu3DMzcvwnjdrZTole6BaDOc Be5qE4zV83Cae+BBTfiMqQzNngFo02WXiPTTnn9R0b4Uh/rnjFIDijHjcUWDXlUsRwVH /yk0XRENCWaxAZ9Wdry36RPeLRgkmxZNDwbOUowTznrjuIIuEHRf3VmIOg3AOo2TC0Em bZ3seclVB5Qdgc+wlRk4RaKgnEdGjcKHuqw+Pjiz2jXELUx2asih6mtxJD+d22pOdw/q Zv0g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1761028551; x=1761633351; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=GQx8Jyz6w3iwH9lllXMEpNgk/IgsKeyX8UeK1kcsQYI=; b=BaE0mo1/5/EOG9BkKiZDD8nClW5aXmhcggdK64yR8dJYWAEPux2fofFaPPUSg/31QE i7GdzNNCc0Iy6vm9jOgkXVEKteJ+Z4MXUbzbfsuui6ENQwj8lLh+bqPzmszluoqmNWXS ggI8b/7cwIhBkdps1oPvBeEEfBX67+2OQq1dSIBKr+glZGQnTjdv6uEHgKKFzeXgxnfL /OsAzeqgzQaRNYy0H2rRasOR3Dyg9UmXs2IbSpnE4Hr92FneyRuWiZLQAjHlJhP1hmsO B77zWKp4Pw2LckIu8ul8Xrc/448u/L95ZSbKojONJB6UUPKdWrhzuzyvMrPcXIVreL48 fVkA== X-Gm-Message-State: AOJu0Yxsnol4T7OZGkT75pdcSl9bGZqxCGugeNl8uTbhGxS+gX1mOBPQ AQExhUZvdni/nF2w67f497wh+8gin4JPeYrTIpUXqrAiuYuYXzSCB4QXiCaBXg== X-Gm-Gg: ASbGnct2fqVryj8HpvMkrz+paf6X6ZdKjEy6NeI1DeGT+470fUHfIbcZrIzg/oHPThr Mh9e8bt9G2gC0ci/0kOKBNMfI/zqLYVod58KQQTBxgTR+Wlhj67RRlSQCPtAccZxfHBjQD96M58 UW8GRyoR9Fs10ElXWwaD2is87gOAQXPd2486U/yD6Xf7JlUoHs5H1hF9e4iiZzgaDUbyQLjCEr7 U97GkOhmyPgWq8dZoVTq4mcvm/M0jf8pZXFaEDrer4w+9C++Cpq9o9IIGo2szmy0D1SM58lp3Wo v83SZqQEv7ohW9tm2FUswm6+SJwlxXJIE5bCA7Nr6n1LuWsBeGFQOQ/bwNMNyDfqcQXF1i4RiuQ E2E9BbBoxhSb1/CMVQ5eMzcZE0ESPepT9qy0JdgnW4EOViZzcf1Fvf1UhGlLbLBlwVxkmRGhhmd w968iyHpivVfyQl8LKPM62Mjzv X-Google-Smtp-Source: AGHT+IHoWEWE+TtZTJ0cy9Yvs69crqSSGNNoyhtuucNgNwoVZ+CPMCOl3bO3i+HB82uICz8hXQ35rw== X-Received: by 2002:a17:903:287:b0:24b:4a9a:703a with SMTP id d9443c01a7336-290c9cbc0d7mr194895135ad.17.1761028551122; Mon, 20 Oct 2025 23:35:51 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([147.161.216.252]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-292471da2f9sm99609595ad.62.2025.10.20.23.35.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 20 Oct 2025 23:35:50 -0700 (PDT) From: Ankur Tyagi To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi Subject: [oe][meta-networking][scarthgap][PATCH 4/5] libiec61850: patch CVE-2024-45970 Date: Tue, 21 Oct 2025 19:34:06 +1300 Message-ID: <20251021063407.232340-5-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251021063407.232340-1-ankur.tyagi85@gmail.com> References: <20251021063407.232340-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 21 Oct 2025 06:35:52 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/120830 Details https://nvd.nist.gov/vuln/detail/CVE-2024-45970 Signed-off-by: Ankur Tyagi --- .../libiec61850/files/CVE-2024-45970.patch | 74 +++++++++++++++++++ .../libiec61850/libiec61850_1.5.3.bb | 1 + 2 files changed, 75 insertions(+) create mode 100644 meta-networking/recipes-connectivity/libiec61850/files/CVE-2024-45970.patch diff --git a/meta-networking/recipes-connectivity/libiec61850/files/CVE-2024-45970.patch b/meta-networking/recipes-connectivity/libiec61850/files/CVE-2024-45970.patch new file mode 100644 index 0000000000..d0f10287ba --- /dev/null +++ b/meta-networking/recipes-connectivity/libiec61850/files/CVE-2024-45970.patch @@ -0,0 +1,74 @@ +From d5bd7cbf26b0254ce068ba7d940c26adbf9ce8e8 Mon Sep 17 00:00:00 2001 +From: Michael Zillgith +Date: Tue, 23 Jul 2024 18:50:15 +0100 +Subject: [PATCH] CVE-2024-45970 + +fixed potential buffer overflows in MMS client file service handling (LIB61850-449) + +CVE: CVE-2024-45970 +Upstream-Status: Backport [https://github.com/mz-automation/libiec61850/commit/ac925fae8e281ac6defcd630e9dd756264e9c5bc] + +(cherry picked from commit ac925fae8e281ac6defcd630e9dd756264e9c5bc) +Signed-off-by: Ankur Tyagi +--- + src/mms/iso_mms/client/mms_client_files.c | 23 +++++++++++++++++++---- + 1 file changed, 19 insertions(+), 4 deletions(-) + +diff --git a/src/mms/iso_mms/client/mms_client_files.c b/src/mms/iso_mms/client/mms_client_files.c +index 4fca418e..935ba1a4 100644 +--- a/src/mms/iso_mms/client/mms_client_files.c ++++ b/src/mms/iso_mms/client/mms_client_files.c +@@ -487,8 +487,13 @@ parseFileAttributes(uint8_t* buffer, int bufPos, int maxBufPos, uint32_t* fileSi + break; + case 0x81: /* lastModified */ + { +- if (lastModified != NULL) { ++ if (lastModified != NULL) ++ { + char gtString[40]; ++ ++ if (length > sizeof(gtString) - 1) ++ return false; /* lastModified string too long */ ++ + memcpy(gtString, buffer + bufPos, length); + gtString[length] = 0; + *lastModified = Conversions_generalizedTimeToMsTime(gtString); +@@ -515,12 +520,14 @@ parseDirectoryEntry(uint8_t* buffer, int bufPos, int maxBufPos, uint32_t invokeI + uint32_t fileSize = 0; + uint64_t lastModified = 0; + +- while (bufPos < maxBufPos) { ++ while (bufPos < maxBufPos) ++ { + uint8_t tag = buffer[bufPos++]; + int length; + + bufPos = BerDecoder_decodeLength(buffer, &length, bufPos, maxBufPos); +- if (bufPos < 0) { ++ if (bufPos < 0) ++ { + if (DEBUG_MMS_CLIENT) + printf("MMS_CLIENT: invalid length field\n"); + return false; +@@ -534,12 +541,20 @@ parseDirectoryEntry(uint8_t* buffer, int bufPos, int maxBufPos, uint32_t invokeI + tag = buffer[bufPos++]; + + bufPos = BerDecoder_decodeLength(buffer, &length, bufPos, maxBufPos); +- if (bufPos < 0) { ++ if (bufPos < 0) ++ { + if (DEBUG_MMS_CLIENT) + printf("MMS_CLIENT: invalid length field\n"); + return false; + } + ++ if (length > (sizeof(fileNameMemory) - 1)) ++ { ++ if (DEBUG_MMS_CLIENT) ++ printf("MMS_CLIENT: filename too long\n"); ++ return false; ++ } ++ + memcpy(filename, buffer + bufPos, length); + filename[length] = 0; + diff --git a/meta-networking/recipes-connectivity/libiec61850/libiec61850_1.5.3.bb b/meta-networking/recipes-connectivity/libiec61850/libiec61850_1.5.3.bb index ec10f0990e..70d3b6d2c9 100644 --- a/meta-networking/recipes-connectivity/libiec61850/libiec61850_1.5.3.bb +++ b/meta-networking/recipes-connectivity/libiec61850/libiec61850_1.5.3.bb @@ -19,6 +19,7 @@ SRC_URI = "git://github.com/mz-automation/${BPN}.git;branch=v1.5;protocol=https file://0001-pyiec61850-don-t-break-CMAKE_INSTALL_PATH-by-trying-.patch \ file://0001-pyiec61850-Use-CMAKE_INSTALL_LIBDIR-from-GNUInstallD.patch \ file://CVE-2024-26529.patch \ + file://CVE-2024-45970.patch \ " S = "${WORKDIR}/git" From patchwork Tue Oct 21 06:34:07 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 72753 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5FA83CCD1A7 for ; Tue, 21 Oct 2025 06:36:02 +0000 (UTC) Received: from mail-pg1-f175.google.com (mail-pg1-f175.google.com [209.85.215.175]) by mx.groups.io with SMTP id smtpd.web10.5173.1761028555992958593 for ; Mon, 20 Oct 2025 23:35:56 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=OO5OYan/; spf=pass (domain: gmail.com, ip: 209.85.215.175, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pg1-f175.google.com with SMTP id 41be03b00d2f7-b6329b6e3b0so4354220a12.1 for ; Mon, 20 Oct 2025 23:35:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1761028555; x=1761633355; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=He5wMSMJ1/9cythpUvdHABlHJwlFG/tQP8VSXCaVTr0=; b=OO5OYan/6pi8XZsetZ55JTBxQLZ9kSrxk9O5rvTaSBWvT0Wm09tPh14Hhi/e4mjkcY j2zv+UrcttZRWExIybGSYaIidtJooNx53kO2m4Lr7uEbw3uw0E6QvbLh5L54snUUYSNi 2GOMW32lT6c0j36DktMznkq1pG7/RBIqJDAHXDYbmHs8adFhsOGWZzbLwonCGDD3iK3L V4A4c8LXhGjyM73FZDkrOZ94L94OwF/vcbOzHyrGA2LulXIQfx7udUnH+EBcRpIwW8w/ meiN3Z8IdsN54ZGATR+yLAiKp7dtfy04R7vJO/T5HqZSrKOyjYyWvfhgL9q4kazRv13q lSBA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1761028555; x=1761633355; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=He5wMSMJ1/9cythpUvdHABlHJwlFG/tQP8VSXCaVTr0=; b=SML0hZSXtvnwF4bpWseVD7tOTugchjUAPrdD1qVYoVhvJEVByn5Y4GfIs5lEkxuJ0o qcla+HXymZbgh41Kx327m1yauDbz0VzZlHu5yU+MhD24YkWe4vHcMJJEK5f17RhbSMdx t/JceaeTlZZzV9tRXZ9KnsZLS64LO70ecpWJaXQwOyIQowGtRAQ4iT5g+8bXcM1WFMkd 6oGwnksWnR39xGu/oK/+Sge1/XRWzXCuSHOTpmqcKvZPo5exjZFHJYMfqBIksMmH2By+ LZJznuwWFV4I255UmwSvfGgtczhtArlrcc6SzIMaLuHH72LoO8RVhRqXFg1BYb4EsTXr 9U9g== X-Gm-Message-State: AOJu0YwOb5oblEKQIFSwiAS7+JyWYebCXTtBzk/X6cQt8r1KNkVtVxJ6 YFiLutpQK814RTdt7n10ifCSLqnPjGq6srhyuj00MRPl4a/3Cw7jncIdNDli9Q== X-Gm-Gg: ASbGncvn5ftCJnN+iItIJdjigaytsrx6x+NS6BXiZ4v5FPA0QBPycs3YWatOvBPoJRG RovP1uD/+QEI/Sm++7/tMiWyzJSmiTbtWP5Zi2vgpdeX2u953TrjCG9Ccn3njkqvs8FXIja1fYB xP4wO+/1tgRkm7QsBKYIx9anYFoARYE2Vpqw10jWFSXpm+TacuuytTpYUu2Z4R6sTTSiIJ0VOUw nLi8fOjkZV/6HW/Mom03FQTzLsQUAis2buHS8MJv9zx+/iREbRbaJjNRHzdz8P42l6we/O4eTED ootjLdUKaAFVzJ272rlVEOcO0zz3r9VmUX8ll8aoRzuQfadnZs6+FoLQG1QjqKKL4QbLMtGXbyn yicdbjB/BDbqjrvWLvu5Y8SPKUNql+aipyLgr7X6XoHjisZ0eMp4zQ8EOWnJc5O7VWvBSFeK10k Rl2uFcNxC4AZzoBw== X-Google-Smtp-Source: AGHT+IEKcgdVV60HZyZWJV2qYXW72hBITmlWDnl2EfUuJH0BlVkWYfOvFNX/efwb0a4gInEOr6Xqiw== X-Received: by 2002:a17:902:ea03:b0:27e:d66e:8729 with SMTP id d9443c01a7336-290c63145f2mr221233865ad.0.1761028555001; Mon, 20 Oct 2025 23:35:55 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([147.161.216.252]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-292471da2f9sm99609595ad.62.2025.10.20.23.35.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 20 Oct 2025 23:35:54 -0700 (PDT) From: Ankur Tyagi To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi Subject: [oe][meta-networking][scarthgap][PATCH 5/5] libiec61850: patch CVE-2024-45971 Date: Tue, 21 Oct 2025 19:34:07 +1300 Message-ID: <20251021063407.232340-6-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251021063407.232340-1-ankur.tyagi85@gmail.com> References: <20251021063407.232340-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 21 Oct 2025 06:36:02 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/120831 Details https://nvd.nist.gov/vuln/detail/CVE-2024-45971 Signed-off-by: Ankur Tyagi --- .../libiec61850/files/CVE-2024-45971.patch | 218 ++++++++++++++++++ .../libiec61850/libiec61850_1.5.3.bb | 1 + 2 files changed, 219 insertions(+) create mode 100644 meta-networking/recipes-connectivity/libiec61850/files/CVE-2024-45971.patch diff --git a/meta-networking/recipes-connectivity/libiec61850/files/CVE-2024-45971.patch b/meta-networking/recipes-connectivity/libiec61850/files/CVE-2024-45971.patch new file mode 100644 index 0000000000..bc71261f3c --- /dev/null +++ b/meta-networking/recipes-connectivity/libiec61850/files/CVE-2024-45971.patch @@ -0,0 +1,218 @@ +From b9bebc0d74998195422d104e4d430e2511d6c40f Mon Sep 17 00:00:00 2001 +From: Michael Zillgith +Date: Mon, 22 Jul 2024 16:34:03 +0100 +Subject: [PATCH] CVE-2024-45971 + +LIB61850-447: replaced unsafe function StringUtils_createStringFromBufferInBuffer with function with length check to not exceed target buffer + +CVE: CVE-2024-45971 +Upstream-Status: Backport [https://github.com/mz-automation/libiec61850/commit/1f52be9ddeae00e69cd43e4cac3cb4f0c880c4f0] + +(cherry picked from commit 1f52be9ddeae00e69cd43e4cac3cb4f0c880c4f0) +Signed-off-by: Ankur Tyagi +--- + src/common/inc/string_utilities.h | 3 ++ + src/common/string_utilities.c | 12 +++++ + src/iec61850/server/mms_mapping/mms_mapping.c | 6 ++- + src/mms/iso_mms/client/mms_client_identify.c | 6 +-- + .../server/mms_named_variable_list_service.c | 52 +++++++++---------- + 5 files changed, 48 insertions(+), 31 deletions(-) + +diff --git a/src/common/inc/string_utilities.h b/src/common/inc/string_utilities.h +index b6b238ff..9a5d868a 100644 +--- a/src/common/inc/string_utilities.h ++++ b/src/common/inc/string_utilities.h +@@ -63,6 +63,9 @@ StringUtils_createStringFromBuffer(const uint8_t* buf, int size); + LIB61850_INTERNAL char* + StringUtils_createStringFromBufferInBuffer(char* newString, const uint8_t* buf, int size); + ++LIB61850_INTERNAL char* ++StringUtils_createStringFromBufferInBufferMax(char* newString, const uint8_t* buf, int size, int maxBufSize); ++ + LIB61850_INTERNAL void + StringUtils_replace(char* string, char oldChar, char newChar); + +diff --git a/src/common/string_utilities.c b/src/common/string_utilities.c +index 37e62ad7..378acbde 100644 +--- a/src/common/string_utilities.c ++++ b/src/common/string_utilities.c +@@ -85,6 +85,18 @@ StringUtils_createStringFromBufferInBuffer(char* newString, const uint8_t* buf, + return newString; + } + ++char* ++StringUtils_createStringFromBufferInBufferMax(char* newString, const uint8_t* buf, int size, int maxBufSize) ++{ ++ if (size >= maxBufSize) ++ size = maxBufSize - 1; ++ ++ memcpy(newString, buf, size); ++ newString[size] = 0; ++ ++ return newString; ++} ++ + char* + StringUtils_createStringInBuffer(char* newStr, int bufSize, int count, ...) + { +diff --git a/src/iec61850/server/mms_mapping/mms_mapping.c b/src/iec61850/server/mms_mapping/mms_mapping.c +index 707e8b57..4a700a27 100644 +--- a/src/iec61850/server/mms_mapping/mms_mapping.c ++++ b/src/iec61850/server/mms_mapping/mms_mapping.c +@@ -3268,7 +3268,9 @@ mmsReadAccessHandler (void* parameter, MmsDomain* domain, char* variableId, MmsS + } + else + { +- StringUtils_createStringFromBufferInBuffer(str, (uint8_t*) variableId, separator - variableId); ++ char str[65]; ++ ++ StringUtils_createStringFromBufferInBufferMax(str, (uint8_t*) variableId, separator - variableId, sizeof(str)); + + LogicalNode* ln = LogicalDevice_getLogicalNode(ld, str); + +@@ -3286,7 +3288,7 @@ mmsReadAccessHandler (void* parameter, MmsDomain* domain, char* variableId, MmsS + else { + doEnd--; + +- StringUtils_createStringFromBufferInBuffer(str, (uint8_t*) (doStart + 1), doEnd - doStart); ++ StringUtils_createStringFromBufferInBufferMax(str, (uint8_t*) (doStart + 1), doEnd - doStart, sizeof(str)); + } + + if (fc == IEC61850_FC_SP) { +diff --git a/src/mms/iso_mms/client/mms_client_identify.c b/src/mms/iso_mms/client/mms_client_identify.c +index 831b439d..c679a423 100644 +--- a/src/mms/iso_mms/client/mms_client_identify.c ++++ b/src/mms/iso_mms/client/mms_client_identify.c +@@ -84,15 +84,15 @@ mmsClient_parseIdentifyResponse(MmsConnection self, ByteBuffer* response, uint32 + + switch (tag) { + case 0x80: /* vendorName */ +- vendorName = StringUtils_createStringFromBufferInBuffer(vendorNameBuf, buffer + bufPos, length); ++ vendorName = StringUtils_createStringFromBufferInBufferMax(vendorNameBuf, buffer + bufPos, length, sizeof(vendorNameBuf)); + bufPos += length; + break; + case 0x81: /* modelName */ +- modelName = StringUtils_createStringFromBufferInBuffer(modelNameBuf, buffer + bufPos, length); ++ modelName = StringUtils_createStringFromBufferInBufferMax(modelNameBuf, buffer + bufPos, length, sizeof(modelNameBuf)); + bufPos += length; + break; + case 0x82: /* revision */ +- revision = StringUtils_createStringFromBufferInBuffer(revisionBuf, buffer + bufPos, length); ++ revision = StringUtils_createStringFromBufferInBufferMax(revisionBuf, buffer + bufPos, length, sizeof (revisionBuf)); + bufPos += length; + break; + case 0x83: /* list of abstract syntaxes */ +diff --git a/src/mms/iso_mms/server/mms_named_variable_list_service.c b/src/mms/iso_mms/server/mms_named_variable_list_service.c +index 3365f771..757d0ed3 100644 +--- a/src/mms/iso_mms/server/mms_named_variable_list_service.c ++++ b/src/mms/iso_mms/server/mms_named_variable_list_service.c +@@ -401,13 +401,13 @@ createNamedVariableList(MmsServer server, MmsDomain* domain, MmsDevice* device, + char variableName[65]; + char domainId[65]; + +- StringUtils_createStringFromBufferInBuffer(variableName, +- varSpec->choice.name.choice.domainspecific.itemId.buf, +- varSpec->choice.name.choice.domainspecific.itemId.size); ++ StringUtils_createStringFromBufferInBufferMax(variableName, ++ varSpec->choice.name.choice.domainspecific.itemId.buf, ++ varSpec->choice.name.choice.domainspecific.itemId.size, sizeof(variableName)); + +- StringUtils_createStringFromBufferInBuffer(domainId, +- varSpec->choice.name.choice.domainspecific.domainId.buf, +- varSpec->choice.name.choice.domainspecific.domainId.size); ++ StringUtils_createStringFromBufferInBufferMax(domainId, ++ varSpec->choice.name.choice.domainspecific.domainId.buf, ++ varSpec->choice.name.choice.domainspecific.domainId.size, sizeof(domainId)); + + MmsDomain* elementDomain = MmsDevice_getDomain(device, domainId); + +@@ -494,9 +494,9 @@ mmsServer_handleDefineNamedVariableListRequest( + goto exit_free_struct; + } + +- StringUtils_createStringFromBufferInBuffer(domainName, +- request->variableListName.choice.domainspecific.domainId.buf, +- request->variableListName.choice.domainspecific.domainId.size); ++ StringUtils_createStringFromBufferInBufferMax(domainName, ++ request->variableListName.choice.domainspecific.domainId.buf, ++ request->variableListName.choice.domainspecific.domainId.size, sizeof(domainName)); + + MmsDomain* domain = MmsDevice_getDomain(device, domainName); + +@@ -517,9 +517,9 @@ mmsServer_handleDefineNamedVariableListRequest( + goto exit_free_struct; + } + +- StringUtils_createStringFromBufferInBuffer(variableListName, +- request->variableListName.choice.domainspecific.itemId.buf, +- request->variableListName.choice.domainspecific.itemId.size); ++ StringUtils_createStringFromBufferInBufferMax(variableListName, ++ request->variableListName.choice.domainspecific.itemId.buf, ++ request->variableListName.choice.domainspecific.itemId.size, sizeof(variableListName)); + + if (MmsDomain_getNamedVariableList(domain, variableListName) != NULL) { + mmsMsg_createServiceErrorPdu(invokeId, response, MMS_ERROR_DEFINITION_OBJECT_EXISTS); +@@ -567,9 +567,9 @@ mmsServer_handleDefineNamedVariableListRequest( + goto exit_free_struct; + } + +- StringUtils_createStringFromBufferInBuffer(variableListName, +- request->variableListName.choice.aaspecific.buf, +- request->variableListName.choice.aaspecific.size); ++ StringUtils_createStringFromBufferInBufferMax(variableListName, ++ request->variableListName.choice.aaspecific.buf, ++ request->variableListName.choice.aaspecific.size, sizeof(variableListName)); + + if (MmsServerConnection_getNamedVariableList(connection, variableListName) != NULL) { + mmsMsg_createServiceErrorPdu(invokeId, response, MMS_ERROR_DEFINITION_OBJECT_EXISTS); +@@ -611,9 +611,9 @@ mmsServer_handleDefineNamedVariableListRequest( + goto exit_free_struct; + } + +- StringUtils_createStringFromBufferInBuffer(variableListName, +- request->variableListName.choice.vmdspecific.buf, +- request->variableListName.choice.vmdspecific.size); ++ StringUtils_createStringFromBufferInBufferMax(variableListName, ++ request->variableListName.choice.vmdspecific.buf, ++ request->variableListName.choice.vmdspecific.size, sizeof(variableListName)); + + if (mmsServer_getNamedVariableListWithName(MmsDevice_getNamedVariableLists(connection->server->device), variableListName) != NULL) { + mmsMsg_createServiceErrorPdu(invokeId, response, MMS_ERROR_DEFINITION_OBJECT_EXISTS); +@@ -757,11 +757,11 @@ mmsServer_handleGetNamedVariableListAttributesRequest( + goto exit_function; + } + +- StringUtils_createStringFromBufferInBuffer(domainName, request->choice.domainspecific.domainId.buf, +- request->choice.domainspecific.domainId.size); ++ StringUtils_createStringFromBufferInBufferMax(domainName, request->choice.domainspecific.domainId.buf, ++ request->choice.domainspecific.domainId.size, sizeof(domainName)); + +- StringUtils_createStringFromBufferInBuffer(itemName, request->choice.domainspecific.itemId.buf, +- request->choice.domainspecific.itemId.size); ++ StringUtils_createStringFromBufferInBufferMax(itemName, request->choice.domainspecific.itemId.buf, ++ request->choice.domainspecific.itemId.size, sizeof(itemName)); + + MmsDevice* mmsDevice = MmsServer_getDevice(connection->server); + +@@ -798,8 +798,8 @@ mmsServer_handleGetNamedVariableListAttributesRequest( + goto exit_function; + } + +- StringUtils_createStringFromBufferInBuffer(listName, request->choice.aaspecific.buf, +- request->choice.aaspecific.size); ++ StringUtils_createStringFromBufferInBufferMax(listName, request->choice.aaspecific.buf, ++ request->choice.aaspecific.size, sizeof(listName)); + + MmsNamedVariableList varList = MmsServerConnection_getNamedVariableList(connection, listName); + +@@ -817,8 +817,8 @@ mmsServer_handleGetNamedVariableListAttributesRequest( + goto exit_function; + } + +- StringUtils_createStringFromBufferInBuffer(listName, request->choice.vmdspecific.buf, +- request->choice.vmdspecific.size); ++ StringUtils_createStringFromBufferInBufferMax(listName, request->choice.vmdspecific.buf, ++ request->choice.vmdspecific.size, sizeof(listName)); + + MmsDevice* mmsDevice = MmsServer_getDevice(connection->server); + diff --git a/meta-networking/recipes-connectivity/libiec61850/libiec61850_1.5.3.bb b/meta-networking/recipes-connectivity/libiec61850/libiec61850_1.5.3.bb index 70d3b6d2c9..462a7092c8 100644 --- a/meta-networking/recipes-connectivity/libiec61850/libiec61850_1.5.3.bb +++ b/meta-networking/recipes-connectivity/libiec61850/libiec61850_1.5.3.bb @@ -20,6 +20,7 @@ SRC_URI = "git://github.com/mz-automation/${BPN}.git;branch=v1.5;protocol=https file://0001-pyiec61850-Use-CMAKE_INSTALL_LIBDIR-from-GNUInstallD.patch \ file://CVE-2024-26529.patch \ file://CVE-2024-45970.patch \ + file://CVE-2024-45971.patch \ " S = "${WORKDIR}/git"