Re: [Buildroot] [PATCH] package/tinyproxy: add patch for CVE-2025-63938

From: Thomas Perale via buildroot <buildroot@buildroot.org>
To: Thomas Perale <thomas.perale@mind.be>
Cc: buildroot@buildroot.org
Subject: Re: [Buildroot] [PATCH] package/tinyproxy: add patch for CVE-2025-63938
Date: Fri,  6 Mar 2026 20:53:01 +0100	[thread overview]
Message-ID: <20260306195301.7290-1-thomas.perale@mind.be> (raw)
In-Reply-To: <20260224205227.263450-1-thomas.perale@mind.be>

In reply of:
> Fixes the following vulnerability:
> 
> - CVE-2025-63938:
>     Tinyproxy through 1.11.2 contains an integer overflow vulnerability in
>     the strip_return_port() function within src/reqs.c.
> 
> For more information, see:
>   - https://www.cve.org/CVERecord?id=CVE-2025-63938
>   - https://github.com/tinyproxy/tinyproxy/commit/3c0fde94981b025271ffa1788ae425257841bf5a
> 
> Signed-off-by: Thomas Perale <thomas.perale@mind.be>

Applied to 2025.02.x & 2025.11.x. Thanks

> ---
>  ...r-overflow-in-port-number-processing.patch | 41 +++++++++++++++++++
>  package/tinyproxy/tinyproxy.mk                |  3 ++
>  2 files changed, 44 insertions(+)
>  create mode 100644 package/tinyproxy/0001-reqs-fix-integer-overflow-in-port-number-processing.patch
> 
> diff --git a/package/tinyproxy/0001-reqs-fix-integer-overflow-in-port-number-processing.patch b/package/tinyproxy/0001-reqs-fix-integer-overflow-in-port-number-processing.patch
> new file mode 100644
> index 0000000000..3b14a58fb6
> --- /dev/null
> +++ b/package/tinyproxy/0001-reqs-fix-integer-overflow-in-port-number-processing.patch
> @@ -0,0 +1,41 @@
> +From 3c0fde94981b025271ffa1788ae425257841bf5a Mon Sep 17 00:00:00 2001
> +From: rofl0r <rofl0r@users.noreply.github.com>
> +Date: Fri, 17 Oct 2025 22:57:39 +0000
> +Subject: [PATCH] reqs: fix integer overflow in port number processing
> +
> +closes #586
> +
> +CVE: CVE-2025-63938
> +Upstream: https://github.com/tinyproxy/tinyproxy/commit/3c0fde94981b025271ffa1788ae425257841bf5a
> +Signed-off-by: Thomas Perale <thomas.perale@mind.be>
> +---
> + src/reqs.c | 9 ++++++---
> + 1 file changed, 6 insertions(+), 3 deletions(-)
> +
> +diff --git a/src/reqs.c b/src/reqs.c
> +index 52135a03..a562c68a 100644
> +--- a/src/reqs.c
> ++++ b/src/reqs.c
> +@@ -174,7 +174,7 @@ static int strip_return_port (char *host)
> + {
> +         char *ptr1;
> +         char *ptr2;
> +-        int port;
> ++        unsigned port;
> + 
> +         ptr1 = strrchr (host, ':');
> +         if (ptr1 == NULL)
> +@@ -186,8 +186,11 @@ static int strip_return_port (char *host)
> +                 return 0;
> + 
> +         *ptr1++ = '\0';
> +-        if (sscanf (ptr1, "%d", &port) != 1)    /* one conversion required */
> +-                return 0;
> ++
> ++        port = atoi(ptr1);
> ++        /* check that port string is in the valid range 1-0xffff) */
> ++        if(strlen(ptr1) > 5 || (port & 0xffff0000)) return 0;
> ++
> +         return port;
> + }
> + 
> diff --git a/package/tinyproxy/tinyproxy.mk b/package/tinyproxy/tinyproxy.mk
> index 6656a752a6..c5e975d8ab 100644
> --- a/package/tinyproxy/tinyproxy.mk
> +++ b/package/tinyproxy/tinyproxy.mk
> @@ -11,4 +11,7 @@ TINYPROXY_LICENSE = GPL-2.0+
>  TINYPROXY_LICENSE_FILES = COPYING
>  TINYPROXY_CPE_ID_VALID = YES
>  
> +# 0001-reqs-fix-integer-overflow-in-port-number-processing.patch
> +TINYPROXY_IGNORE_CVES += CVE-2025-63938
> +
>  $(eval $(autotools-package))
> -- 
> 2.53.0
> 
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot