[Buildroot] [PATCH] package/tinyproxy: add patch for CVE-2025-63938

* [Buildroot] [PATCH] package/tinyproxy: add patch for CVE-2025-63938
@ 2026-02-24 20:52 Thomas Perale via buildroot
  2026-02-26 20:14 ` Julien Olivain via buildroot
  2026-03-06 19:53 ` Thomas Perale via buildroot
  0 siblings, 2 replies; 3+ messages in thread
From: Thomas Perale via buildroot @ 2026-02-24 20:52 UTC (permalink / raw)
  To: buildroot

Fixes the following vulnerability:

- CVE-2025-63938:
    Tinyproxy through 1.11.2 contains an integer overflow vulnerability in
    the strip_return_port() function within src/reqs.c.

For more information, see:
  - https://www.cve.org/CVERecord?id=CVE-2025-63938
  - https://github.com/tinyproxy/tinyproxy/commit/3c0fde94981b025271ffa1788ae425257841bf5a

Signed-off-by: Thomas Perale <thomas.perale@mind.be>
---
 ...r-overflow-in-port-number-processing.patch | 41 +++++++++++++++++++
 package/tinyproxy/tinyproxy.mk                |  3 ++
 2 files changed, 44 insertions(+)
 create mode 100644 package/tinyproxy/0001-reqs-fix-integer-overflow-in-port-number-processing.patch

diff --git a/package/tinyproxy/0001-reqs-fix-integer-overflow-in-port-number-processing.patch b/package/tinyproxy/0001-reqs-fix-integer-overflow-in-port-number-processing.patch
new file mode 100644
index 0000000000..3b14a58fb6
--- /dev/null
+++ b/package/tinyproxy/0001-reqs-fix-integer-overflow-in-port-number-processing.patch
@@ -0,0 +1,41 @@
+From 3c0fde94981b025271ffa1788ae425257841bf5a Mon Sep 17 00:00:00 2001
+From: rofl0r <rofl0r@users.noreply.github.com>
+Date: Fri, 17 Oct 2025 22:57:39 +0000
+Subject: [PATCH] reqs: fix integer overflow in port number processing
+
+closes #586
+
+CVE: CVE-2025-63938
+Upstream: https://github.com/tinyproxy/tinyproxy/commit/3c0fde94981b025271ffa1788ae425257841bf5a
+Signed-off-by: Thomas Perale <thomas.perale@mind.be>
+---
+ src/reqs.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/src/reqs.c b/src/reqs.c
+index 52135a03..a562c68a 100644
+--- a/src/reqs.c
++++ b/src/reqs.c
+@@ -174,7 +174,7 @@ static int strip_return_port (char *host)
+ {
+         char *ptr1;
+         char *ptr2;
+-        int port;
++        unsigned port;
+ 
+         ptr1 = strrchr (host, ':');
+         if (ptr1 == NULL)
+@@ -186,8 +186,11 @@ static int strip_return_port (char *host)
+                 return 0;
+ 
+         *ptr1++ = '\0';
+-        if (sscanf (ptr1, "%d", &port) != 1)    /* one conversion required */
+-                return 0;
++
++        port = atoi(ptr1);
++        /* check that port string is in the valid range 1-0xffff) */
++        if(strlen(ptr1) > 5 || (port & 0xffff0000)) return 0;
++
+         return port;
+ }
+ 
diff --git a/package/tinyproxy/tinyproxy.mk b/package/tinyproxy/tinyproxy.mk
index 6656a752a6..c5e975d8ab 100644
--- a/package/tinyproxy/tinyproxy.mk
+++ b/package/tinyproxy/tinyproxy.mk
@@ -11,4 +11,7 @@ TINYPROXY_LICENSE = GPL-2.0+
 TINYPROXY_LICENSE_FILES = COPYING
 TINYPROXY_CPE_ID_VALID = YES
 
+# 0001-reqs-fix-integer-overflow-in-port-number-processing.patch
+TINYPROXY_IGNORE_CVES += CVE-2025-63938
+
 $(eval $(autotools-package))
-- 
2.53.0

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 3+ messages in thread