[Buildroot] [PATCH 1/1] package/libcoap: fix CVE-2024-0962

* [Buildroot] [PATCH 1/1] package/libcoap: fix CVE-2024-0962
@ 2024-03-01 20:22 Fabrice Fontaine
  2024-03-01 21:03 ` Peter Korsgaard
  2024-03-18 16:44 ` Peter Korsgaard
  0 siblings, 2 replies; 3+ messages in thread
From: Fabrice Fontaine @ 2024-03-01 20:22 UTC (permalink / raw)
  To: buildroot; +Cc: Fabrice Fontaine, Joris Lijssens

A vulnerability was found in obgm libcoap 4.3.4. It has been rated as
critical. Affected by this issue is the function get_split_entry of the
file src/coap_oscore.c of the component Configuration File Handler. The
manipulation leads to stack-based buffer overflow. The attack may be
launched remotely. The exploit has been disclosed to the public and may
be used. It is recommended to apply a patch to fix this issue.
VDB-252206 is the identifier assigned to this vulnerability.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 ...ing-OSCORE-configuration-information.patch | 38 +++++++++++++++++++
 package/libcoap/libcoap.mk                    |  3 ++
 2 files changed, 41 insertions(+)
 create mode 100644 package/libcoap/0001-coap_oscore-c-Fix-parsing-OSCORE-configuration-information.patch

diff --git a/package/libcoap/0001-coap_oscore-c-Fix-parsing-OSCORE-configuration-information.patch b/package/libcoap/0001-coap_oscore-c-Fix-parsing-OSCORE-configuration-information.patch
new file mode 100644
index 0000000000..e75250d613
--- /dev/null
+++ b/package/libcoap/0001-coap_oscore-c-Fix-parsing-OSCORE-configuration-information.patch
@@ -0,0 +1,38 @@
+From 2b28d8b0e9607e71a145345b4fe49517e052b7d9 Mon Sep 17 00:00:00 2001
+From: Jon Shallow <supjps-libcoap@jpshallow.com>
+Date: Thu, 25 Jan 2024 18:03:17 +0000
+Subject: [PATCH] coap_oscore.c: Fix parsing OSCORE configuration information
+
+Upstream: https://github.com/obgm/libcoap/commit/2b28d8b0e9607e71a145345b4fe49517e052b7d9
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+---
+ src/coap_oscore.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/src/coap_oscore.c b/src/coap_oscore.c
+index 83f785c92..e0fb22947 100644
+--- a/src/coap_oscore.c
++++ b/src/coap_oscore.c
+@@ -1678,11 +1678,12 @@ get_split_entry(const char **start,
+                 oscore_value_t *value) {
+   const char *begin = *start;
+   const char *end;
++  const char *kend;
+   const char *split;
+   size_t i;
+ 
+ retry:
+-  end = memchr(begin, '\n', size);
++  kend = end = memchr(begin, '\n', size);
+   if (end == NULL)
+     return 0;
+ 
+@@ -1693,7 +1694,7 @@ get_split_entry(const char **start,
+ 
+   if (begin[0] == '#' || (end - begin) == 0) {
+     /* Skip comment / blank line */
+-    size -= end - begin + 1;
++    size -= kend - begin + 1;
+     begin = *start;
+     goto retry;
+   }
diff --git a/package/libcoap/libcoap.mk b/package/libcoap/libcoap.mk
index 62f08a20e9..29161142f6 100644
--- a/package/libcoap/libcoap.mk
+++ b/package/libcoap/libcoap.mk
@@ -15,6 +15,9 @@ LIBCOAP_CONF_OPTS = \
 	--disable-examples --disable-examples-source --without-tinydtls
 LIBCOAP_AUTORECONF = YES
 
+# 0001-coap_oscore-c-Fix-parsing-OSCORE-configuration-information.patch
+LIBCOAP_IGNORE_CVES += CVE-2024-0962
+
 ifeq ($(BR2_PACKAGE_GNUTLS),y)
 LIBCOAP_DEPENDENCIES += gnutls
 LIBCOAP_CONF_OPTS += \
-- 
2.43.0

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 3+ messages in thread