1 files changed, 40 insertions, 0 deletions

diff --git a/meta-oe/recipes-extended/libyang/libyang/CVE-2023-26917.patch b/meta-oe/recipes-extended/libyang/libyang/CVE-2023-26917.patch
new file mode 100644
index 0000000000..d7ba2fb9a0
--- /dev/null
+++ b/meta-oe/recipes-extended/libyang/libyang/CVE-2023-26917.patch
@@ -0,0 +1,40 @@
+From cfa1a965a429e4bfc5ae1539a8e87a9cf71c3090 Mon Sep 17 00:00:00 2001
+From: Michal Vasko <mvasko@cesnet.cz>
+Date: Tue, 18 Jul 2023 10:41:21 +0000
+Subject: [PATCH] parser common BUGFIX handle missing YANG strings
+
+Fixes #1987
+
+CVE: CVE-2023-26917
+
+Upstream-Status:
+Backport[https://github.com/CESNET/libyang/commit/cfa1a965a429e4bfc5ae1539a8e87a9cf71c3090]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ src/parser_stmt.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/src/parser_stmt.c b/src/parser_stmt.c
+index 81ccbfca6..2ebf822ab 100644
+--- a/src/parser_stmt.c
++++ b/src/parser_stmt.c
+@@ -52,6 +52,16 @@ lysp_stmt_validate_value(struct lys_parser_ctx *ctx, enum yang_arg val_type, con
+     uint32_t c;
+     size_t utf8_char_len;
+
++    if (!val) {
++	    if (val_type == Y_MAYBE_STR_ARG) {
++		    /* fine */
++		    return LY_SUCCESS;
++	    }
++
++	    LOGVAL_PARSER(ctx, LYVE_SYNTAX, "Missing an expected string.");
++	    return LY_EVALID;
++    }
++
+     while (*val) {
+         LY_CHECK_ERR_RET(ly_getutf8(&val, &c, &utf8_char_len),
+                 LOGVAL_PARSER(ctx, LY_VCODE_INCHAR, (val)[-utf8_char_len]), LY_EVALID);
+--
+2.35.5