diff options
Diffstat (limited to 'meta-oe/recipes-extended/libyang/libyang/CVE-2023-26917.patch')
-rw-r--r-- | meta-oe/recipes-extended/libyang/libyang/CVE-2023-26917.patch | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/meta-oe/recipes-extended/libyang/libyang/CVE-2023-26917.patch b/meta-oe/recipes-extended/libyang/libyang/CVE-2023-26917.patch new file mode 100644 index 0000000000..d7ba2fb9a0 --- /dev/null +++ b/meta-oe/recipes-extended/libyang/libyang/CVE-2023-26917.patch @@ -0,0 +1,40 @@ +From cfa1a965a429e4bfc5ae1539a8e87a9cf71c3090 Mon Sep 17 00:00:00 2001 +From: Michal Vasko <mvasko@cesnet.cz> +Date: Tue, 18 Jul 2023 10:41:21 +0000 +Subject: [PATCH] parser common BUGFIX handle missing YANG strings + +Fixes #1987 + +CVE: CVE-2023-26917 + +Upstream-Status: +Backport[https://github.com/CESNET/libyang/commit/cfa1a965a429e4bfc5ae1539a8e87a9cf71c3090] + +Signed-off-by: Yogita Urade <yogita.urade@windriver.com> +--- + src/parser_stmt.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/src/parser_stmt.c b/src/parser_stmt.c +index 81ccbfca6..2ebf822ab 100644 +--- a/src/parser_stmt.c ++++ b/src/parser_stmt.c +@@ -52,6 +52,16 @@ lysp_stmt_validate_value(struct lys_parser_ctx *ctx, enum yang_arg val_type, con + uint32_t c; + size_t utf8_char_len; + ++ if (!val) { ++ if (val_type == Y_MAYBE_STR_ARG) { ++ /* fine */ ++ return LY_SUCCESS; ++ } ++ ++ LOGVAL_PARSER(ctx, LYVE_SYNTAX, "Missing an expected string."); ++ return LY_EVALID; ++ } ++ + while (*val) { + LY_CHECK_ERR_RET(ly_getutf8(&val, &c, &utf8_char_len), + LOGVAL_PARSER(ctx, LY_VCODE_INCHAR, (val)[-utf8_char_len]), LY_EVALID); +-- +2.35.5 |