diff options
Diffstat (limited to 'meta-networking/recipes-devtools/libcoap')
3 files changed, 115 insertions, 0 deletions
diff --git a/meta-networking/recipes-devtools/libcoap/libcoap/CVE-2024-0962.patch b/meta-networking/recipes-devtools/libcoap/libcoap/CVE-2024-0962.patch new file mode 100644 index 0000000000..add52483b7 --- /dev/null +++ b/meta-networking/recipes-devtools/libcoap/libcoap/CVE-2024-0962.patch @@ -0,0 +1,45 @@ +From bf6a303883bde40cf96b960c8574cddd89e71701 Mon Sep 17 00:00:00 2001 +From: Jon Shallow <supjps-libcoap@jpshallow.com> +Date: Thu, 25 Jan 2024 18:03:17 +0000 +Subject: [PATCH] coap_oscore.c: Fix parsing OSCORE configuration information + +A vulnerability was found in obgm libcoap 4.3.4. It has been rated as critical. +Affected by this issue is the function get_split_entry of the file src/coap_oscore.c of the component Configuration File Handler. +The manipulation leads to stack-based buffer overflow. + +CVE: CVE-2024-0962 + +Upstream-Status: Backport [https://github.com/obgm/libcoap/pull/1311] + +Signed-off-by: alperak <alperyasinak1@gmail.com> +--- + src/coap_oscore.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/src/coap_oscore.c b/src/coap_oscore.c +index 83f785c92..e0fb22947 100644 +--- a/src/coap_oscore.c ++++ b/src/coap_oscore.c +@@ -1678,11 +1678,12 @@ get_split_entry(const char **start, + oscore_value_t *value) { + const char *begin = *start; + const char *end; ++ const char *kend; + const char *split; + size_t i; + + retry: +- end = memchr(begin, '\n', size); ++ kend = end = memchr(begin, '\n', size); + if (end == NULL) + return 0; + +@@ -1693,7 +1694,7 @@ get_split_entry(const char **start, + + if (begin[0] == '#' || (end - begin) == 0) { + /* Skip comment / blank line */ +- size -= end - begin + 1; ++ size -= kend - begin + 1; + begin = *start; + goto retry; + } diff --git a/meta-networking/recipes-devtools/libcoap/libcoap/run-ptest b/meta-networking/recipes-devtools/libcoap/libcoap/run-ptest new file mode 100644 index 0000000000..b56ffe68f3 --- /dev/null +++ b/meta-networking/recipes-devtools/libcoap/libcoap/run-ptest @@ -0,0 +1,7 @@ +#!/bin/sh + +if /usr/lib/libcoap/ptest/testdriver; then + echo "PASS: libcoap" +else + echo "FAIL: libcoap" +fi diff --git a/meta-networking/recipes-devtools/libcoap/libcoap_4.3.4.bb b/meta-networking/recipes-devtools/libcoap/libcoap_4.3.4.bb new file mode 100644 index 0000000000..98f0f02fb8 --- /dev/null +++ b/meta-networking/recipes-devtools/libcoap/libcoap_4.3.4.bb @@ -0,0 +1,63 @@ +SUMMARY = "A C implementation of the Constrained Application Protocol" +DESCRIPTION = "libcoap implements a lightweight application-protocol for \ +devices that are constrained their resources such as computing power, \ +RF range, memory, bandwith, or network packet sizes." +HOMEPAGE ="https://libcoap.net/" + +LICENSE = "BSD-2-Clause & BSD-3-Clause" +LIC_FILES_CHKSUM = "file://LICENSE;md5=1978dbc41673ab1c20e64b287c8317bc" + +SRC_URI = "git://github.com/obgm/libcoap.git;branch=main;protocol=https \ + file://run-ptest \ + file://CVE-2024-0962.patch \ + " +SRCREV = "5fd2f89ef068214130e5d60b7087ef48711fa615" + +S = "${WORKDIR}/git" + +inherit autotools manpages pkgconfig ptest + +DEPENDS += "ctags-native" + +PACKAGECONFIG ?= "\ + async openssl tcp \ + ${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)} \ +" +PACKAGECONFIG[async] = "--enable-async,--disable-async" +PACKAGECONFIG[gnutls] = "--with-gnutls,--without-gnutls,gnutls,,,openssl mbedtls" +PACKAGECONFIG[manpages] = "--enable-documentation --enable-doxygen --enable-manpages,--disable-documentation,asciidoc-native doxygen-native graphviz-native" +PACKAGECONFIG[mbedtls] = "--with-mbedtls,--without-mbedtls,mbedtls,,,gnutls openssl" +PACKAGECONFIG[openssl] = "--with-openssl,--without-openssl,openssl,,,gnutls mbedtls" +PACKAGECONFIG[small-stack] = "--enable-small-stack,--disable-small-stack" +PACKAGECONFIG[tcp] = "--enable-tcp,--disable-tcp" +PACKAGECONFIG[tests] = "--enable-tests,--disable-tests,cunit" + +EXTRA_OECONF = "\ + --with-epoll --enable-add-default-names \ + --without-tinydtls --without-submodule-tinydtls \ + ${@bb.utils.contains_any('PACKAGECONFIG', 'gnutls openssl mbedtls', '--enable-dtls', '--disable-dtls', d)} \ +" + +python () { + if d.getVar('PTEST_ENABLED') == "1": + d.setVar('DISABLE_STATIC', '') +} + +export SGML_CATALOG_FILES="file://${STAGING_ETCDIR_NATIVE}/xml/catalog" + +do_compile:prepend() { + oe_runmake update-map-file +} + +do_install_ptest () { + install -d ${D}${PTEST_PATH} + install -m 0755 ${WORKDIR}/run-ptest ${D}${PTEST_PATH}/run-ptest + install -m 0755 ${B}/tests/testdriver ${D}${PTEST_PATH}/testdriver +} + +PACKAGE_BEFORE_PN += "\ + ${PN}-bin \ +" + +FILES:${PN}-bin = "${bindir}" +FILES:${PN}-dev += "${datadir}/${BPN}/examples" |