[Buildroot] [PATCH 1/2] package/libcoap: fix CVE-2023-30362
Daniel Lang
dalang at gmx.at
Wed Sep 6 19:44:17 UTC 2023
Signed-off-by: Daniel Lang <dalang at gmx.at>
---
...0001-Backport-fix-for-CVE-2023-30362.patch | 59 +++++++++++++++++++
package/libcoap/libcoap.mk | 2 +
2 files changed, 61 insertions(+)
create mode 100644 package/libcoap/0001-Backport-fix-for-CVE-2023-30362.patch
diff --git a/package/libcoap/0001-Backport-fix-for-CVE-2023-30362.patch b/package/libcoap/0001-Backport-fix-for-CVE-2023-30362.patch
new file mode 100644
index 0000000000..c4e53d19a7
--- /dev/null
+++ b/package/libcoap/0001-Backport-fix-for-CVE-2023-30362.patch
@@ -0,0 +1,59 @@
+From c63ecbdc6b38cc7e571a72964fe9ca63834dcc89 Mon Sep 17 00:00:00 2001
+From: Daniel Lang <ldaniell14260 at gmail.com>
+Date: Wed, 6 Sep 2023 21:38:13 +0200
+Subject: [PATCH] Backport fix for CVE-2023-30362
+
+Upstream: https://github.com/obgm/libcoap/issues/1063#issuecomment-1626962307
+Signed-off-by: Daniel Lang <dalang at gmx.at>
+---
+ src/net.c | 34 +++++++++++++++++++++-------------
+ 1 file changed, 21 insertions(+), 13 deletions(-)
+
+diff --git a/src/net.c b/src/net.c
+index 98859443..e259ab00 100644
+--- a/src/net.c
++++ b/src/net.c
+@@ -1305,19 +1305,27 @@ coap_send_internal(coap_session_t *session, coap_pdu_t *pdu) {
+
+ /* Need to check that we are not seeing this proxy in the return loop */
+ if (pdu->data && opt == NULL) {
+- if (pdu->used_size + 1 <= pdu->max_size) {
+- char *a_match;
+- size_t data_len = pdu->used_size - (pdu->data - pdu->token);
+- pdu->data[data_len] = '\000';
+- a_match = strstr((char*)pdu->data, cp);
+- if (a_match && (a_match == (char*)pdu->data || a_match[-1] == ' ') &&
+- ((size_t)(a_match - (char*)pdu->data + len) == data_len ||
+- a_match[len] == ' ')) {
+- coap_log(LOG_WARNING, "Proxy loop detected '%s'\n",
+- (char*)pdu->data);
+- coap_delete_pdu(pdu);
+- return (coap_mid_t)COAP_DROPPED_RESPONSE;
+- }
++ char *a_match;
++ size_t data_len;
++
++ if (pdu->used_size + 1 > pdu->max_size) {
++ /* No space */
++ return (coap_mid_t)COAP_DROPPED_RESPONSE;
++ }
++ if (!coap_pdu_resize(pdu, pdu->used_size + 1)) {
++ /* Internal error */
++ return (coap_mid_t)COAP_DROPPED_RESPONSE;
++ }
++ data_len = pdu->used_size - (pdu->data - pdu->token);
++ pdu->data[data_len] = '\000';
++ a_match = strstr((char*)pdu->data, cp);
++ if (a_match && (a_match == (char*)pdu->data || a_match[-1] == ' ') &&
++ ((size_t)(a_match - (char*)pdu->data + len) == data_len ||
++ a_match[len] == ' ')) {
++ coap_log(LOG_WARNING, "Proxy loop detected '%s'\n",
++ (char*)pdu->data);
++ coap_delete_pdu(pdu);
++ return (coap_mid_t)COAP_DROPPED_RESPONSE;
+ }
+ }
+ if (pdu->used_size + len + 1 <= pdu->max_size) {
+--
+2.42.0
+
diff --git a/package/libcoap/libcoap.mk b/package/libcoap/libcoap.mk
index 4b536d8117..3773ad293c 100644
--- a/package/libcoap/libcoap.mk
+++ b/package/libcoap/libcoap.mk
@@ -14,6 +14,8 @@ LIBCOAP_DEPENDENCIES = host-pkgconf
LIBCOAP_CONF_OPTS = \
--disable-examples --disable-examples-source --without-tinydtls
LIBCOAP_AUTORECONF = YES
+# 0001-Backport-fix-for-CVE-2023-30362.patch
+LIBCOAP_IGNORE_CVES += CVE-2023-30362
ifeq ($(BR2_PACKAGE_GNUTLS),y)
LIBCOAP_DEPENDENCIES += gnutls
--
2.42.0
More information about the buildroot
mailing list