2 files changed, 38 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/iniparser/iniparser/CVE-2025-0633.patch b/meta-oe/recipes-support/iniparser/iniparser/CVE-2025-0633.patch
new file mode 100644
index 0000000000..a9d2a19b2c
--- /dev/null
+++ b/meta-oe/recipes-support/iniparser/iniparser/CVE-2025-0633.patch
@@ -0,0 +1,37 @@
+From 072a39a772a38c475e35a1be311304ca99e9de7f Mon Sep 17 00:00:00 2001
+From: Lars Möllendorf <lars@moellendorf.eu>
+Date: Sun, 26 Jan 2025 08:48:23 +0100
+Subject: [PATCH] Fix heap overflow in `iniparser_dumpsection_ini()`
+...reported in #177
+As suggested by the issue reporter this is fixed by returning from
+`iniparser_dumpsection_ini()` in case the length of the passed section name
+of dictionary to dump was bigger than the size of the internal buffer used
+to copy this string to.
+Changelog: changed
+CVE: CVE-2025-0633
+Upstream-Status: Backport [https://gitlab.com/iniparser/iniparser/-/commit/072a39a772a38c475e35a1be311304ca99e9de7f]
+Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
+---
+ src/iniparser.c | 1 +
+ 1 file changed, 1 insertion(+)
+diff --git a/src/iniparser.c b/src/iniparser.c
+index dbceb20..2aeecf4 100644
+--- a/src/iniparser.c
+++ b/src/iniparser.c
+@@ -301,6 +301,7 @@ void iniparser_dumpsection_ini(const dictionary * d, const char * s, FILE * f)
+     if (d==NULL || f==NULL) return ;
+     if (! iniparser_find_entry(d, s)) return ;
+    if (strlen(s) > sizeof(keym)) return;
+     seclen  = (int)strlen(s);
+     fprintf(f, "\n[%s]\n", s);
+--
+2.40.0
diff --git a/meta-oe/recipes-support/iniparser/iniparser_4.1.bb b/meta-oe/recipes-support/iniparser/iniparser_4.1.bb
index c80668d279..13a3a1f979 100644
--- a/meta-oe/recipes-support/iniparser/iniparser_4.1.bb
+++ b/meta-oe/recipes-support/iniparser/iniparser_4.1.bb
@@ -12,6 +12,7 @@ SRC_URI = "git://github.com/ndevilla/iniparser.git;protocol=https;branch=master
           file://0001-iniparser.pc-Make-libpath-a-variable.patch \
           file://Add-CMake-support.patch \
           file://CVE-2023-33461.patch \
+           file://CVE-2025-0633.patch \
 "
 SRCREV= "deb85ad4936d4ca32cc2260ce43323d47936410d"

diff --git a/meta-oe/recipes-support/iniparser/iniparser/CVE-2025-0633.patch b/meta-oe/recipes-support/iniparser/iniparser/CVE-2025-0633.patch new file mode 100644 index 0000000000..a9d2a19b2c --- /dev/null +++ b/meta-oe/recipes-support/iniparser/iniparser/CVE-2025-0633.patch
@@ -0,0 +1,37 @@
		1	From 072a39a772a38c475e35a1be311304ca99e9de7f Mon Sep 17 00:00:00 2001
		2	From: Lars Möllendorf <lars@moellendorf.eu>
		3	Date: Sun, 26 Jan 2025 08:48:23 +0100
		4	Subject: [PATCH] Fix heap overflow in `iniparser_dumpsection_ini()`
		5
		6	...reported in #177
		7
		8	As suggested by the issue reporter this is fixed by returning from
		9	`iniparser_dumpsection_ini()` in case the length of the passed section name
		10	of dictionary to dump was bigger than the size of the internal buffer used
		11	to copy this string to.
		12
		13	Changelog: changed
		14
		15	CVE: CVE-2025-0633
		16
		17	Upstream-Status: Backport [https://gitlab.com/iniparser/iniparser/-/commit/072a39a772a38c475e35a1be311304ca99e9de7f]
		18
		19	Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
		20	---
		21	src/iniparser.c \| 1 +
		22	1 file changed, 1 insertion(+)
		23
		24	diff --git a/src/iniparser.c b/src/iniparser.c
		25	index dbceb20..2aeecf4 100644
		26	--- a/src/iniparser.c
		27	+++ b/src/iniparser.c
		28	@@ -301,6 +301,7 @@ void iniparser_dumpsection_ini(const dictionary * d, const char * s, FILE * f)
		29
		30	if (d==NULL \|\| f==NULL) return ;
		31	if (! iniparser_find_entry(d, s)) return ;
		32	+ if (strlen(s) > sizeof(keym)) return;
		33
		34	seclen = (int)strlen(s);
		35	fprintf(f, "\n[%s]\n", s);
		36	--
		37	2.40.0


diff --git a/meta-oe/recipes-support/iniparser/iniparser_4.1.bb b/meta-oe/recipes-support/iniparser/iniparser_4.1.bb index c80668d279..13a3a1f979 100644 --- a/meta-oe/recipes-support/iniparser/iniparser_4.1.bb +++ b/meta-oe/recipes-support/iniparser/iniparser_4.1.bb
@@ -12,6 +12,7 @@ SRC_URI = "git://github.com/ndevilla/iniparser.git;protocol=https;branch=master
12	file://0001-iniparser.pc-Make-libpath-a-variable.patch \	12	file://0001-iniparser.pc-Make-libpath-a-variable.patch \
13	file://Add-CMake-support.patch \	13	file://Add-CMake-support.patch \
14	file://CVE-2023-33461.patch \	14	file://CVE-2023-33461.patch \
		15	file://CVE-2025-0633.patch \
15	"	16	"
16		17
17	SRCREV= "deb85ad4936d4ca32cc2260ce43323d47936410d"	18	SRCREV= "deb85ad4936d4ca32cc2260ce43323d47936410d"