connman: Fix CVE-2025-32366 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Praveen Kumar <praveen.kumar@windriver.com>	2025-05-15 11:38:08 +0530
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2025-05-19 17:35:42 +0100
commit	edfc53d7293ee62cb730d99873643b344fddce86 (patch)
tree	604ea2ee5235f2fceca5d2bb83fbda81a7edfe8c /scripts/lib/scriptpath.py
parent	77a5a1cc12d71f6483f0cde48a3911e1b150edda (diff)
download	poky-edfc53d7293ee62cb730d99873643b344fddce86.tar.gz

connman: Fix CVE-2025-32366

In ConnMan through 1.44, parse_rr in dnsproxy.c has a memcpy length that depends on an RR RDLENGTH value, i.e., *rdlen=ntohs(rr->rdlen) and memcpy(response+offset,*end,*rdlen) without a check for whether the sum of *end and *rdlen exceeds max. Consequently, *rdlen may be larger than the amount of remaining packet data in the current state of parsing. Values of stack memory locations may be sent over the network in a response. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-32366 Upstream-patch: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=8d3be0285f1d4667bfe85dba555c663eb3d704b4 (From OE-Core rev: 548eddd84f23c6cb0352b9a692144050da8ba37a) Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'scripts/lib/scriptpath.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: