helium-3rd-party/meta-openembedded
1
0
Fork 0
mirror of git://git.openembedded.org/meta-openembedded synced 2026-05-21 20:12:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

fcgi: patch CVE-2025-23016

Browse Source 
Pick commit referencing this CVE.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
Peter Marko 2025-08-14 22:45:08 +02:00 committed by Gyorgy Sarvari
parent 1e6dbd183b
commit 6e86e0dd54
2 changed files with 41 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
meta-webserver/recipes-support/fcgi/fcgi/CVE-2025-23016.patch Normal file
View File

@ -0,0 +1,40 @@
From b0eabcaf4d4f371514891a52115c746815c2ff15 Mon Sep 17 00:00:00 2001
From: Pycatchown <39068868+Pycatchown@users.noreply.github.com>
Date: Tue, 8 Apr 2025 17:39:30 +0200
Subject: [PATCH] Update fcgiapp.c
Fixing an integer overflow (CVE-2025-23016)
CVE: CVE-2025-23016
Upstream-Status: Backport [https://github.com/FastCGI-Archives/fcgi2/commit/b0eabcaf4d4f371514891a52115c746815c2ff15]
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
libfcgi/fcgiapp.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/libfcgi/fcgiapp.c b/libfcgi/fcgiapp.c
index 4ffe318..99c3630 100644
--- a/libfcgi/fcgiapp.c
+++ b/libfcgi/fcgiapp.c
@@ -1173,6 +1173,10 @@ static int ReadParams(Params *paramsPtr, FCGX_Stream *stream)
}
nameLen = ((nameLen & 0x7f) << 24) + (lenBuff[0] << 16)
+ (lenBuff[1] << 8) + lenBuff[2];
+ if (nameLen >= INT_MAX) {
+ SetError(stream, FCGX_PARAMS_ERROR);
+ return -1;
+ }
}
if((valueLen = FCGX_GetChar(stream)) == EOF) {
SetError(stream, FCGX_PARAMS_ERROR);
@@ -1185,6 +1189,10 @@ static int ReadParams(Params *paramsPtr, FCGX_Stream *stream)
}
valueLen = ((valueLen & 0x7f) << 24) + (lenBuff[0] << 16)
+ (lenBuff[1] << 8) + lenBuff[2];
+ if (valueLen >= INT_MAX) {
+ SetError(stream, FCGX_PARAMS_ERROR);
+ return -1;
+ }
}
/*
* nameLen and valueLen are now valid; read the name and value

1
meta-webserver/recipes-support/fcgi/fcgi_git.bb
View File

@ -7,6 +7,7 @@ SRCREV = "382aa2b0d53a87c27f2f647dfaf670375ba0b85f"
PV = "2.4.2"
SRC_URI = "git://github.com/FastCGI-Archives/fcgi2.git;protocol=https;branch=master \
file://CVE-2025-23016.patch \
"
S = "${WORKDIR}/git"