helium-3rd-party/meta-openembedded
1
0
Fork 0
mirror of git://git.openembedded.org/meta-openembedded synced 2026-04-02 02:49:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

civetweb: patch CVE-2025-55763

Browse Source 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-55763

Pick the relevant commit from https://github.com/civetweb/civetweb/pull/1347/

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
Gyorgy Sarvari 2025-10-04 21:52:32 +02:00
parent 36fa532688
commit c21d0a9268
2 changed files with 58 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
meta-networking/recipes-connectivity/civetweb/civetweb/0001-Fix-heap-overflow-in-directory-URI-slash-redirection.patch Normal file
View File

@ -0,0 +1,57 @@
From e9cfe6edaa82fd9e2e010c8f1ff4df9ba093a56e Mon Sep 17 00:00:00 2001
From: krispybyte <krispybyte@proton.me>
Date: Sat, 21 Jun 2025 23:33:50 +0300
Subject: [PATCH] Fix heap overflow in directory URI slash redirection
CVE: CVE-2025-55763
Upstream-Status: Backport [https://github.com/civetweb/civetweb/pull/1347/commits/76e222bcb77ba8452e5da4e82ae6cecd499c25e0]
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
src/civetweb.c | 23 ++++++++++++++++++-----
1 file changed, 18 insertions(+), 5 deletions(-)
diff --git a/src/civetweb.c b/src/civetweb.c
index 9e321edf..5452b36d 100644
--- a/src/civetweb.c
+++ b/src/civetweb.c
@@ -15242,7 +15242,6 @@ handle_request(struct mg_connection *conn)
/* 12. Directory uris should end with a slash */
if (file.stat.is_directory && ((uri_len = (int)strlen(ri->local_uri)) > 0)
&& (ri->local_uri[uri_len - 1] != '/')) {
-
/* Path + server root */
size_t buflen = UTF8_PATH_MAX * 2 + 2;
char *new_path;
@@ -15255,12 +15254,26 @@ handle_request(struct mg_connection *conn)
mg_send_http_error(conn, 500, "out or memory");
} else {
mg_get_request_link(conn, new_path, buflen - 1);
- strcat(new_path, "/");
+
+ size_t len = strlen(new_path);
+ if (len + 1 < buflen) {
+ new_path[len] = '/';
+ new_path[len + 1] = '\0';
+ len += 1;
+ }
+
if (ri->query_string) {
- /* Append ? and query string */
- strcat(new_path, "?");
- strcat(new_path, ri->query_string);
+ if (len + 1 < buflen) {
+ new_path[len] = '?';
+ new_path[len + 1] = '\0';
+ len += 1;
+ }
+
+ /* Append with size of space left for query string + null terminator */
+ size_t max_append = buflen - len - 1;
+ strncat(new_path, ri->query_string, max_append);
}
+
mg_send_http_redirect(conn, new_path, 301);
mg_free(new_path);
}

1
meta-networking/recipes-connectivity/civetweb/civetweb_1.16.bb
View File

@ -8,6 +8,7 @@ SRCREV = "d7ba35bbb649209c66e582d5a0244ba988a15159"
SRC_URI = "git://github.com/civetweb/civetweb.git;branch=master;protocol=https \
file://0001-Unittest-Link-librt-and-libm-using-l-option.patch \
file://0001-Fix-heap-overflow-in-directory-URI-slash-redirection.patch \
"
S = "${WORKDIR}/git"