zlog: patch CVE-2021-43521

Details: https://nvd.nist.gov/vuln/detail/CVE-2021-43521 Pick the patch that resolves the issue linked in the nvd report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2026-05-22 04:46:29 +00:00 · 2025-10-13 21:00:28 +02:00 · 2025-10-13 21:00:28 +02:00 · ed6bb390fe
commit ed6bb390fe
parent 155ac93191
2 changed files with 28 additions and 1 deletions
--- a/meta-oe/recipes-extended/zlog/zlog/0001-Fix-stack-buffer-overflow-at-zlog_conf_build_with_fi.patch
+++ b/meta-oe/recipes-extended/zlog/zlog/0001-Fix-stack-buffer-overflow-at-zlog_conf_build_with_fi.patch
@ -0,0 +1,25 @@
+From 2f6083e78c4142449580247da470a774d3b2afde Mon Sep 17 00:00:00 2001
+From: XiangfeiCH <chenthrone@163.com>
+Date: Tue, 12 Apr 2022 00:13:35 +0800
+Subject: [PATCH] Fix stack-buffer-overflow at zlog_conf_build_with_file
+
+CVE: CVE-2021-43521
+Upstream-Status: Backport [https://github.com/HardySimpson/zlog/commit/a5be8b3a8ddc498de4ad041757285136a55d97e3]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/conf.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/conf.c b/src/conf.c
+index c592153..9eae63c 100644
+--- a/src/conf.c
+++ b/src/conf.c
+@@ -305,7 +305,7 @@ static int zlog_conf_build_with_file(zlog_conf_t * a_conf)
+ 				/* Oops the buffer is full - what now? */
+ 				pline = line;
+ 			} else {
+-				for (p--; isspace((int)*p); --p)
+				for (p--; p >= line && isspace((int)*p); --p)
+ 					/*EMPTY*/;
+ 				p++;
+ 				*p = 0;
--- a/meta-oe/recipes-extended/zlog/zlog_1.2.15.bb
+++ b/meta-oe/recipes-extended/zlog/zlog_1.2.15.bb
@ -4,7 +4,9 @@ LICENSE = "LGPL-2.1-only"
 LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c"

 SRCREV = "876099f3c66033f3de11d79f63814766b1021dbe"
-SRC_URI = "git://github.com/HardySimpson/zlog;branch=master;protocol=https"
+SRC_URI = "git://github.com/HardySimpson/zlog;branch=master;protocol=https \
+           file://0001-Fix-stack-buffer-overflow-at-zlog_conf_build_with_fi.patch \
+           "

 S = "${WORKDIR}/git"