mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-03-17 04:39:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
caac6c06bbeff7691f4f26c1d41e94de3d3c1c9a
poky/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4476.patch
Changqing Li b4284b3eb2 libsoup-2.4: fix CVE-2025-4476 
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/440

(From OE-Core rev: 2be01469687f30f33b768164f66916b081cc8c62)

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-06-25 08:11:58 -07:00

39 lines
1.3 KiB
Diff
Raw Blame History

From 52a0f9234d384b9dab368835b22e5a5a01542168 Mon Sep 17 00:00:00 2001
From: Changqing Li <changqing.li@windriver.com>
Date: Fri, 16 May 2025 14:16:10 +0800
Subject: [PATCH] auth-digest: fix crash in
soup_auth_digest_get_protection_space()
We need to validate the Domain parameter in the WWW-Authenticate header.
Unfortunately this crash only occurs when listening on default ports 80
and 443, so there's no good way to test for this. The test would require
running as root.
Fixes #440
CVE: CVE-2025-4476
Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/e64c221f9c7d09b48b610c5626b3b8c400f0907c?merge_request_iid=457]
Signed-off-by: Changqing Li <changqing.li@windriver.com>
---
libsoup/soup-auth-digest.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libsoup/soup-auth-digest.c b/libsoup/soup-auth-digest.c
index f1621ec..a2dc560 100644
--- a/libsoup/soup-auth-digest.c
+++ b/libsoup/soup-auth-digest.c
@@ -229,7 +229,7 @@ soup_auth_digest_get_protection_space (SoupAuth *auth, SoupURI *source_uri)
uri = soup_uri_new (d);
if (uri && uri->scheme == source_uri->scheme &&
uri->port == source_uri->port &&
- !strcmp (uri->host, source_uri->host))
+ !g_strcmp0 (uri->host, source_uri->host))
dir = g_strdup (uri->path);
else
dir = NULL;
--
2.34.1
Reference in New Issue View Git Blame Copy Permalink