search

Samsung / TizenRT

TizenRT is a lightweight RTOS-based platform to support low-end IoT devices
Apache License 2.0
566 stars 568 forks source link

[Security report]: Patch for CVE-2020-26243 found in reused component nanopb by using V1SCAN #6312

Open ltcdCai opened 1 month ago

ltcdCai commented 1 month ago

Contact me: weitingcai2020@gmail.com

References:

Github Security Advisory for CVE-2020-26243 NVD description Commit for CVE-2020-26243

Steps to reproduce it

Patch suggestion: Replace the code at lines 406-415 with the following code:

            if (PB_LTYPE(type) == PB_LTYPE_SUBMESSAGE &&
                *(pb_size_t*)iter->pSize != iter->pos->tag)
            {
                /* We memset to zero so that any callbacks are set to NULL.
                 * This is because the callbacks might otherwise have values
                 * from some other union field. */
                memset(iter->pData, 0, iter->pos->data_size);
                pb_message_set_to_defaults((const pb_field_t*)iter->pos->ptr, iter->pData);
            }
            *(pb_size_t*)iter->pSize = iter->pos->tag;

            return func(stream, iter->pos, iter->pData);
sunghan-chang commented 1 month ago

@jylee9613 Could you check it?