[Buildroot] [git commit] package/raptor: add patches for CVE-2024-57822, CVE-2024-57823

Julien Olivain ju.o at free.fr
Fri Oct 3 17:29:28 UTC 2025 

commit: https://git.buildroot.net/buildroot/commit/?id=e94cd21e7b5f806d5daad3d93ac6712f3e00d6bd
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master

This fixes the following vulnerabilities:
- CVE-2024-57822:
    In Raptor RDF Syntax Library through 2.0.16, there is a heap-based
    buffer over-read when parsing triples with the nquads parser in
    raptor_ntriples_parse_term_internal().
    https://www.cve.org/CVERecord?id=CVE-2024-57822

- CVE-2024-57823:
    In Raptor RDF Syntax Library through 2.0.16, there is an integer
    underflow when normalizing a URI with the turtle parser in
    raptor_uri_normalize_path().
    https://www.cve.org/CVERecord?id=CVE-2024-57823

Signed-off-by: Titouan Christophe <titouan.christophe at mind.be>
Signed-off-by: Julien Olivain <ju.o at free.fr>
---
 ...ap-read-buffer-overflow-in-ntriples-bnode.patch | 30 +++++++++++++++
 ...er-underflow-in-raptor_uri_normalize_path.patch | 43 ++++++++++++++++++++++
 package/raptor/raptor.mk                           |  5 +++
 3 files changed, 78 insertions(+)

diff --git a/package/raptor/0003-Fix-Heap-read-buffer-overflow-in-ntriples-bnode.patch b/package/raptor/0003-Fix-Heap-read-buffer-overflow-in-ntriples-bnode.patch
new file mode 100644
index 0000000000..1242c7289c
--- /dev/null
+++ b/package/raptor/0003-Fix-Heap-read-buffer-overflow-in-ntriples-bnode.patch
@@ -0,0 +1,30 @@
+From ece2c79df43091686a538b8231cf387d84bfa60e Mon Sep 17 00:00:00 2001
+From: Dave Beckett <dave at dajobe.org>
+Date: Fri, 7 Feb 2025 11:38:34 -0800
+Subject: [PATCH] Fix Github issue 70 B) Heap read buffer overflow in ntriples
+ bnode
+
+(raptor_ntriples_parse_term_internal): Only allow looking at the last
+character of a bnode ID only if bnode length >0
+
+CVE: CVE-2024-57822
+Upstream: https://github.com/dajobe/raptor/commit/ece2c79df43091686a538b8231cf387d84bfa60e
+
+Signed-off-by: Titouan Christophe <titouan.christophe at mind.be>
+---
+ src/raptor_ntriples.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/raptor_ntriples.c b/src/raptor_ntriples.c
+index 3276e790..ecc4247c 100644
+--- a/src/raptor_ntriples.c
++++ b/src/raptor_ntriples.c
+@@ -212,7 +212,7 @@ raptor_ntriples_parse_term_internal(raptor_world* world,
+             locator->column--;
+             locator->byte--;
+           }
+-          if(term_class == RAPTOR_TERM_CLASS_BNODEID && dest[-1] == '.') {
++          if(term_class == RAPTOR_TERM_CLASS_BNODEID && position > 0 && dest[-1] == '.') {
+             /* If bnode id ended on '.' move back one */
+             dest--;
+ 
diff --git a/package/raptor/0004-Fix-integer-underflow-in-raptor_uri_normalize_path.patch b/package/raptor/0004-Fix-integer-underflow-in-raptor_uri_normalize_path.patch
new file mode 100644
index 0000000000..55e8ab3f11
--- /dev/null
+++ b/package/raptor/0004-Fix-integer-underflow-in-raptor_uri_normalize_path.patch
@@ -0,0 +1,43 @@
+From da7a79976bd0314c23cce55d22495e7d29301c44 Mon Sep 17 00:00:00 2001
+From: Dave Beckett <dave at dajobe.org>
+Date: Thu, 6 Feb 2025 21:12:37 -0800
+Subject: [PATCH] Fix Github issue 70 A) Integer Underflow in
+ raptor_uri_normalize_path()
+
+(raptor_uri_normalize_path): Return empty buffer if path gets to 0
+length
+
+CVE: CVE-2024-57823
+Upstream: https://github.com/dajobe/raptor/commit/da7a79976bd0314c23cce55d22495e7d29301c44
+
+Signed-off-by: Titouan Christophe <titouan.christophe at mind.be>
+---
+ src/raptor_rfc2396.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/src/raptor_rfc2396.c b/src/raptor_rfc2396.c
+index 8cc364f4..f8ec5798 100644
+--- a/src/raptor_rfc2396.c
++++ b/src/raptor_rfc2396.c
+@@ -351,6 +351,10 @@ raptor_uri_normalize_path(unsigned char* path_buffer, size_t path_len)
+           *dest++ = *s++;
+         *dest = '\0';
+         path_len -= len;
++        if(path_len <= 0) {
++          *path_buffer = '\0';
++          return 0;
++        }
+ 
+         if(p && p < prev) {
+           /* We know the previous prev path component and we didn't do
+@@ -390,6 +394,10 @@ raptor_uri_normalize_path(unsigned char* path_buffer, size_t path_len)
+     /* Remove <component>/.. at the end of the path */
+     *prev = '\0';
+     path_len -= (s-prev);
++    if(path_len <= 0) {
++      *path_buffer = '\0';
++      return 0;
++    }
+   }
+ 
+ 
diff --git a/package/raptor/raptor.mk b/package/raptor/raptor.mk
index ec7643ce3d..1b850400f8 100644
--- a/package/raptor/raptor.mk
+++ b/package/raptor/raptor.mk
@@ -14,6 +14,11 @@ RAPTOR_CPE_ID_VENDOR = librdf
 RAPTOR_CPE_ID_PRODUCT = raptor_rdf_syntax_library
 RAPTOR_INSTALL_STAGING = YES
 
+# 0003-Fix-Heap-read-buffer-overflow-in-ntriples-bnode.patch
+RAPTOR_IGNORE_CVES += CVE-2024-57822
+# 0004-Fix-integer-underflow-in-raptor_uri_normalize_path.patch
+RAPTOR_IGNORE_CVES += CVE-2024-57823
+
 # Flag is added to make sure the patch is applied for the configure.ac of raptor.
 RAPTOR_AUTORECONF = YES

More information about the buildroot mailing list