[Buildroot] [PATCH] package/raptor: add patches for CVE-2024-57822, CVE-2024-57823

Thomas Perale thomas.perale at mind.be
Thu Oct 9 14:54:49 UTC 2025 

In reply of:
> This fixes the following vulnerabilities:
> - CVE-2024-57822:
>     In Raptor RDF Syntax Library through 2.0.16, there is a heap-based
>     buffer over-read when parsing triples with the nquads parser in
>     raptor_ntriples_parse_term_internal().
>     https://www.cve.org/CVERecord?id=CVE-2024-57822
> 
> - CVE-2024-57823:
>     In Raptor RDF Syntax Library through 2.0.16, there is an integer
>     underflow when normalizing a URI with the turtle parser in
>     raptor_uri_normalize_path().
>     https://www.cve.org/CVERecord?id=CVE-2024-57823
> 
> Signed-off-by: Titouan Christophe <titouan.christophe at mind.be>

Applied to 2025.02.x, 2025.05.x & 2025.08.x. Thanks

> ---
>  ...ad-buffer-overflow-in-ntriples-bnode.patch | 30 +++++++++++++
>  ...derflow-in-raptor_uri_normalize_path.patch | 43 +++++++++++++++++++
>  package/raptor/raptor.mk                      |  5 +++
>  3 files changed, 78 insertions(+)
>  create mode 100644 package/raptor/0003-Fix-Heap-read-buffer-overflow-in-ntriples-bnode.patch
>  create mode 100644 package/raptor/0004-Fix-integer-underflow-in-raptor_uri_normalize_path.patch
> 
> diff --git a/package/raptor/0003-Fix-Heap-read-buffer-overflow-in-ntriples-bnode.patch b/package/raptor/0003-Fix-Heap-read-buffer-overflow-in-ntriples-bnode.patch
> new file mode 100644
> index 0000000000..1242c7289c
> --- /dev/null
> +++ b/package/raptor/0003-Fix-Heap-read-buffer-overflow-in-ntriples-bnode.patch
> @@ -0,0 +1,30 @@
> +From ece2c79df43091686a538b8231cf387d84bfa60e Mon Sep 17 00:00:00 2001
> +From: Dave Beckett <dave at dajobe.org>
> +Date: Fri, 7 Feb 2025 11:38:34 -0800
> +Subject: [PATCH] Fix Github issue 70 B) Heap read buffer overflow in ntriples
> + bnode
> +
> +(raptor_ntriples_parse_term_internal): Only allow looking at the last
> +character of a bnode ID only if bnode length >0
> +
> +CVE: CVE-2024-57822
> +Upstream: https://github.com/dajobe/raptor/commit/ece2c79df43091686a538b8231cf387d84bfa60e
> +
> +Signed-off-by: Titouan Christophe <titouan.christophe at mind.be>
> +---
> + src/raptor_ntriples.c | 2 +-
> + 1 file changed, 1 insertion(+), 1 deletion(-)
> +
> +diff --git a/src/raptor_ntriples.c b/src/raptor_ntriples.c
> +index 3276e790..ecc4247c 100644
> +--- a/src/raptor_ntriples.c
> ++++ b/src/raptor_ntriples.c
> +@@ -212,7 +212,7 @@ raptor_ntriples_parse_term_internal(raptor_world* world,
> +             locator->column--;
> +             locator->byte--;
> +           }
> +-          if(term_class == RAPTOR_TERM_CLASS_BNODEID && dest[-1] == '.') {
> ++          if(term_class == RAPTOR_TERM_CLASS_BNODEID && position > 0 && dest[-1] == '.') {
> +             /* If bnode id ended on '.' move back one */
> +             dest--;
> + 
> diff --git a/package/raptor/0004-Fix-integer-underflow-in-raptor_uri_normalize_path.patch b/package/raptor/0004-Fix-integer-underflow-in-raptor_uri_normalize_path.patch
> new file mode 100644
> index 0000000000..55e8ab3f11
> --- /dev/null
> +++ b/package/raptor/0004-Fix-integer-underflow-in-raptor_uri_normalize_path.patch
> @@ -0,0 +1,43 @@
> +From da7a79976bd0314c23cce55d22495e7d29301c44 Mon Sep 17 00:00:00 2001
> +From: Dave Beckett <dave at dajobe.org>
> +Date: Thu, 6 Feb 2025 21:12:37 -0800
> +Subject: [PATCH] Fix Github issue 70 A) Integer Underflow in
> + raptor_uri_normalize_path()
> +
> +(raptor_uri_normalize_path): Return empty buffer if path gets to 0
> +length
> +
> +CVE: CVE-2024-57823
> +Upstream: https://github.com/dajobe/raptor/commit/da7a79976bd0314c23cce55d22495e7d29301c44
> +
> +Signed-off-by: Titouan Christophe <titouan.christophe at mind.be>
> +---
> + src/raptor_rfc2396.c | 8 ++++++++
> + 1 file changed, 8 insertions(+)
> +
> +diff --git a/src/raptor_rfc2396.c b/src/raptor_rfc2396.c
> +index 8cc364f4..f8ec5798 100644
> +--- a/src/raptor_rfc2396.c
> ++++ b/src/raptor_rfc2396.c
> +@@ -351,6 +351,10 @@ raptor_uri_normalize_path(unsigned char* path_buffer, size_t path_len)
> +           *dest++ = *s++;
> +         *dest = '\0';
> +         path_len -= len;
> ++        if(path_len <= 0) {
> ++          *path_buffer = '\0';
> ++          return 0;
> ++        }
> + 
> +         if(p && p < prev) {
> +           /* We know the previous prev path component and we didn't do
> +@@ -390,6 +394,10 @@ raptor_uri_normalize_path(unsigned char* path_buffer, size_t path_len)
> +     /* Remove <component>/.. at the end of the path */
> +     *prev = '\0';
> +     path_len -= (s-prev);
> ++    if(path_len <= 0) {
> ++      *path_buffer = '\0';
> ++      return 0;
> ++    }
> +   }
> + 
> + 
> diff --git a/package/raptor/raptor.mk b/package/raptor/raptor.mk
> index ec7643ce3d..1b850400f8 100644
> --- a/package/raptor/raptor.mk
> +++ b/package/raptor/raptor.mk
> @@ -14,6 +14,11 @@ RAPTOR_CPE_ID_VENDOR = librdf
>  RAPTOR_CPE_ID_PRODUCT = raptor_rdf_syntax_library
>  RAPTOR_INSTALL_STAGING = YES
>  
> +# 0003-Fix-Heap-read-buffer-overflow-in-ntriples-bnode.patch
> +RAPTOR_IGNORE_CVES += CVE-2024-57822
> +# 0004-Fix-integer-underflow-in-raptor_uri_normalize_path.patch
> +RAPTOR_IGNORE_CVES += CVE-2024-57823
> +
>  # Flag is added to make sure the patch is applied for the configure.ac of raptor.
>  RAPTOR_AUTORECONF = YES
>  
> -- 
> 2.51.0
> 
> _______________________________________________
> buildroot mailing list
> buildroot at buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot

More information about the buildroot mailing list