From eab84f5ca493ecc669c7c757b2cafd8bb29ab2a7 Mon Sep 17 00:00:00 2001
From: tomcruiseqi <10762123+tomcruiseqi@user.noreply.gitee.com>
Date: Thu, 3 Jul 2025 09:14:14 +0800
Subject: [PATCH] [CVE] CVE-2024-43167

to #19462
add patch to fix CVE-2024-43167
Project: TC2024080204
Signed-off-by: tomcruiseqi <10762123+tomcruiseqi@user.noreply.gitee.com>
---
 1006-bugfix-for-CVE-2024-43167.patch | 45 ++++++++++++++++++++++++++++
 unbound.spec                         |  6 +++-
 2 files changed, 50 insertions(+), 1 deletion(-)
 create mode 100644 1006-bugfix-for-CVE-2024-43167.patch

diff --git a/1006-bugfix-for-CVE-2024-43167.patch b/1006-bugfix-for-CVE-2024-43167.patch
new file mode 100644
index 0000000..a8efd96
--- /dev/null
+++ b/1006-bugfix-for-CVE-2024-43167.patch
@@ -0,0 +1,45 @@
+From 8e43e2574c4e02f79c562a061581cdcefe136912 Mon Sep 17 00:00:00 2001
+From: zhailiangliang <zhailiangliang@loongson.cn>
+Date: Tue, 21 May 2024 08:40:16 +0000
+Subject: [PATCH] fix null pointer dereference issue in function ub_ctx_set_fwd
+ of file libunbound/libunbound.c
+
+---
+ libunbound/libunbound.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/libunbound/libunbound.c b/libunbound/libunbound.c
+index 17057ec6..3c895514 100644
+--- a/libunbound/libunbound.c
++++ b/libunbound/libunbound.c
+@@ -981,7 +981,8 @@ ub_ctx_set_fwd(struct ub_ctx* ctx, const char* addr)
+ 	if(!addr) {
+ 		/* disable fwd mode - the root stub should be first. */
+ 		if(ctx->env->cfg->forwards &&
+-			strcmp(ctx->env->cfg->forwards->name, ".") == 0) {
++			(ctx->env->cfg->forwards->name &&
++			strcmp(ctx->env->cfg->forwards->name, ".") == 0)) {
+ 			s = ctx->env->cfg->forwards;
+ 			ctx->env->cfg->forwards = s->next;
+ 			s->next = NULL;
+@@ -1001,7 +1002,8 @@ ub_ctx_set_fwd(struct ub_ctx* ctx, const char* addr)
+ 	/* it parses, add root stub in front of list */
+ 	lock_basic_lock(&ctx->cfglock);
+ 	if(!ctx->env->cfg->forwards ||
+-		strcmp(ctx->env->cfg->forwards->name, ".") != 0) {
++		(ctx->env->cfg->forwards->name &&
++		strcmp(ctx->env->cfg->forwards->name, ".") != 0)) {
+ 		s = calloc(1, sizeof(*s));
+ 		if(!s) {
+ 			lock_basic_unlock(&ctx->cfglock);
+@@ -1019,6 +1021,7 @@ ub_ctx_set_fwd(struct ub_ctx* ctx, const char* addr)
+ 		ctx->env->cfg->forwards = s;
+ 	} else {
+ 		log_assert(ctx->env->cfg->forwards);
++		log_assert(ctx->env->cfg->forwards->name);
+ 		s = ctx->env->cfg->forwards;
+ 	}
+ 	dupl = strdup(addr);
+-- 
+2.33.0
+
diff --git a/unbound.spec b/unbound.spec
index 8c6573f..f983180 100644
--- a/unbound.spec
+++ b/unbound.spec
@@ -1,4 +1,4 @@
-%define anolis_release 6
+%define anolis_release 7
 
 Name:          unbound
 Version:       1.17.1
@@ -44,6 +44,7 @@ Patch0003: backport-0003-CVE-2024-43168.patch
 Patch0004: backport-0004-CVE-2024-43168.patch
 # https://nlnetlabs.nl/downloads/unbound/patch_CVE-2023-50387_CVE-2023-50868.diff
 Patch0005: 1001-CVE-2023-50868-CVE-2023-50387.patch
+Patch1006: 1006-bugfix-for-CVE-2024-43167.patch
 
 BuildRequires: gcc, make, systemd, pkgconfig(libsystemd), byacc 
 BuildRequires: flex, swig, openssl-devel
@@ -276,6 +277,9 @@ fi
 %{_mandir}/man1/unbound-*
 
 %changelog
+* Thu Jul 03 2025 tomcruiseqi <10762123+tomcruiseqi@user.noreply.gitee.com> - 1.17.1-7
+- Fix CVE-2024-43167
+
 * Thu Jun 12 2025 zjl02254423 <zjl02254423@alibaba-inc.com> - 1.17.1-6
 - add patch to fix CVE-2023-50868 CVE-2023-50387
 
-- 
Gitee