diff options
author | Armin Kuster <akuster@mvista.com> | 2019-06-05 13:26:58 -0700 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2019-06-25 07:26:36 -0700 |
commit | c897b862c6cfaa341cc6155b2c9d98ea7ad02884 (patch) | |
tree | d443ec6b571e738977b75fb7879609c91e9adb25 /meta/recipes-extended | |
parent | 71bfb9dfdc806e0e95f1302d0d6c3c751f03bb4b (diff) | |
download | openembedded-core-contrib-c897b862c6cfaa341cc6155b2c9d98ea7ad02884.tar.gz |
wget: Security fix for CVE-2019-5953
Source: http://git.savannah.gnu.org/cgit/wget.git
MR: 89341
Type: Security Fix
Disposition: Backport from http://git.savannah.gnu.org/cgit/wget.git/commit/?id=692d5c5215de0db482c252492a92fc424cc6a97c
ChangeID: 1c19a2fd7ead88cc4ee92d425179d60d4635864b
Description:
Fixes CVE-2019-5953
Affects: < 1.20.1
Signed-off-by: Armin Kuster <akuster@mvista.com>
Diffstat (limited to 'meta/recipes-extended')
-rw-r--r-- | meta/recipes-extended/wget/wget/CVE-2019-5953.patch | 51 | ||||
-rw-r--r-- | meta/recipes-extended/wget/wget_1.19.5.bb | 1 |
2 files changed, 52 insertions, 0 deletions
diff --git a/meta/recipes-extended/wget/wget/CVE-2019-5953.patch b/meta/recipes-extended/wget/wget/CVE-2019-5953.patch new file mode 100644 index 0000000000..e43e8e545b --- /dev/null +++ b/meta/recipes-extended/wget/wget/CVE-2019-5953.patch @@ -0,0 +1,51 @@ +From 692d5c5215de0db482c252492a92fc424cc6a97c Mon Sep 17 00:00:00 2001 +From: Tim Ruehsen <tim.ruehsen@gmx.de> +Date: Fri, 5 Apr 2019 11:50:44 +0200 +Subject: [PATCH] Fix a buffer overflow vulnerability + +* src/iri.c(do_conversion): Reallocate the output buffer to a larger + size if it is already full + +Upstream-Status: Backport +http://git.savannah.gnu.org/cgit/wget.git/commit/?id=692d5c5215de0db482c252492a92fc424cc6a97c +CVE: CVE-2019-5953 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + src/iri.c | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) + +Index: wget-1.19.5/src/iri.c +=================================================================== +--- wget-1.19.5.orig/src/iri.c ++++ wget-1.19.5/src/iri.c +@@ -151,8 +151,11 @@ do_conversion (const char *tocode, const + *out = s = xmalloc (outlen + 1); + done = 0; + ++ DEBUGP (("iconv %s -> %s\n", tocode, fromcode)); ++ + for (;;) + { ++ DEBUGP (("iconv outlen=%d inlen=%d\n", outlen, inlen)); + if (iconv (cd, (ICONV_CONST char **) &in, &inlen, out, &outlen) != (size_t)(-1) && + iconv (cd, NULL, NULL, out, &outlen) != (size_t)(-1)) + { +@@ -187,11 +190,14 @@ do_conversion (const char *tocode, const + } + else if (errno == E2BIG) /* Output buffer full */ + { ++ logprintf (LOG_VERBOSE, ++ _("Reallocate output buffer len=%d outlen=%d inlen=%d\n"), len, outlen, inlen); + tooshort++; + done = len; +- len = outlen = done + inlen * 2; +- s = xrealloc (s, outlen + 1); +- *out = s + done; ++ len = done + inlen * 2; ++ s = xrealloc (s, len + 1); ++ *out = s + done - outlen; ++ outlen += inlen * 2; + } + else /* Weird, we got an unspecified error */ + { diff --git a/meta/recipes-extended/wget/wget_1.19.5.bb b/meta/recipes-extended/wget/wget_1.19.5.bb index e37d8c7847..920b74de1b 100644 --- a/meta/recipes-extended/wget/wget_1.19.5.bb +++ b/meta/recipes-extended/wget/wget_1.19.5.bb @@ -1,6 +1,7 @@ SRC_URI = "${GNU_MIRROR}/wget/wget-${PV}.tar.gz \ file://0001-Unset-need_charset_alias-when-building-for-musl.patch \ file://0002-improve-reproducibility.patch \ + file://CVE-2019-5953.patch \ " SRC_URI[md5sum] = "2db6f03d655041f82eb64b8c8a1fa7da" |