diff options
Diffstat (limited to 'meta/recipes-support/gpgme/gpgme-1.4.3/gpgme-fix-CVE-2014-3564.patch')
-rw-r--r-- | meta/recipes-support/gpgme/gpgme-1.4.3/gpgme-fix-CVE-2014-3564.patch | 56 |
1 files changed, 0 insertions, 56 deletions
diff --git a/meta/recipes-support/gpgme/gpgme-1.4.3/gpgme-fix-CVE-2014-3564.patch b/meta/recipes-support/gpgme/gpgme-1.4.3/gpgme-fix-CVE-2014-3564.patch deleted file mode 100644 index c728f58658..0000000000 --- a/meta/recipes-support/gpgme/gpgme-1.4.3/gpgme-fix-CVE-2014-3564.patch +++ /dev/null @@ -1,56 +0,0 @@ -Upstream-Status: Backport - -Backport patch to fix CVE-2014-3564. - -http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=commit;h=2cbd76f7911fc215845e89b50d6af5ff4a83dd77 - -Signed-off-by: Kai Kang <kai.kang@windriver.com> ---- -From 2cbd76f7911fc215845e89b50d6af5ff4a83dd77 Mon Sep 17 00:00:00 2001 -From: Werner Koch <wk@gnupg.org> -Date: Wed, 30 Jul 2014 11:04:55 +0200 -Subject: [PATCH 1/1] Fix possible realloc overflow for gpgsm and uiserver - engines. - -After a realloc (realloc is also used for initial alloc) the allocated -size if the buffer is not correctly recorded. Thus an overflow can be -introduced by receiving data with different line lengths in a specific -order. This is not easy exploitable because libassuan constructs the -line. However a crash has been reported and thus it might be possible -to constructs an exploit. - -CVE-id: CVE-2014-3564 -Reported-by: Tomáš Trnka ---- - src/engine-gpgsm.c | 2 +- - src/engine-uiserver.c | 2 +- - 3 files changed, 5 insertions(+), 2 deletions(-) - -diff --git a/src/engine-gpgsm.c b/src/engine-gpgsm.c -index 8ec1598..3a83757 100644 ---- a/src/engine-gpgsm.c -+++ b/src/engine-gpgsm.c -@@ -836,7 +836,7 @@ status_handler (void *opaque, int fd) - else - { - *aline = newline; -- gpgsm->colon.attic.linesize += linelen + 1; -+ gpgsm->colon.attic.linesize = *alinelen + linelen + 1; - } - } - if (!err) -diff --git a/src/engine-uiserver.c b/src/engine-uiserver.c -index 2738c36..a7184b7 100644 ---- a/src/engine-uiserver.c -+++ b/src/engine-uiserver.c -@@ -698,7 +698,7 @@ status_handler (void *opaque, int fd) - else - { - *aline = newline; -- uiserver->colon.attic.linesize += linelen + 1; -+ uiserver->colon.attic.linesize = *alinelen + linelen + 1; - } - } - if (!err) --- -2.1.4 |