aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-support/gpgme/gpgme-1.4.3/gpgme-fix-CVE-2014-3564.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-support/gpgme/gpgme-1.4.3/gpgme-fix-CVE-2014-3564.patch')
-rw-r--r--meta/recipes-support/gpgme/gpgme-1.4.3/gpgme-fix-CVE-2014-3564.patch56
1 files changed, 0 insertions, 56 deletions
diff --git a/meta/recipes-support/gpgme/gpgme-1.4.3/gpgme-fix-CVE-2014-3564.patch b/meta/recipes-support/gpgme/gpgme-1.4.3/gpgme-fix-CVE-2014-3564.patch
deleted file mode 100644
index c728f58658..0000000000
--- a/meta/recipes-support/gpgme/gpgme-1.4.3/gpgme-fix-CVE-2014-3564.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-Upstream-Status: Backport
-
-Backport patch to fix CVE-2014-3564.
-
-http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=commit;h=2cbd76f7911fc215845e89b50d6af5ff4a83dd77
-
-Signed-off-by: Kai Kang <kai.kang@windriver.com>
----
-From 2cbd76f7911fc215845e89b50d6af5ff4a83dd77 Mon Sep 17 00:00:00 2001
-From: Werner Koch <wk@gnupg.org>
-Date: Wed, 30 Jul 2014 11:04:55 +0200
-Subject: [PATCH 1/1] Fix possible realloc overflow for gpgsm and uiserver
- engines.
-
-After a realloc (realloc is also used for initial alloc) the allocated
-size if the buffer is not correctly recorded. Thus an overflow can be
-introduced by receiving data with different line lengths in a specific
-order. This is not easy exploitable because libassuan constructs the
-line. However a crash has been reported and thus it might be possible
-to constructs an exploit.
-
-CVE-id: CVE-2014-3564
-Reported-by: Tomáš Trnka
----
- src/engine-gpgsm.c | 2 +-
- src/engine-uiserver.c | 2 +-
- 3 files changed, 5 insertions(+), 2 deletions(-)
-
-diff --git a/src/engine-gpgsm.c b/src/engine-gpgsm.c
-index 8ec1598..3a83757 100644
---- a/src/engine-gpgsm.c
-+++ b/src/engine-gpgsm.c
-@@ -836,7 +836,7 @@ status_handler (void *opaque, int fd)
- else
- {
- *aline = newline;
-- gpgsm->colon.attic.linesize += linelen + 1;
-+ gpgsm->colon.attic.linesize = *alinelen + linelen + 1;
- }
- }
- if (!err)
-diff --git a/src/engine-uiserver.c b/src/engine-uiserver.c
-index 2738c36..a7184b7 100644
---- a/src/engine-uiserver.c
-+++ b/src/engine-uiserver.c
-@@ -698,7 +698,7 @@ status_handler (void *opaque, int fd)
- else
- {
- *aline = newline;
-- uiserver->colon.attic.linesize += linelen + 1;
-+ uiserver->colon.attic.linesize = *alinelen + linelen + 1;
- }
- }
- if (!err)
---
-2.1.4
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-06-15 07:16:35 +0000