aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--meta/recipes-devtools/ruby/ruby/CVE-2017-14064.patch79
-rw-r--r--meta/recipes-devtools/ruby/ruby_2.2.5.bb1
2 files changed, 80 insertions, 0 deletions
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2017-14064.patch b/meta/recipes-devtools/ruby/ruby/CVE-2017-14064.patch
new file mode 100644
index 0000000000..073d214d88
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2017-14064.patch
@@ -0,0 +1,79 @@
+From 8f782fd8e181d9cfe9387ded43a5ca9692266b85 Mon Sep 17 00:00:00 2001
+From: Florian Frank <flori@ping.de>
+Date: Thu, 2 Mar 2017 12:12:33 +0100
+Subject: [PATCH] Fix arbitrary heap exposure problem
+
+Upstream-Status: Backport
+CVE: CVE-2017-14064
+
+Signed-off-by: Rajkumar Veer<rveer@mvista.com>
+---
+ ext/json/ext/generator/generator.c | 12 ++++++------
+ ext/json/ext/generator/generator.h | 1 -
+ 2 files changed, 6 insertions(+), 7 deletions(-)
+--- a/ext/json/generator/generator.c
++++ b/ext/json/generator/generator.c
+@@ -301,7 +301,7 @@
+ char *result;
+ if (len <= 0) return NULL;
+ result = ALLOC_N(char, len);
+- memccpy(result, ptr, 0, len);
++ memcpy(result, ptr, len);
+ return result;
+ }
+
+@@ -1055,7 +1055,7 @@
+ }
+ } else {
+ if (state->indent) ruby_xfree(state->indent);
+- state->indent = strdup(RSTRING_PTR(indent));
++ state->indent = fstrndup(RSTRING_PTR(indent), len);
+ state->indent_len = len;
+ }
+ return Qnil;
+@@ -1093,7 +1093,7 @@
+ }
+ } else {
+ if (state->space) ruby_xfree(state->space);
+- state->space = strdup(RSTRING_PTR(space));
++ state->space = fstrndup(RSTRING_PTR(space), len);
+ state->space_len = len;
+ }
+ return Qnil;
+@@ -1129,7 +1129,7 @@
+ }
+ } else {
+ if (state->space_before) ruby_xfree(state->space_before);
+- state->space_before = strdup(RSTRING_PTR(space_before));
++ state->space_before = fstrndup(RSTRING_PTR(space_before), len);
+ state->space_before_len = len;
+ }
+ return Qnil;
+@@ -1166,7 +1166,7 @@
+ }
+ } else {
+ if (state->object_nl) ruby_xfree(state->object_nl);
+- state->object_nl = strdup(RSTRING_PTR(object_nl));
++ state->object_nl = fstrndup(RSTRING_PTR(object_nl), len);
+ state->object_nl_len = len;
+ }
+ return Qnil;
+@@ -1201,7 +1201,7 @@
+ }
+ } else {
+ if (state->array_nl) ruby_xfree(state->array_nl);
+- state->array_nl = strdup(RSTRING_PTR(array_nl));
++ state->array_nl = fstrndup(RSTRING_PTR(array_nl), len);
+ state->array_nl_len = len;
+ }
+ return Qnil;
+--- a/ext/json/generator/generator.h
++++ b/ext/json/generator/generator.h
+@@ -1,7 +1,6 @@
+ #ifndef _GENERATOR_H_
+ #define _GENERATOR_H_
+
+-#include <string.h>
+ #include <math.h>
+ #include <ctype.h>
+
diff --git a/meta/recipes-devtools/ruby/ruby_2.2.5.bb b/meta/recipes-devtools/ruby/ruby_2.2.5.bb
index 08308057b9..750ddc690f 100644
--- a/meta/recipes-devtools/ruby/ruby_2.2.5.bb
+++ b/meta/recipes-devtools/ruby/ruby_2.2.5.bb
@@ -10,6 +10,7 @@ SRC_URI += "file://prevent-gc.patch \
file://CVE-2017-9226.patch \
file://CVE-2017-9229.patch \
file://CVE-2017-14033.patch \
+ file://CVE-2017-14064.patch \
"
# it's unknown to configure script, but then passed to extconf.rb