diff options
author | Sona Sarmadi <sona.sarmadi@enea.com> | 2015-04-29 11:02:20 +0200 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2015-05-01 12:34:06 +0100 |
commit | 0b13fbf3f9b4419141445b381ffa9445af6e52ab (patch) | |
tree | 84fc57b7a1357361e23ef212bceed01317535a8e | |
parent | 10c8aeebca301ffd853e75df3f9c1d16d0352d76 (diff) | |
download | openembedded-core-contrib-0b13fbf3f9b4419141445b381ffa9445af6e52ab.tar.gz |
coreutils: parse-datetime: CVE-2014-9471
Memory corruption flaw in parse_datetime()
Reference
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9471
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/recipes-core/coreutils/coreutils-8.22/parse-datetime-CVE-2014-9471.patch | 43 | ||||
-rw-r--r-- | meta/recipes-core/coreutils/coreutils_8.22.bb | 1 |
2 files changed, 44 insertions, 0 deletions
diff --git a/meta/recipes-core/coreutils/coreutils-8.22/parse-datetime-CVE-2014-9471.patch b/meta/recipes-core/coreutils/coreutils-8.22/parse-datetime-CVE-2014-9471.patch new file mode 100644 index 0000000000..a094b8b54e --- /dev/null +++ b/meta/recipes-core/coreutils/coreutils-8.22/parse-datetime-CVE-2014-9471.patch @@ -0,0 +1,43 @@ +Upstream-Status: Backport +Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> +--- +diff -ruN a/ChangeLog b/ChangeLog +--- a/ChangeLog 2013-12-13 16:20:00.000000000 +0100 ++++ b/ChangeLog 2015-02-26 09:24:10.640577829 +0100 +@@ -1,3 +1,11 @@ ++2014-02-25 Sona Sarmadi <sona.sarmadi@enea.com> ++ ++ parse-datetime: fix crash or infloop in TZ="" parsing ++ * lib/parse-datetime.y (parse_datetime): Break out of the ++ TZ="" parsing loop once the second significant " is found. ++ Also skip over any subsequent whitespace to be consistent ++ with the non TZ= case (CVE-2014-9471) ++ + 2013-12-13 Pádraig Brady <P@draigBrady.com> + + version 8.22 +diff -ruN a/lib/parse-datetime.y b/lib/parse-datetime.y +--- a/lib/parse-datetime.y 2013-12-04 15:53:33.000000000 +0100 ++++ b/lib/parse-datetime.y 2015-02-26 09:20:15.238528670 +0100 +@@ -1303,8 +1303,6 @@ + char tz1buf[TZBUFSIZE]; + bool large_tz = TZBUFSIZE < tzsize; + bool setenv_ok; +- /* Free tz0, in case this is the 2nd or subsequent time through. */ +- free (tz0); + tz0 = get_tz (tz0buf); + z = tz1 = large_tz ? xmalloc (tzsize) : tz1buf; + for (s = tzbase; *s != '"'; s++) +@@ -1316,7 +1314,12 @@ + if (!setenv_ok) + goto fail; + tz_was_altered = true; ++ + p = s + 1; ++ while (c = *p, c_isspace (c)) ++ p++; ++ ++ break; + } + } + diff --git a/meta/recipes-core/coreutils/coreutils_8.22.bb b/meta/recipes-core/coreutils/coreutils_8.22.bb index ba3a0a0228..9746683b64 100644 --- a/meta/recipes-core/coreutils/coreutils_8.22.bb +++ b/meta/recipes-core/coreutils/coreutils_8.22.bb @@ -16,6 +16,7 @@ SRC_URI = "${GNU_MIRROR}/coreutils/${BP}.tar.xz \ file://remove-usr-local-lib-from-m4.patch \ file://dummy_help2man.patch \ file://fix-for-dummy-man-usage.patch \ + file://parse-datetime-CVE-2014-9471.patch \ " SRC_URI[md5sum] = "8fb0ae2267aa6e728958adc38f8163a2" |