diff options
-rw-r--r-- | meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-14064.patch | 87 | ||||
-rw-r--r-- | meta/recipes-devtools/ruby/ruby_2.4.1.bb | 1 |
2 files changed, 88 insertions, 0 deletions
diff --git a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-14064.patch b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-14064.patch new file mode 100644 index 0000000000..88e693c94e --- /dev/null +++ b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-14064.patch @@ -0,0 +1,87 @@ +From 8f782fd8e181d9cfe9387ded43a5ca9692266b85 Mon Sep 17 00:00:00 2001 +From: Florian Frank <flori@ping.de> +Date: Thu, 2 Mar 2017 12:12:33 +0100 +Subject: [PATCH] Fix arbitrary heap exposure problem + +Upstream-Status: Backport +CVE: CVE-2017-14064 + +Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> +--- + ext/json/generator/generator.c | 12 ++++++------ + ext/json/generator/generator.h | 1 - + 2 files changed, 6 insertions(+), 7 deletions(-) + +diff --git a/ext/json/generator/generator.c b/ext/json/generator/generator.c +index ef85bb7..c88818c 100644 +--- a/ext/json/generator/generator.c ++++ b/ext/json/generator/generator.c +@@ -308,7 +308,7 @@ static char *fstrndup(const char *ptr, unsigned long len) { + char *result; + if (len <= 0) return NULL; + result = ALLOC_N(char, len); +- memccpy(result, ptr, 0, len); ++ memcpy(result, ptr, len); + return result; + } + +@@ -1062,7 +1062,7 @@ static VALUE cState_indent_set(VALUE self, VALUE indent) + } + } else { + if (state->indent) ruby_xfree(state->indent); +- state->indent = strdup(RSTRING_PTR(indent)); ++ state->indent = fstrndup(RSTRING_PTR(indent), len); + state->indent_len = len; + } + return Qnil; +@@ -1100,7 +1100,7 @@ static VALUE cState_space_set(VALUE self, VALUE space) + } + } else { + if (state->space) ruby_xfree(state->space); +- state->space = strdup(RSTRING_PTR(space)); ++ state->space = fstrndup(RSTRING_PTR(space), len); + state->space_len = len; + } + return Qnil; +@@ -1136,7 +1136,7 @@ static VALUE cState_space_before_set(VALUE self, VALUE space_before) + } + } else { + if (state->space_before) ruby_xfree(state->space_before); +- state->space_before = strdup(RSTRING_PTR(space_before)); ++ state->space_before = fstrndup(RSTRING_PTR(space_before), len); + state->space_before_len = len; + } + return Qnil; +@@ -1173,7 +1173,7 @@ static VALUE cState_object_nl_set(VALUE self, VALUE object_nl) + } + } else { + if (state->object_nl) ruby_xfree(state->object_nl); +- state->object_nl = strdup(RSTRING_PTR(object_nl)); ++ state->object_nl = fstrndup(RSTRING_PTR(object_nl), len); + state->object_nl_len = len; + } + return Qnil; +@@ -1208,7 +1208,7 @@ static VALUE cState_array_nl_set(VALUE self, VALUE array_nl) + } + } else { + if (state->array_nl) ruby_xfree(state->array_nl); +- state->array_nl = strdup(RSTRING_PTR(array_nl)); ++ state->array_nl = fstrndup(RSTRING_PTR(array_nl), len); + state->array_nl_len = len; + } + return Qnil; +diff --git a/ext/json/generator/generator.h b/ext/json/generator/generator.h +index 900b4d5..c367a62 100644 +--- a/ext/json/generator/generator.h ++++ b/ext/json/generator/generator.h +@@ -1,7 +1,6 @@ + #ifndef _GENERATOR_H_ + #define _GENERATOR_H_ + +-#include <string.h> + #include <math.h> + #include <ctype.h> + +-- +2.10.2 + diff --git a/meta/recipes-devtools/ruby/ruby_2.4.1.bb b/meta/recipes-devtools/ruby/ruby_2.4.1.bb index 4443146b57..7d27ac84ec 100644 --- a/meta/recipes-devtools/ruby/ruby_2.4.1.bb +++ b/meta/recipes-devtools/ruby/ruby_2.4.1.bb @@ -6,6 +6,7 @@ SRC_URI += " \ file://ruby-CVE-2017-9227.patch \ file://ruby-CVE-2017-9228.patch \ file://ruby-CVE-2017-9229.patch \ + file://ruby-CVE-2017-14064.patch \ " SRC_URI[md5sum] = "782bca562e474dd25956dd0017d92677" |