summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSona Sarmadi <sona.sarmadi@enea.com>2015-04-29 11:02:20 +0200
committerRichard Purdie <richard.purdie@linuxfoundation.org>2015-05-01 12:34:52 +0100
commitccbb7ef72f799fd11824009f2b000090e09b8bef (patch)
treefae79ca104bd1bda968d8d93f154c30aa6063372
parentcafdccb29c350a0f030ef55f9cc7d5c4c0b5a0bb (diff)
downloadpoky-ccbb7ef72f799fd11824009f2b000090e09b8bef.tar.gz
coreutils: parse-datetime: CVE-2014-9471
Memory corruption flaw in parse_datetime() Reference https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9471 (From OE-Core rev: 0b13fbf3f9b4419141445b381ffa9445af6e52ab) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Maxin B. John <maxin.john@enea.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-core/coreutils/coreutils-8.22/parse-datetime-CVE-2014-9471.patch43
-rw-r--r--meta/recipes-core/coreutils/coreutils_8.22.bb1
2 files changed, 44 insertions, 0 deletions
diff --git a/meta/recipes-core/coreutils/coreutils-8.22/parse-datetime-CVE-2014-9471.patch b/meta/recipes-core/coreutils/coreutils-8.22/parse-datetime-CVE-2014-9471.patch
new file mode 100644
index 0000000000..a094b8b54e
--- /dev/null
+++ b/meta/recipes-core/coreutils/coreutils-8.22/parse-datetime-CVE-2014-9471.patch
@@ -0,0 +1,43 @@
1Upstream-Status: Backport
2Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
3---
4diff -ruN a/ChangeLog b/ChangeLog
5--- a/ChangeLog 2013-12-13 16:20:00.000000000 +0100
6+++ b/ChangeLog 2015-02-26 09:24:10.640577829 +0100
7@@ -1,3 +1,11 @@
8+2014-02-25 Sona Sarmadi <sona.sarmadi@enea.com>
9+
10+ parse-datetime: fix crash or infloop in TZ="" parsing
11+ * lib/parse-datetime.y (parse_datetime): Break out of the
12+ TZ="" parsing loop once the second significant " is found.
13+ Also skip over any subsequent whitespace to be consistent
14+ with the non TZ= case (CVE-2014-9471)
15+
16 2013-12-13 Pádraig Brady <P@draigBrady.com>
17
18 version 8.22
19diff -ruN a/lib/parse-datetime.y b/lib/parse-datetime.y
20--- a/lib/parse-datetime.y 2013-12-04 15:53:33.000000000 +0100
21+++ b/lib/parse-datetime.y 2015-02-26 09:20:15.238528670 +0100
22@@ -1303,8 +1303,6 @@
23 char tz1buf[TZBUFSIZE];
24 bool large_tz = TZBUFSIZE < tzsize;
25 bool setenv_ok;
26- /* Free tz0, in case this is the 2nd or subsequent time through. */
27- free (tz0);
28 tz0 = get_tz (tz0buf);
29 z = tz1 = large_tz ? xmalloc (tzsize) : tz1buf;
30 for (s = tzbase; *s != '"'; s++)
31@@ -1316,7 +1314,12 @@
32 if (!setenv_ok)
33 goto fail;
34 tz_was_altered = true;
35+
36 p = s + 1;
37+ while (c = *p, c_isspace (c))
38+ p++;
39+
40+ break;
41 }
42 }
43
diff --git a/meta/recipes-core/coreutils/coreutils_8.22.bb b/meta/recipes-core/coreutils/coreutils_8.22.bb
index ba3a0a0228..9746683b64 100644
--- a/meta/recipes-core/coreutils/coreutils_8.22.bb
+++ b/meta/recipes-core/coreutils/coreutils_8.22.bb
@@ -16,6 +16,7 @@ SRC_URI = "${GNU_MIRROR}/coreutils/${BP}.tar.xz \
16 file://remove-usr-local-lib-from-m4.patch \ 16 file://remove-usr-local-lib-from-m4.patch \
17 file://dummy_help2man.patch \ 17 file://dummy_help2man.patch \
18 file://fix-for-dummy-man-usage.patch \ 18 file://fix-for-dummy-man-usage.patch \
19 file://parse-datetime-CVE-2014-9471.patch \
19 " 20 "
20 21
21SRC_URI[md5sum] = "8fb0ae2267aa6e728958adc38f8163a2" 22SRC_URI[md5sum] = "8fb0ae2267aa6e728958adc38f8163a2"