ruby: fix CVE-2017-9224

Use DATA_ENSURE(1) before access. (From OE-Core rev: 9db907a0bd331c47c4882b82f9f1d2a7ef1f6d1f) (From OE-Core rev: 7ba25f0d8d95ece5f5d56ace5b1e9c8c797efbc0) Signed-off-by: Joe Slater <jslater@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Fixed up to get to apply Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Joe Slater <jslater@windriver.com> 2017-08-16 14:46:11 -0700
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2017-09-11 22:15:58 +0100
commit: 62e244d71354f20e8680606e015565690f1bd4f5 (patch)
tree: b8171563fdfcb0e590decad26e05d681ccb37e59
parent: 960a653e0ca0a1fac5708974b6f0f1ae94430ebe (diff)
download: poky-62e244d71354f20e8680606e015565690f1bd4f5.tar.gz
2 files changed, 45 insertions, 0 deletions
diff --git a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9224.patch b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9224.patch
new file mode 100644
index 0000000000..848139b7e3
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9224.patch
@@ -0,0 +1,41 @@
+From 690313a061f7a4fa614ec5cc8368b4f2284e059b Mon Sep 17 00:00:00 2001
+From: "K.Kosako" <kosako@sofnec.co.jp>
+Date: Tue, 23 May 2017 10:28:58 +0900
+Subject: [PATCH] fix #57 : DATA_ENSURE() check must be before data access
+---
+ regexec.c |    5 -----
+ 1 file changed, 5 deletions(-)
+--- end of original header
+CVE: CVE-2017-9224
+Context modified so that patch applies for version 2.4.1.
+Upstream-Status: Pending
+Signed-off-by: Joe Slater <joe.slater@windriver.com>
+diff --git a/regexec.c b/regexec.c
+index 35fef11..d4e577d 100644
+--- a/regexec.c
+++ b/regexec.c
+@@ -1473,14 +1473,9 @@ match_at(regex_t* reg, const UChar* str, const UChar* end,
+       NEXT;
+     CASE(OP_EXACT1)  MOP_IN(OP_EXACT1);
+-#if 0
+       DATA_ENSURE(1);
+       if (*p != *s) goto fail;
+       p++; s++;
+-#endif
+-      if (*p != *s++) goto fail;
+-      DATA_ENSURE(0);
+-      p++;
+       MOP_OUT;
+       break;
+ 
+-- 
+1.7.9.5
diff --git a/meta/recipes-devtools/ruby/ruby_2.4.0.bb b/meta/recipes-devtools/ruby/ruby_2.4.0.bb
index 4d39c47630..47e521db84 100644
--- a/meta/recipes-devtools/ruby/ruby_2.4.0.bb
+++ b/meta/recipes-devtools/ruby/ruby_2.4.0.bb
@@ -1,5 +1,9 @@
 require ruby.inc
+SRC_URI += " \
+           file://ruby-CVE-2017-9224.patch \
+           "
 SRC_URI[md5sum] = "7e9485dcdb86ff52662728de2003e625"
 SRC_URI[sha256sum] = "152fd0bd15a90b4a18213448f485d4b53e9f7662e1508190aa5b702446b29e3d"
author	Joe Slater <jslater@windriver.com>	2017-08-16 14:46:11 -0700
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2017-09-11 22:15:58 +0100
commit	62e244d71354f20e8680606e015565690f1bd4f5 (patch)
tree	b8171563fdfcb0e590decad26e05d681ccb37e59
parent	960a653e0ca0a1fac5708974b6f0f1ae94430ebe (diff)
download	poky-62e244d71354f20e8680606e015565690f1bd4f5.tar.gz

diff --git a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9224.patch b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9224.patch new file mode 100644 index 0000000000..848139b7e3 --- /dev/null +++ b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9224.patch
@@ -0,0 +1,41 @@
		1	From 690313a061f7a4fa614ec5cc8368b4f2284e059b Mon Sep 17 00:00:00 2001
		2	From: "K.Kosako" <kosako@sofnec.co.jp>
		3	Date: Tue, 23 May 2017 10:28:58 +0900
		4	Subject: [PATCH] fix #57 : DATA_ENSURE() check must be before data access
		5
		6	---
		7	regexec.c \| 5 -----
		8	1 file changed, 5 deletions(-)
		9
		10	--- end of original header
		11
		12	CVE: CVE-2017-9224
		13
		14	Context modified so that patch applies for version 2.4.1.
		15
		16	Upstream-Status: Pending
		17	Signed-off-by: Joe Slater <joe.slater@windriver.com>
		18
		19
		20	diff --git a/regexec.c b/regexec.c
		21	index 35fef11..d4e577d 100644
		22	--- a/regexec.c
		23	+++ b/regexec.c
		24	@@ -1473,14 +1473,9 @@ match_at(regex_t* reg, const UChar* str, const UChar* end,
		25	NEXT;
		26
		27	CASE(OP_EXACT1) MOP_IN(OP_EXACT1);
		28	-#if 0
		29	DATA_ENSURE(1);
		30	if (p != s) goto fail;
		31	p++; s++;
		32	-#endif
		33	- if (p != s++) goto fail;
		34	- DATA_ENSURE(0);
		35	- p++;
		36	MOP_OUT;
		37	break;
		38
		39	--
		40	1.7.9.5
		41


diff --git a/meta/recipes-devtools/ruby/ruby_2.4.0.bb b/meta/recipes-devtools/ruby/ruby_2.4.0.bb index 4d39c47630..47e521db84 100644 --- a/meta/recipes-devtools/ruby/ruby_2.4.0.bb +++ b/meta/recipes-devtools/ruby/ruby_2.4.0.bb
@@ -1,5 +1,9 @@
1	require ruby.inc	1	require ruby.inc
2		2
		3	SRC_URI += " \
		4	file://ruby-CVE-2017-9224.patch \
		5	"
		6
3	SRC_URI[md5sum] = "7e9485dcdb86ff52662728de2003e625"	7	SRC_URI[md5sum] = "7e9485dcdb86ff52662728de2003e625"
4	SRC_URI[sha256sum] = "152fd0bd15a90b4a18213448f485d4b53e9f7662e1508190aa5b702446b29e3d"	8	SRC_URI[sha256sum] = "152fd0bd15a90b4a18213448f485d4b53e9f7662e1508190aa5b702446b29e3d"
5		9