summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authoryanjun.zhu <yanjun.zhu@windriver.com>2012-11-30 11:08:56 (GMT)
committerRichard Purdie <richard.purdie@linuxfoundation.org>2012-12-07 15:58:18 (GMT)
commitb8f6d9cbfde193e6c2dbe11aec57f6ef9d7986f4 (patch)
treee13477a2e618a4881e0a8dab72761ffaf205bf21
parent2288ff099c33574bc1615b4aa3422ea8a4ee73da (diff)
downloadpoky-b8f6d9cbfde193e6c2dbe11aec57f6ef9d7986f4.tar.gz
libproxy: Fix for CVE-2012-4504
Reference:https://code.google.com/p/libproxy/source/detail?r=853 Stack-based buffer overflow in the url::get_pac function in url.cpp in libproxy 0.4.x before 0.4.9 allows remote servers to have an unspecified impact via a large proxy.pac file. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4504 [YOCTO #3487] Fixes denzil [YOCTO #3511] (From OE-Core rev: 543d608ae6251956b84e6423ec66f146f926d4b8) Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch29
-rw-r--r--meta/recipes-support/libproxy/libproxy_0.4.7.bb1
2 files changed, 30 insertions, 0 deletions
diff --git a/meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch b/meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch
new file mode 100644
index 0000000..7f2d93a
--- /dev/null
+++ b/meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch
@@ -0,0 +1,29 @@
1Upstream-Status: Backport
2
3libproxy - CVE-2012-4504:
4
5Reference:https://code.google.com/p/libproxy/source/detail?r=853
6
7Stack-based buffer overflow in the url::get_pac function in url.cpp
8in libproxy 0.4.x before 0.4.9 allows remote servers to have an
9unspecified impact via a large proxy.pac file.
10
11http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4504
12
13Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
14
15diff -urpN a/libproxy/url.cpp b/libproxy/url.cpp
16--- a/libproxy/url.cpp 2012-11-26 10:08:47.000000000 +0800
17+++ b/libproxy/url.cpp 2012-11-26 10:05:54.000000000 +0800
18@@ -472,9 +472,10 @@ char* url::get_pac() {
19 // Add this chunk to our content length,
20 // ensuring that we aren't over our max size
21 content_length += chunk_length;
22- if (content_length >= PAC_MAX_SIZE) break;
23 }
24
25+ if (content_length >= PAC_MAX_SIZE) break;
26+
27 while (recvd != content_length) {
28 int r = recv(sock, buffer + recvd, content_length - recvd, 0);
29 if (r < 0) break;
diff --git a/meta/recipes-support/libproxy/libproxy_0.4.7.bb b/meta/recipes-support/libproxy/libproxy_0.4.7.bb
index e3721a8..fc32f57 100644
--- a/meta/recipes-support/libproxy/libproxy_0.4.7.bb
+++ b/meta/recipes-support/libproxy/libproxy_0.4.7.bb
@@ -13,6 +13,7 @@ PR = "r4"
13SRC_URI = "http://libproxy.googlecode.com/files/libproxy-${PV}.tar.gz \ 13SRC_URI = "http://libproxy.googlecode.com/files/libproxy-${PV}.tar.gz \
14 file://g++-namepace.patch \ 14 file://g++-namepace.patch \
15 file://libproxy_fix_for_gcc4.7.patch \ 15 file://libproxy_fix_for_gcc4.7.patch \
16 file://libproxy-0.4.7-CVE-2012-4504.patch \
16 " 17 "
17 18
18SRC_URI[md5sum] = "509e03a488a61cd62bfbaf3ab6a2a7a5" 19SRC_URI[md5sum] = "509e03a488a61cd62bfbaf3ab6a2a7a5"