diff options
author | Lee Chee Yang <chee.yang.lee@intel.com> | 2023-09-06 10:21:15 +0800 |
---|---|---|
committer | Steve Sakoman <steve@sakoman.com> | 2023-10-04 05:17:50 -1000 |
commit | fe546dca3f86d7fb3f721889dfb941538407df39 (patch) | |
tree | cd24594a30d497e36b8be08e2171e25458ccca06 | |
parent | 00722bacdd6f2817ccfb3617706b817c4a931941 (diff) | |
download | poky-fe546dca3f86d7fb3f721889dfb941538407df39.tar.gz |
libxpm: fix CVE-2022-46285
(From OE-Core rev: bd594af20fce07908f8e0fb1765b0e0ccc641e86)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
-rw-r--r-- | meta/recipes-graphics/xorg-lib/libxpm/CVE-2022-46285.patch | 40 | ||||
-rw-r--r-- | meta/recipes-graphics/xorg-lib/libxpm_3.5.13.bb | 2 |
2 files changed, 42 insertions, 0 deletions
diff --git a/meta/recipes-graphics/xorg-lib/libxpm/CVE-2022-46285.patch b/meta/recipes-graphics/xorg-lib/libxpm/CVE-2022-46285.patch new file mode 100644 index 0000000000..e8b654dfb2 --- /dev/null +++ b/meta/recipes-graphics/xorg-lib/libxpm/CVE-2022-46285.patch | |||
@@ -0,0 +1,40 @@ | |||
1 | CVE: CVE-2022-46285 | ||
2 | Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/a3a7c6dcc3b629d7650148 ] | ||
3 | Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> | ||
4 | |||
5 | From a3a7c6dcc3b629d765014816c566c63165c63ca8 Mon Sep 17 00:00:00 2001 | ||
6 | From: Alan Coopersmith <alan.coopersmith@oracle.com> | ||
7 | Date: Sat, 17 Dec 2022 12:23:45 -0800 | ||
8 | Subject: [PATCH] Fix CVE-2022-46285: Infinite loop on unclosed comments | ||
9 | |||
10 | When reading XPM images from a file with libXpm 3.5.14 or older, if a | ||
11 | comment in the file is not closed (i.e. a C-style comment starts with | ||
12 | "/*" and is missing the closing "*/"), the ParseComment() function will | ||
13 | loop forever calling getc() to try to read the rest of the comment, | ||
14 | failing to notice that it has returned EOF, which may cause a denial of | ||
15 | service to the calling program. | ||
16 | |||
17 | Reported-by: Marco Ivaldi <raptor@0xdeadbeef.info> | ||
18 | Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> | ||
19 | --- | ||
20 | src/data.c | 4 ++++ | ||
21 | 1 file changed, 4 insertions(+) | ||
22 | |||
23 | diff --git a/src/data.c b/src/data.c | ||
24 | index 898889c..bfad4ff 100644 | ||
25 | --- a/src/data.c | ||
26 | +++ b/src/data.c | ||
27 | @@ -174,6 +174,10 @@ ParseComment(xpmData *data) | ||
28 | notend = 0; | ||
29 | Ungetc(data, *s, file); | ||
30 | } | ||
31 | + else if (c == EOF) { | ||
32 | + /* hit end of file before the end of the comment */ | ||
33 | + return XpmFileInvalid; | ||
34 | + } | ||
35 | } | ||
36 | return 0; | ||
37 | } | ||
38 | -- | ||
39 | GitLab | ||
40 | |||
diff --git a/meta/recipes-graphics/xorg-lib/libxpm_3.5.13.bb b/meta/recipes-graphics/xorg-lib/libxpm_3.5.13.bb index fda8e32d2c..8937e61cb5 100644 --- a/meta/recipes-graphics/xorg-lib/libxpm_3.5.13.bb +++ b/meta/recipes-graphics/xorg-lib/libxpm_3.5.13.bb | |||
@@ -21,6 +21,8 @@ PACKAGES =+ "sxpm cxpm" | |||
21 | FILES_cxpm = "${bindir}/cxpm" | 21 | FILES_cxpm = "${bindir}/cxpm" |
22 | FILES_sxpm = "${bindir}/sxpm" | 22 | FILES_sxpm = "${bindir}/sxpm" |
23 | 23 | ||
24 | SRC_URI += " file://CVE-2022-46285.patch" | ||
25 | |||
24 | SRC_URI[md5sum] = "6f0ecf8d103d528cfc803aa475137afa" | 26 | SRC_URI[md5sum] = "6f0ecf8d103d528cfc803aa475137afa" |
25 | SRC_URI[sha256sum] = "9cd1da57588b6cb71450eff2273ef6b657537a9ac4d02d0014228845b935ac25" | 27 | SRC_URI[sha256sum] = "9cd1da57588b6cb71450eff2273ef6b657537a9ac4d02d0014228845b935ac25" |
26 | 28 | ||