summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSteve Sakoman <steve@sakoman.com>2022-02-28 05:52:10 -1000
committerRichard Purdie <richard.purdie@linuxfoundation.org>2022-03-09 17:30:48 +0000
commit32db22beecc4cc06f6384b9234e428d8d173108e (patch)
tree3263d807d06b8d20faae42d026477547ae530b25
parente173db21d0899a5cb185f01f8aaf92156d3e910c (diff)
downloadpoky-32db22beecc4cc06f6384b9234e428d8d173108e.tar.gz
expat: fix CVE-2022-25314
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString. Backport patch from: https://github.com/libexpat/libexpat/pull/560/commits/efcb347440ade24b9f1054671e6bd05e60b4cafd CVE: CVE-2022-25314 (From OE-Core rev: b92c33285c5f886c95a3734e61007b522b62a71f) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-core/expat/expat/CVE-2022-25314.patch32
-rw-r--r--meta/recipes-core/expat/expat_2.2.9.bb1
2 files changed, 33 insertions, 0 deletions
diff --git a/meta/recipes-core/expat/expat/CVE-2022-25314.patch b/meta/recipes-core/expat/expat/CVE-2022-25314.patch
new file mode 100644
index 0000000000..2f713ebb54
--- /dev/null
+++ b/meta/recipes-core/expat/expat/CVE-2022-25314.patch
@@ -0,0 +1,32 @@
1From efcb347440ade24b9f1054671e6bd05e60b4cafd Mon Sep 17 00:00:00 2001
2From: Samanta Navarro <ferivoz@riseup.net>
3Date: Tue, 15 Feb 2022 11:56:57 +0000
4Subject: [PATCH] Prevent integer overflow in copyString
5
6The copyString function is only used for encoding string supplied by
7the library user.
8
9Upstream-Status: Backport
10https://github.com/libexpat/libexpat/pull/560/commits/efcb347440ade24b9f1054671e6bd05e60b4cafd
11
12CVE: CVE-2022-25314
13
14Signed-off-by: Steve Sakoman <steve@sakoman.com>
15
16---
17 expat/lib/xmlparse.c | 2 +-
18 1 file changed, 1 insertion(+), 1 deletion(-)
19
20diff --git a/lib/xmlparse.c b/lib/xmlparse.c
21index 4b43e613..a39377c2 100644
22--- a/lib/xmlparse.c
23+++ b/lib/xmlparse.c
24@@ -7412,7 +7412,7 @@ getElementType(XML_Parser parser, const ENCODING *enc, const char *ptr,
25
26 static XML_Char *
27 copyString(const XML_Char *s, const XML_Memory_Handling_Suite *memsuite) {
28- int charsRequired = 0;
29+ size_t charsRequired = 0;
30 XML_Char *result;
31
32 /* First determine how long the string is */
diff --git a/meta/recipes-core/expat/expat_2.2.9.bb b/meta/recipes-core/expat/expat_2.2.9.bb
index 4d945a295e..dd8eeddf80 100644
--- a/meta/recipes-core/expat/expat_2.2.9.bb
+++ b/meta/recipes-core/expat/expat_2.2.9.bb
@@ -17,6 +17,7 @@ SRC_URI = "git://github.com/libexpat/libexpat.git;protocol=https;branch=master \
17 file://CVE-2022-25236.patch \ 17 file://CVE-2022-25236.patch \
18 file://CVE-2022-25313.patch \ 18 file://CVE-2022-25313.patch \
19 file://CVE-2022-25313-regression.patch \ 19 file://CVE-2022-25313-regression.patch \
20 file://CVE-2022-25314.patch \
20 file://libtool-tag.patch \ 21 file://libtool-tag.patch \
21 " 22 "
22 23