summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRahul Taya <Rahul.Taya@kpit.com>2020-07-30 08:41:51 (GMT)
committerRichard Purdie <richard.purdie@linuxfoundation.org>2020-08-12 09:53:51 (GMT)
commitfb9a4d23c3de9b0140c999322034f8c969e8b1c7 (patch)
treea3c91fcef429a107edc8ca12ce0a9e4c758e4291
parent908d6ca32d10ede970343c88480906bc67645931 (diff)
downloadpoky-fb9a4d23c3de9b0140c999322034f8c969e8b1c7.tar.gz
libpcre: Add fix for CVE-2020-14155
Added below patch in libpcre CVE-2020-14155.patch This patch fixes below error: PCRE could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in libpcre via a large number after (?C substring. By sending a request with a large number, an attacker can execute arbitrary code on the system or cause the application to crash. Tested-by: Rahul Taya <Rahul.Taya@kpit.com> (From OE-Core rev: 3f536edfa56ce3f93223c23ed48427a0c24ede1a) Signed-off-by: Saloni Jain <Saloni.Jain@kpit.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-support/libpcre/libpcre/CVE-2020-14155.patch41
-rw-r--r--meta/recipes-support/libpcre/libpcre_8.43.bb1
2 files changed, 42 insertions, 0 deletions
diff --git a/meta/recipes-support/libpcre/libpcre/CVE-2020-14155.patch b/meta/recipes-support/libpcre/libpcre/CVE-2020-14155.patch
new file mode 100644
index 0000000..183512f
--- /dev/null
+++ b/meta/recipes-support/libpcre/libpcre/CVE-2020-14155.patch
@@ -0,0 +1,41 @@
1--- pcre-8.43/pcre_compile.c 2020-07-05 22:26:25.310501521 +0530
2+++ pcre-8.43/pcre_compile1.c 2020-07-05 22:30:22.254489562 +0530
3
4CVE: CVE-2020-14155
5Upstream-Status: Backport [https://vcs.pcre.org/pcre/code/trunk/pcre_compile.c?view=patch&r1=1761&r2=1760&pathrev=1761]
6Signed-off-by: Rahul Taya<Rahul.Taya@kpit.com>
7
8@@ -6,7 +6,7 @@
9 and semantics are as close as possible to those of the Perl 5 language.
10
11 Written by Philip Hazel
12- Copyright (c) 1997-2018 University of Cambridge
13+ Copyright (c) 1997-2020 University of Cambridge
14
15 -----------------------------------------------------------------------------
16 Redistribution and use in source and binary forms, with or without
17@@ -7130,17 +7130,19 @@
18 int n = 0;
19 ptr++;
20 while(IS_DIGIT(*ptr))
21+ {
22 n = n * 10 + *ptr++ - CHAR_0;
23+ if (n > 255)
24+ {
25+ *errorcodeptr = ERR38;
26+ goto FAILED;
27+ }
28+ }
29 if (*ptr != CHAR_RIGHT_PARENTHESIS)
30 {
31 *errorcodeptr = ERR39;
32 goto FAILED;
33 }
34- if (n > 255)
35- {
36- *errorcodeptr = ERR38;
37- goto FAILED;
38- }
39 *code++ = n;
40 PUT(code, 0, (int)(ptr - cd->start_pattern + 1)); /* Pattern offset */
41 PUT(code, LINK_SIZE, 0); /* Default length */
diff --git a/meta/recipes-support/libpcre/libpcre_8.43.bb b/meta/recipes-support/libpcre/libpcre_8.43.bb
index b97af08..60ece64 100644
--- a/meta/recipes-support/libpcre/libpcre_8.43.bb
+++ b/meta/recipes-support/libpcre/libpcre_8.43.bb
@@ -12,6 +12,7 @@ SRC_URI = "https://ftp.pcre.org/pub/pcre/pcre-${PV}.tar.bz2 \
12 file://out-of-tree.patch \ 12 file://out-of-tree.patch \
13 file://run-ptest \ 13 file://run-ptest \
14 file://Makefile \ 14 file://Makefile \
15 file://CVE-2020-14155.patch \
15" 16"
16 17
17SRC_URI[md5sum] = "636222e79e392c3d95dcc545f24f98c4" 18SRC_URI[md5sum] = "636222e79e392c3d95dcc545f24f98c4"