ruby: Security fix for CVE-2017-14064

Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 (From OE-Core rev: 8d53b03e8fa1bc20c0d77d6cd7869bd7f7325987) Signed-off-by: Rajkumar Veer <rveer@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Rajkumar Veer <rveer@mvista.com> 2017-11-04 10:45:58 -0700
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2017-11-21 14:43:55 +0000
commit: eb70e899c48abec05d547e43c98c9b1185ccd95d (patch)
tree: e9b497f31a47f3148469ba1f9286b0ca2490ad94
parent: ecd6e7d10175d269a3424996f7e71ac48be3c613 (diff)
download: poky-eb70e899c48abec05d547e43c98c9b1185ccd95d.tar.gz
2 files changed, 80 insertions, 0 deletions
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2017-14064.patch b/meta/recipes-devtools/ruby/ruby/CVE-2017-14064.patch
new file mode 100644
index 0000000000..073d214d88
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2017-14064.patch
@@ -0,0 +1,79 @@
+From 8f782fd8e181d9cfe9387ded43a5ca9692266b85 Mon Sep 17 00:00:00 2001
+From: Florian Frank <flori@ping.de>
+Date: Thu, 2 Mar 2017 12:12:33 +0100
+Subject: [PATCH] Fix arbitrary heap exposure problem
+Upstream-Status: Backport
+CVE: CVE-2017-14064
+Signed-off-by: Rajkumar Veer<rveer@mvista.com>
+---
+ ext/json/ext/generator/generator.c | 12 ++++++------
+ ext/json/ext/generator/generator.h |  1 -
+ 2 files changed, 6 insertions(+), 7 deletions(-)
+--- a/ext/json/generator/generator.c
+++ b/ext/json/generator/generator.c
+@@ -301,7 +301,7 @@
+   char *result;
+   if (len <= 0) return NULL;
+   result = ALLOC_N(char, len);
+-  memccpy(result, ptr, 0, len);
+  memcpy(result, ptr, len);
+   return result;
+ }
+ 
+@@ -1055,7 +1055,7 @@
+         }
+     } else {
+         if (state->indent) ruby_xfree(state->indent);
+-        state->indent = strdup(RSTRING_PTR(indent));
+        state->indent = fstrndup(RSTRING_PTR(indent), len);
+         state->indent_len = len;
+     }
+     return Qnil;
+@@ -1093,7 +1093,7 @@
+         }
+     } else {
+         if (state->space) ruby_xfree(state->space);
+-        state->space = strdup(RSTRING_PTR(space));
+        state->space = fstrndup(RSTRING_PTR(space), len);
+         state->space_len = len;
+     }
+     return Qnil;
+@@ -1129,7 +1129,7 @@
+         }
+     } else {
+         if (state->space_before) ruby_xfree(state->space_before);
+-        state->space_before = strdup(RSTRING_PTR(space_before));
+        state->space_before = fstrndup(RSTRING_PTR(space_before), len);
+         state->space_before_len = len;
+     }
+     return Qnil;
+@@ -1166,7 +1166,7 @@
+         }
+     } else {
+         if (state->object_nl) ruby_xfree(state->object_nl);
+-        state->object_nl = strdup(RSTRING_PTR(object_nl));
+        state->object_nl = fstrndup(RSTRING_PTR(object_nl), len);
+         state->object_nl_len = len;
+     }
+     return Qnil;
+@@ -1201,7 +1201,7 @@
+         }
+     } else {
+         if (state->array_nl) ruby_xfree(state->array_nl);
+-        state->array_nl = strdup(RSTRING_PTR(array_nl));
+        state->array_nl = fstrndup(RSTRING_PTR(array_nl), len); 
+         state->array_nl_len = len;
+     }
+     return Qnil;
+--- a/ext/json/generator/generator.h
+++ b/ext/json/generator/generator.h
+@@ -1,7 +1,6 @@
+ #ifndef _GENERATOR_H_
+ #define _GENERATOR_H_
+ 
+-#include <string.h>
+ #include <math.h>
+ #include <ctype.h>
+ 
diff --git a/meta/recipes-devtools/ruby/ruby_2.2.5.bb b/meta/recipes-devtools/ruby/ruby_2.2.5.bb
index 08308057b9..750ddc690f 100644
--- a/meta/recipes-devtools/ruby/ruby_2.2.5.bb
+++ b/meta/recipes-devtools/ruby/ruby_2.2.5.bb
@@ -10,6 +10,7 @@ SRC_URI += "file://prevent-gc.patch \
            file://CVE-2017-9226.patch \
            file://CVE-2017-9229.patch \
            file://CVE-2017-14033.patch \
+            file://CVE-2017-14064.patch \
 "
 # it's unknown to configure script, but then passed to extconf.rb
author	Rajkumar Veer <rveer@mvista.com>	2017-11-04 10:45:58 -0700
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2017-11-21 14:43:55 +0000
commit	eb70e899c48abec05d547e43c98c9b1185ccd95d (patch)
tree	e9b497f31a47f3148469ba1f9286b0ca2490ad94
parent	ecd6e7d10175d269a3424996f7e71ac48be3c613 (diff)
download	poky-eb70e899c48abec05d547e43c98c9b1185ccd95d.tar.gz

diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2017-14064.patch b/meta/recipes-devtools/ruby/ruby/CVE-2017-14064.patch new file mode 100644 index 0000000000..073d214d88 --- /dev/null +++ b/meta/recipes-devtools/ruby/ruby/CVE-2017-14064.patch
@@ -0,0 +1,79 @@
		1	From 8f782fd8e181d9cfe9387ded43a5ca9692266b85 Mon Sep 17 00:00:00 2001
		2	From: Florian Frank <flori@ping.de>
		3	Date: Thu, 2 Mar 2017 12:12:33 +0100
		4	Subject: [PATCH] Fix arbitrary heap exposure problem
		5
		6	Upstream-Status: Backport
		7	CVE: CVE-2017-14064
		8
		9	Signed-off-by: Rajkumar Veer<rveer@mvista.com>
		10	---
		11	ext/json/ext/generator/generator.c \| 12 ++++++------
		12	ext/json/ext/generator/generator.h \| 1 -
		13	2 files changed, 6 insertions(+), 7 deletions(-)
		14	--- a/ext/json/generator/generator.c
		15	+++ b/ext/json/generator/generator.c
		16	@@ -301,7 +301,7 @@
		17	char *result;
		18	if (len <= 0) return NULL;
		19	result = ALLOC_N(char, len);
		20	- memccpy(result, ptr, 0, len);
		21	+ memcpy(result, ptr, len);
		22	return result;
		23	}
		24
		25	@@ -1055,7 +1055,7 @@
		26	}
		27	} else {
		28	if (state->indent) ruby_xfree(state->indent);
		29	- state->indent = strdup(RSTRING_PTR(indent));
		30	+ state->indent = fstrndup(RSTRING_PTR(indent), len);
		31	state->indent_len = len;
		32	}
		33	return Qnil;
		34	@@ -1093,7 +1093,7 @@
		35	}
		36	} else {
		37	if (state->space) ruby_xfree(state->space);
		38	- state->space = strdup(RSTRING_PTR(space));
		39	+ state->space = fstrndup(RSTRING_PTR(space), len);
		40	state->space_len = len;
		41	}
		42	return Qnil;
		43	@@ -1129,7 +1129,7 @@
		44	}
		45	} else {
		46	if (state->space_before) ruby_xfree(state->space_before);
		47	- state->space_before = strdup(RSTRING_PTR(space_before));
		48	+ state->space_before = fstrndup(RSTRING_PTR(space_before), len);
		49	state->space_before_len = len;
		50	}
		51	return Qnil;
		52	@@ -1166,7 +1166,7 @@
		53	}
		54	} else {
		55	if (state->object_nl) ruby_xfree(state->object_nl);
		56	- state->object_nl = strdup(RSTRING_PTR(object_nl));
		57	+ state->object_nl = fstrndup(RSTRING_PTR(object_nl), len);
		58	state->object_nl_len = len;
		59	}
		60	return Qnil;
		61	@@ -1201,7 +1201,7 @@
		62	}
		63	} else {
		64	if (state->array_nl) ruby_xfree(state->array_nl);
		65	- state->array_nl = strdup(RSTRING_PTR(array_nl));
		66	+ state->array_nl = fstrndup(RSTRING_PTR(array_nl), len);
		67	state->array_nl_len = len;
		68	}
		69	return Qnil;
		70	--- a/ext/json/generator/generator.h
		71	+++ b/ext/json/generator/generator.h
		72	@@ -1,7 +1,6 @@
		73	#ifndef _GENERATOR_H_
		74	#define _GENERATOR_H_
		75
		76	-#include <string.h>
		77	#include <math.h>
		78	#include <ctype.h>
		79


diff --git a/meta/recipes-devtools/ruby/ruby_2.2.5.bb b/meta/recipes-devtools/ruby/ruby_2.2.5.bb index 08308057b9..750ddc690f 100644 --- a/meta/recipes-devtools/ruby/ruby_2.2.5.bb +++ b/meta/recipes-devtools/ruby/ruby_2.2.5.bb
@@ -10,6 +10,7 @@ SRC_URI += "file://prevent-gc.patch \
10	file://CVE-2017-9226.patch \	10	file://CVE-2017-9226.patch \
11	file://CVE-2017-9229.patch \	11	file://CVE-2017-9229.patch \
12	file://CVE-2017-14033.patch \	12	file://CVE-2017-14033.patch \
		13	file://CVE-2017-14064.patch \
13	"	14	"
14		15
15	# it's unknown to configure script, but then passed to extconf.rb	16	# it's unknown to configure script, but then passed to extconf.rb