diff options
author | Tudor Florea <tudor.florea@enea.com> | 2015-10-09 22:59:03 +0200 |
---|---|---|
committer | Tudor Florea <tudor.florea@enea.com> | 2015-10-09 22:59:03 +0200 |
commit | 972dcfcdbfe75dcfeb777150c136576cf1a71e99 (patch) | |
tree | 97a61cd7e293d7ae9d56ef7ed0f81253365bb026 /meta/recipes-core/coreutils/coreutils-8.22/date-tz-crash.patch | |
download | poky-972dcfcdbfe75dcfeb777150c136576cf1a71e99.tar.gz |
initial commit for Enea Linux 5.0 arm
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Diffstat (limited to 'meta/recipes-core/coreutils/coreutils-8.22/date-tz-crash.patch')
-rw-r--r-- | meta/recipes-core/coreutils/coreutils-8.22/date-tz-crash.patch | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/meta/recipes-core/coreutils/coreutils-8.22/date-tz-crash.patch b/meta/recipes-core/coreutils/coreutils-8.22/date-tz-crash.patch new file mode 100644 index 0000000000..570e4fd49c --- /dev/null +++ b/meta/recipes-core/coreutils/coreutils-8.22/date-tz-crash.patch | |||
@@ -0,0 +1,43 @@ | |||
1 | This was reported in http://bugs.gnu.org/16872 | ||
2 | from the coreutils command: date -d 'TZ="""' | ||
3 | |||
4 | The infinite loop for this case was present since the | ||
5 | initial TZ="" parsing support in commit de95bdc2 29-10-2004. | ||
6 | This was changed to a crash or heap corruption depending | ||
7 | on the platform with commit 2e3e4195 18-01-2010. | ||
8 | |||
9 | * lib/parse-datetime.y (parse_datetime): Break out of the | ||
10 | TZ="" parsing loop once the second significant " is found. | ||
11 | Also skip over any subsequent whitespace to be consistent | ||
12 | with the non TZ= case. | ||
13 | |||
14 | Fixes: CVE-2014-9471 | ||
15 | |||
16 | Upstream-Status: backport | ||
17 | |||
18 | Signed-off-by: Maxin B. John <maxin.john@enea.com> | ||
19 | Signed-off-by: Pádraig Brady <P@draigBrady.com> | ||
20 | --- | ||
21 | diff -Naur coreutils-8.22-origin/lib/parse-datetime.y coreutils-8.22/lib/parse-datetime.y | ||
22 | --- coreutils-8.22-origin/lib/parse-datetime.y 2013-12-04 15:53:33.000000000 +0100 | ||
23 | +++ coreutils-8.22/lib/parse-datetime.y 2015-01-05 17:11:16.754358184 +0100 | ||
24 | @@ -1303,8 +1303,6 @@ | ||
25 | char tz1buf[TZBUFSIZE]; | ||
26 | bool large_tz = TZBUFSIZE < tzsize; | ||
27 | bool setenv_ok; | ||
28 | - /* Free tz0, in case this is the 2nd or subsequent time through. */ | ||
29 | - free (tz0); | ||
30 | tz0 = get_tz (tz0buf); | ||
31 | z = tz1 = large_tz ? xmalloc (tzsize) : tz1buf; | ||
32 | for (s = tzbase; *s != '"'; s++) | ||
33 | @@ -1317,6 +1315,10 @@ | ||
34 | goto fail; | ||
35 | tz_was_altered = true; | ||
36 | p = s + 1; | ||
37 | + while (c = *p, c_isspace (c)) | ||
38 | + p++; | ||
39 | + | ||
40 | + break; | ||
41 | } | ||
42 | } | ||
43 | |||