diff options
| author | Anuj Mittal <anuj.mittal@intel.com> | 2019-07-26 12:47:26 +0800 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2019-07-29 23:50:49 +0100 |
| commit | 31057d6dccf5fbb5f291dd69017cee34b214d375 (patch) | |
| tree | 8040c7fe0bc527583878ee5f64cb45d15251895b /meta/recipes-extended | |
| parent | 1ccb3bd2dc39a8c0ab939364c4ffd58fdc683773 (diff) | |
| download | poky-31057d6dccf5fbb5f291dd69017cee34b214d375.tar.gz | |
wget: fix CVE-2019-5953
(From OE-Core rev: db17c2467af57a802f29a423ce1e9f0508bff5fe)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-extended')
| -rw-r--r-- | meta/recipes-extended/wget/wget/CVE-2019-5953.patch | 34 | ||||
| -rw-r--r-- | meta/recipes-extended/wget/wget_1.20.1.bb | 1 |
2 files changed, 35 insertions, 0 deletions
diff --git a/meta/recipes-extended/wget/wget/CVE-2019-5953.patch b/meta/recipes-extended/wget/wget/CVE-2019-5953.patch new file mode 100644 index 0000000000..00efe20a2f --- /dev/null +++ b/meta/recipes-extended/wget/wget/CVE-2019-5953.patch | |||
| @@ -0,0 +1,34 @@ | |||
| 1 | From 692d5c5215de0db482c252492a92fc424cc6a97c Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Tim Ruehsen <tim.ruehsen@gmx.de> | ||
| 3 | Date: Fri, 5 Apr 2019 11:50:44 +0200 | ||
| 4 | Subject: Fix a buffer overflow vulnerability | ||
| 5 | |||
| 6 | * src/iri.c(do_conversion): Reallocate the output buffer to a larger | ||
| 7 | size if it is already full | ||
| 8 | Upstream-Status: Backport | ||
| 9 | CVE: CVE-2019-5953 | ||
| 10 | Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> | ||
| 11 | --- | ||
| 12 | --- a/src/iri.c | ||
| 13 | +++ b/src/iri.c | ||
| 14 | @@ -188,11 +191,14 @@ do_conversion (const char *tocode, const char *fromcode, char const *in_org, siz | ||
| 15 | } | ||
| 16 | else if (errno == E2BIG) /* Output buffer full */ | ||
| 17 | { | ||
| 18 | + logprintf (LOG_VERBOSE, | ||
| 19 | + _("Reallocate output buffer len=%d outlen=%d inlen=%d\n"), len, outlen, inlen); | ||
| 20 | tooshort++; | ||
| 21 | done = len; | ||
| 22 | - len = outlen = done + inlen * 2; | ||
| 23 | - s = xrealloc (s, outlen + 1); | ||
| 24 | - *out = s + done; | ||
| 25 | + len = done + inlen * 2; | ||
| 26 | + s = xrealloc (s, len + 1); | ||
| 27 | + *out = s + done - outlen; | ||
| 28 | + outlen += inlen * 2; | ||
| 29 | } | ||
| 30 | else /* Weird, we got an unspecified error */ | ||
| 31 | { | ||
| 32 | -- | ||
| 33 | cgit v1.0-41-gc330 | ||
| 34 | |||
diff --git a/meta/recipes-extended/wget/wget_1.20.1.bb b/meta/recipes-extended/wget/wget_1.20.1.bb index d176bd0acd..e852a0c0cf 100644 --- a/meta/recipes-extended/wget/wget_1.20.1.bb +++ b/meta/recipes-extended/wget/wget_1.20.1.bb | |||
| @@ -1,5 +1,6 @@ | |||
| 1 | SRC_URI = "${GNU_MIRROR}/wget/wget-${PV}.tar.gz \ | 1 | SRC_URI = "${GNU_MIRROR}/wget/wget-${PV}.tar.gz \ |
| 2 | file://0002-improve-reproducibility.patch \ | 2 | file://0002-improve-reproducibility.patch \ |
| 3 | file://CVE-2019-5953.patch \ | ||
| 3 | " | 4 | " |
| 4 | 5 | ||
| 5 | SRC_URI[md5sum] = "f6ebe9c7b375fc9832fb1b2028271fb7" | 6 | SRC_URI[md5sum] = "f6ebe9c7b375fc9832fb1b2028271fb7" |