aspell: fix CVE-2019-17544

Backport CVE-2019-17544 fix to zeus. (From OE-Core rev: 7ed241ff1f93c623a3b3030249c09f7c3c429a46) Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Trevor Gamblin <trevor.gamblin@windriver.com> 2019-10-16 05:54:56 -0700
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2019-10-29 09:08:17 +0000
commit: 6da99970569710bbb38aa63fb961af1549678e8d (patch)
tree: 2bb9a60d2ba55f1a1c09120f6ff23ae151cadf94 /meta/recipes-support/aspell/aspell/0001-Fix-various-bugs-found-by-OSS-Fuze.patch
parent: 4f5919d899adb0ad087ef3cf5229f42314dbe951 (diff)
download: poky-6da99970569710bbb38aa63fb961af1549678e8d.tar.gz
1 files changed, 56 insertions, 0 deletions
diff --git a/meta/recipes-support/aspell/aspell/0001-Fix-various-bugs-found-by-OSS-Fuze.patch b/meta/recipes-support/aspell/aspell/0001-Fix-various-bugs-found-by-OSS-Fuze.patch
new file mode 100644
index 0000000000..259075b37c
--- /dev/null
+++ b/meta/recipes-support/aspell/aspell/0001-Fix-various-bugs-found-by-OSS-Fuze.patch
@@ -0,0 +1,56 @@
+From 80fa26c74279fced8d778351cff19d1d8f44fe4e Mon Sep 17 00:00:00 2001
+From: Kevin Atkinson <kevina@gnu.org>
+Date: Sun, 4 Aug 2019 04:20:29 -0400
+Subject: [PATCH] Fix various bugs found by OSS-Fuze.
+---
+ common/config.cpp    | 2 +-
+ common/file_util.cpp | 1 +
+ common/getdata.cpp   | 2 +-
+ 3 files changed, 3 insertions(+), 2 deletions(-)
+Upstream-Status: Backport [https://github.com/GNUAspell/aspell/commit/80fa26c74279fced8d778351cff19d1d8f44fe4e]
+CVE: CVE-2019-17544
+Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
+diff --git a/common/config.cpp b/common/config.cpp
+index 017e741..e117d3c 100644
+--- a/common/config.cpp
+++ b/common/config.cpp
+@@ -763,7 +763,7 @@ namespace acommon {
+       }
+       res.append(':');
+     }
+-    if (res.back() == ':') res.pop_back();
+    if (!res.empty() && res.back() == ':') res.pop_back();
+   }
+ 
+   struct ListAddHelper : public AddableContainer 
+diff --git a/common/file_util.cpp b/common/file_util.cpp
+index 8515832..56ea501 100644
+--- a/common/file_util.cpp
+++ b/common/file_util.cpp
+@@ -181,6 +181,7 @@ namespace acommon {
+     while ( (dir = els.next()) != 0 ) 
+     {
+       path = dir;
+      if (path.empty()) continue;
+       if (path.back() != '/') path += '/';
+       unsigned dir_len = path.size();
+       path += filename;
+diff --git a/common/getdata.cpp b/common/getdata.cpp
+index 7e822c9..1b04823 100644
+--- a/common/getdata.cpp
+++ b/common/getdata.cpp
+@@ -64,7 +64,7 @@ namespace acommon {
+   char * unescape(char * dest, const char * src)
+   {
+     while (*src) {
+-      if (*src == '\\') {
+      if (*src == '\\' && src[1]) {
+        ++src;
+        switch (*src) {
+        case 'n': *dest = '\n'; break;
+-- 
+2.17.1
author	Trevor Gamblin <trevor.gamblin@windriver.com>	2019-10-16 05:54:56 -0700
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2019-10-29 09:08:17 +0000
commit	6da99970569710bbb38aa63fb961af1549678e8d (patch)
tree	2bb9a60d2ba55f1a1c09120f6ff23ae151cadf94 /meta/recipes-support/aspell/aspell/0001-Fix-various-bugs-found-by-OSS-Fuze.patch
parent	4f5919d899adb0ad087ef3cf5229f42314dbe951 (diff)
download	poky-6da99970569710bbb38aa63fb961af1549678e8d.tar.gz

diff --git a/meta/recipes-support/aspell/aspell/0001-Fix-various-bugs-found-by-OSS-Fuze.patch b/meta/recipes-support/aspell/aspell/0001-Fix-various-bugs-found-by-OSS-Fuze.patch new file mode 100644 index 0000000000..259075b37c --- /dev/null +++ b/meta/recipes-support/aspell/aspell/0001-Fix-various-bugs-found-by-OSS-Fuze.patch
@@ -0,0 +1,56 @@
	1	From 80fa26c74279fced8d778351cff19d1d8f44fe4e Mon Sep 17 00:00:00 2001
	2	From: Kevin Atkinson <kevina@gnu.org>
	3	Date: Sun, 4 Aug 2019 04:20:29 -0400
	4	Subject: [PATCH] Fix various bugs found by OSS-Fuze.
	5
	6	---
	7	common/config.cpp \| 2 +-
	8	common/file_util.cpp \| 1 +
	9	common/getdata.cpp \| 2 +-
	10	3 files changed, 3 insertions(+), 2 deletions(-)
	11
	12	Upstream-Status: Backport [https://github.com/GNUAspell/aspell/commit/80fa26c74279fced8d778351cff19d1d8f44fe4e]
	13	CVE: CVE-2019-17544
	14	Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
	15
	16	diff --git a/common/config.cpp b/common/config.cpp
	17	index 017e741..e117d3c 100644
	18	--- a/common/config.cpp
	19	+++ b/common/config.cpp
	20	@@ -763,7 +763,7 @@ namespace acommon {
	21	}
	22	res.append(':');
	23	}
	24	- if (res.back() == ':') res.pop_back();
	25	+ if (!res.empty() && res.back() == ':') res.pop_back();
	26	}
	27
	28	struct ListAddHelper : public AddableContainer
	29	diff --git a/common/file_util.cpp b/common/file_util.cpp
	30	index 8515832..56ea501 100644
	31	--- a/common/file_util.cpp
	32	+++ b/common/file_util.cpp
	33	@@ -181,6 +181,7 @@ namespace acommon {
	34	while ( (dir = els.next()) != 0 )
	35	{
	36	path = dir;
	37	+ if (path.empty()) continue;
	38	if (path.back() != '/') path += '/';
	39	unsigned dir_len = path.size();
	40	path += filename;
	41	diff --git a/common/getdata.cpp b/common/getdata.cpp
	42	index 7e822c9..1b04823 100644
	43	--- a/common/getdata.cpp
	44	+++ b/common/getdata.cpp
	45	@@ -64,7 +64,7 @@ namespace acommon {
	46	char * unescape(char * dest, const char * src)
	47	{
	48	while (*src) {
	49	- if (*src == '\\') {
	50	+ if (*src == '\\' && src[1]) {
	51	++src;
	52	switch (*src) {
	53	case 'n': *dest = '\n'; break;
	54	--
	55	2.17.1
	56