summaryrefslogtreecommitdiffstats
path: root/meta/recipes-support/gpgme/gpgme-1.4.3
diff options
context:
space:
mode:
authorKai Kang <kai.kang@windriver.com>2015-05-28 09:26:14 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2015-05-30 22:26:12 +0100
commitfb0da9e6f34b65bbadd7aefa79705fc6f22778aa (patch)
tree91fe215ebeea17e303b71dbdad7325eccb3d3ea2 /meta/recipes-support/gpgme/gpgme-1.4.3
parent1c5e37acb9c091f533534d6e31d2b17599ef2d78 (diff)
downloadpoky-fb0da9e6f34b65bbadd7aefa79705fc6f22778aa.tar.gz
gpgme: fix CVE-2014-3564
Backport patch to fix CVE-2014-3564. http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=commit;h=2cbd76f (From OE-Core rev: 421e21b08a6a32db88aaf46033ca503a99e49b74) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-support/gpgme/gpgme-1.4.3')
-rw-r--r--meta/recipes-support/gpgme/gpgme-1.4.3/gpgme-fix-CVE-2014-3564.patch56
1 files changed, 56 insertions, 0 deletions
diff --git a/meta/recipes-support/gpgme/gpgme-1.4.3/gpgme-fix-CVE-2014-3564.patch b/meta/recipes-support/gpgme/gpgme-1.4.3/gpgme-fix-CVE-2014-3564.patch
new file mode 100644
index 0000000000..c728f58658
--- /dev/null
+++ b/meta/recipes-support/gpgme/gpgme-1.4.3/gpgme-fix-CVE-2014-3564.patch
@@ -0,0 +1,56 @@
1Upstream-Status: Backport
2
3Backport patch to fix CVE-2014-3564.
4
5http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=commit;h=2cbd76f7911fc215845e89b50d6af5ff4a83dd77
6
7Signed-off-by: Kai Kang <kai.kang@windriver.com>
8---
9From 2cbd76f7911fc215845e89b50d6af5ff4a83dd77 Mon Sep 17 00:00:00 2001
10From: Werner Koch <wk@gnupg.org>
11Date: Wed, 30 Jul 2014 11:04:55 +0200
12Subject: [PATCH 1/1] Fix possible realloc overflow for gpgsm and uiserver
13 engines.
14
15After a realloc (realloc is also used for initial alloc) the allocated
16size if the buffer is not correctly recorded. Thus an overflow can be
17introduced by receiving data with different line lengths in a specific
18order. This is not easy exploitable because libassuan constructs the
19line. However a crash has been reported and thus it might be possible
20to constructs an exploit.
21
22CVE-id: CVE-2014-3564
23Reported-by: Tomáš Trnka
24---
25 src/engine-gpgsm.c | 2 +-
26 src/engine-uiserver.c | 2 +-
27 3 files changed, 5 insertions(+), 2 deletions(-)
28
29diff --git a/src/engine-gpgsm.c b/src/engine-gpgsm.c
30index 8ec1598..3a83757 100644
31--- a/src/engine-gpgsm.c
32+++ b/src/engine-gpgsm.c
33@@ -836,7 +836,7 @@ status_handler (void *opaque, int fd)
34 else
35 {
36 *aline = newline;
37- gpgsm->colon.attic.linesize += linelen + 1;
38+ gpgsm->colon.attic.linesize = *alinelen + linelen + 1;
39 }
40 }
41 if (!err)
42diff --git a/src/engine-uiserver.c b/src/engine-uiserver.c
43index 2738c36..a7184b7 100644
44--- a/src/engine-uiserver.c
45+++ b/src/engine-uiserver.c
46@@ -698,7 +698,7 @@ status_handler (void *opaque, int fd)
47 else
48 {
49 *aline = newline;
50- uiserver->colon.attic.linesize += linelen + 1;
51+ uiserver->colon.attic.linesize = *alinelen + linelen + 1;
52 }
53 }
54 if (!err)
55--
562.1.4