libproxy: Fix for CVE-2012-4504

Reference:https://code.google.com/p/libproxy/source/detail?r=853 Stack-based buffer overflow in the url::get_pac function in url.cpp in libproxy 0.4.x before 0.4.9 allows remote servers to have an unspecified impact via a large proxy.pac file. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4504 [YOCTO #3487] (From OE-Core rev: 821401df8cd79e4878ad87f918b1ce8d0da141ec) Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: yanjun.zhu <yanjun.zhu@windriver.com> 2012-11-30 19:08:56 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2012-12-03 16:38:35 +0000
commit: 07d689aa876d3cceb2bbeaa08f6dc03f778611b7 (patch)
tree: ba4a4713e900052d5a32bf4735b1f1e0169e2420 /meta/recipes-support
parent: bca7285d84c53c846f8598083d1c94f672429a7f (diff)
download: poky-07d689aa876d3cceb2bbeaa08f6dc03f778611b7.tar.gz
2 files changed, 30 insertions, 0 deletions
diff --git a/meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch b/meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch
new file mode 100644
index 0000000000..7f2d93a937
--- /dev/null
+++ b/meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch
@@ -0,0 +1,29 @@
+Upstream-Status: Backport
+libproxy - CVE-2012-4504:
+Reference:https://code.google.com/p/libproxy/source/detail?r=853
+Stack-based buffer overflow in the url::get_pac function in url.cpp
+in libproxy 0.4.x before 0.4.9 allows remote servers to have an
+unspecified impact via a large proxy.pac file.
+http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4504
+Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com> 
+diff -urpN a/libproxy/url.cpp b/libproxy/url.cpp
+--- a/libproxy/url.cpp  2012-11-26 10:08:47.000000000 +0800
+++ b/libproxy/url.cpp  2012-11-26 10:05:54.000000000 +0800
+@@ -472,9 +472,10 @@ char* url::get_pac() {
+                                // Add this chunk to our content length,
+                                // ensuring that we aren't over our max size
+                                content_length += chunk_length;
+-                               if (content_length >= PAC_MAX_SIZE) break;
+                        }
+ 
+                       if (content_length >= PAC_MAX_SIZE) break;
+
+                        while (recvd != content_length) {
+                                int r = recv(sock, buffer + recvd, content_length - recvd, 0);
+                                if (r < 0) break;
diff --git a/meta/recipes-support/libproxy/libproxy_0.4.7.bb b/meta/recipes-support/libproxy/libproxy_0.4.7.bb
index c6a733a1df..510c6b7c4e 100644
--- a/meta/recipes-support/libproxy/libproxy_0.4.7.bb
+++ b/meta/recipes-support/libproxy/libproxy_0.4.7.bb
@@ -13,6 +13,7 @@ PR = "r5"
 SRC_URI = "http://libproxy.googlecode.com/files/libproxy-${PV}.tar.gz \
           file://g++-namepace.patch \
           file://libproxy_fix_for_gcc4.7.patch \
+           file://libproxy-0.4.7-CVE-2012-4504.patch \
          "
 SRC_URI[md5sum] = "509e03a488a61cd62bfbaf3ab6a2a7a5"
author	yanjun.zhu <yanjun.zhu@windriver.com>	2012-11-30 19:08:56 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2012-12-03 16:38:35 +0000
commit	07d689aa876d3cceb2bbeaa08f6dc03f778611b7 (patch)
tree	ba4a4713e900052d5a32bf4735b1f1e0169e2420 /meta/recipes-support
parent	bca7285d84c53c846f8598083d1c94f672429a7f (diff)
download	poky-07d689aa876d3cceb2bbeaa08f6dc03f778611b7.tar.gz

diff --git a/meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch b/meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch new file mode 100644 index 0000000000..7f2d93a937 --- /dev/null +++ b/meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch
@@ -0,0 +1,29 @@
		1	Upstream-Status: Backport
		2
		3	libproxy - CVE-2012-4504:
		4
		5	Reference:https://code.google.com/p/libproxy/source/detail?r=853
		6
		7	Stack-based buffer overflow in the url::get_pac function in url.cpp
		8	in libproxy 0.4.x before 0.4.9 allows remote servers to have an
		9	unspecified impact via a large proxy.pac file.
		10
		11	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4504
		12
		13	Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
		14
		15	diff -urpN a/libproxy/url.cpp b/libproxy/url.cpp
		16	--- a/libproxy/url.cpp 2012-11-26 10:08:47.000000000 +0800
		17	+++ b/libproxy/url.cpp 2012-11-26 10:05:54.000000000 +0800
		18	@@ -472,9 +472,10 @@ char* url::get_pac() {
		19	// Add this chunk to our content length,
		20	// ensuring that we aren't over our max size
		21	content_length += chunk_length;
		22	- if (content_length >= PAC_MAX_SIZE) break;
		23	}
		24
		25	+ if (content_length >= PAC_MAX_SIZE) break;
		26	+
		27	while (recvd != content_length) {
		28	int r = recv(sock, buffer + recvd, content_length - recvd, 0);
		29	if (r < 0) break;


diff --git a/meta/recipes-support/libproxy/libproxy_0.4.7.bb b/meta/recipes-support/libproxy/libproxy_0.4.7.bb index c6a733a1df..510c6b7c4e 100644 --- a/meta/recipes-support/libproxy/libproxy_0.4.7.bb +++ b/meta/recipes-support/libproxy/libproxy_0.4.7.bb
@@ -13,6 +13,7 @@ PR = "r5"
13	SRC_URI = "http://libproxy.googlecode.com/files/libproxy-${PV}.tar.gz \	13	SRC_URI = "http://libproxy.googlecode.com/files/libproxy-${PV}.tar.gz \
14	file://g++-namepace.patch \	14	file://g++-namepace.patch \
15	file://libproxy_fix_for_gcc4.7.patch \	15	file://libproxy_fix_for_gcc4.7.patch \
		16	file://libproxy-0.4.7-CVE-2012-4504.patch \
16	"	17	"
17		18
18	SRC_URI[md5sum] = "509e03a488a61cd62bfbaf3ab6a2a7a5"	19	SRC_URI[md5sum] = "509e03a488a61cd62bfbaf3ab6a2a7a5"