diff options
| author | Lee Chee Yang <chee.yang.lee@intel.com> | 2020-05-27 17:11:10 +0800 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2020-05-30 12:32:47 +0100 |
| commit | 0e3ff0c307e8607045827788a58d530e1ed593d6 (patch) | |
| tree | d0e86becffa41cde28abf5e072f16a2c05ee2657 /meta/recipes-support | |
| parent | a35bf0e5d3b5bcdfab33d441d76ac048c6a86c7d (diff) | |
| download | poky-0e3ff0c307e8607045827788a58d530e1ed593d6.tar.gz | |
re2c: fix CVE-2020-11958
(From OE-Core rev: 17daffa1bc6d5af2d77dafd2b146d78802e4f2d2)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-support')
| -rw-r--r-- | meta/recipes-support/re2c/re2c/CVE-2020-11958.patch | 41 | ||||
| -rw-r--r-- | meta/recipes-support/re2c/re2c_1.3.bb | 4 |
2 files changed, 44 insertions, 1 deletions
diff --git a/meta/recipes-support/re2c/re2c/CVE-2020-11958.patch b/meta/recipes-support/re2c/re2c/CVE-2020-11958.patch new file mode 100644 index 0000000000..43462e642a --- /dev/null +++ b/meta/recipes-support/re2c/re2c/CVE-2020-11958.patch | |||
| @@ -0,0 +1,41 @@ | |||
| 1 | From c4603ba5ce229db83a2a4fb93e6d4b4e3ec3776a Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Ulya Trofimovich <skvadrik@gmail.com> | ||
| 3 | Date: Fri, 17 Apr 2020 22:47:14 +0100 | ||
| 4 | Subject: [PATCH] Fix crash in lexer refill (reported by Agostino Sarubbo). | ||
| 5 | |||
| 6 | The crash happened in a rare case of a very long lexeme that doen't fit | ||
| 7 | into the buffer, forcing buffer reallocation. | ||
| 8 | |||
| 9 | The crash was caused by an incorrect calculation of the shift offset | ||
| 10 | (it was smaller than necessary). As a consequence, the data from buffer | ||
| 11 | start and up to the beginning of the current lexeme was not discarded | ||
| 12 | (as it should have been), resulting in less free space for new data than | ||
| 13 | expected. | ||
| 14 | |||
| 15 | Upstream-Status: Backport [https://github.com/skvadrik/re2c/commit/c4603ba5ce229db83a2a4fb93e6d4b4e3ec3776a] | ||
| 16 | CVE: CVE-2020-11958 | ||
| 17 | Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> | ||
| 18 | --- | ||
| 19 | src/parse/scanner.cc | 3 ++- | ||
| 20 | 1 file changed, 2 insertions(+), 1 deletion(-) | ||
| 21 | |||
| 22 | diff --git a/src/parse/scanner.cc b/src/parse/scanner.cc | ||
| 23 | index 1d6e9efa..bd651314 100644 | ||
| 24 | --- a/src/parse/scanner.cc | ||
| 25 | +++ b/src/parse/scanner.cc | ||
| 26 | @@ -155,13 +155,14 @@ bool Scanner::fill(size_t need) | ||
| 27 | if (!buf) fatal("out of memory"); | ||
| 28 | |||
| 29 | memmove(buf, tok, copy); | ||
| 30 | - shift_ptrs_and_fpos(buf - bot); | ||
| 31 | + shift_ptrs_and_fpos(buf - tok); | ||
| 32 | delete [] bot; | ||
| 33 | bot = buf; | ||
| 34 | |||
| 35 | free = BSIZE - copy; | ||
| 36 | } | ||
| 37 | |||
| 38 | + DASSERT(lim + free <= bot + BSIZE); | ||
| 39 | if (!read(free)) { | ||
| 40 | eof = lim; | ||
| 41 | memset(lim, 0, YYMAXFILL); | ||
diff --git a/meta/recipes-support/re2c/re2c_1.3.bb b/meta/recipes-support/re2c/re2c_1.3.bb index 0e1d938748..e9053acdf6 100644 --- a/meta/recipes-support/re2c/re2c_1.3.bb +++ b/meta/recipes-support/re2c/re2c_1.3.bb | |||
| @@ -5,7 +5,9 @@ SECTION = "devel" | |||
| 5 | LICENSE = "PD" | 5 | LICENSE = "PD" |
| 6 | LIC_FILES_CHKSUM = "file://LICENSE;md5=64eca4d8a3b67f9dc7656094731a2c8d" | 6 | LIC_FILES_CHKSUM = "file://LICENSE;md5=64eca4d8a3b67f9dc7656094731a2c8d" |
| 7 | 7 | ||
| 8 | SRC_URI = "https://github.com/skvadrik/re2c/releases/download/${PV}/${BPN}-${PV}.tar.xz" | 8 | SRC_URI = "https://github.com/skvadrik/re2c/releases/download/${PV}/${BPN}-${PV}.tar.xz \ |
| 9 | file://CVE-2020-11958.patch \ | ||
| 10 | " | ||
| 9 | SRC_URI[sha256sum] = "f37f25ff760e90088e7d03d1232002c2c2672646d5844fdf8e0d51a5cd75a503" | 11 | SRC_URI[sha256sum] = "f37f25ff760e90088e7d03d1232002c2c2672646d5844fdf8e0d51a5cd75a503" |
| 10 | UPSTREAM_CHECK_URI = "https://github.com/skvadrik/re2c/releases" | 12 | UPSTREAM_CHECK_URI = "https://github.com/skvadrik/re2c/releases" |
| 11 | 13 | ||