libcroco: patch for CVE-2017-7960

(From OE-Core rev: 2539d7334cbe9693ebe68d33c7a97872a1645510) (From OE-Core rev: 3abf7932e43115cc6f9a1c85a00e6578bb327b9a) Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Changqing Li <changqing.li@windriver.com> 2018-08-28 17:39:23 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-09-27 12:17:45 +0100
commit: d3e6b9e6f4f46920a255a5a7b96fffede9bbcb84 (patch)
tree: 17874eb6e6e6d5398eab4ab64667279f61b62009 /meta/recipes-support
parent: 6a1b1ea6203c8c8a0cde003c0f478913796a7b79 (diff)
download: poky-d3e6b9e6f4f46920a255a5a7b96fffede9bbcb84.tar.gz
2 files changed, 58 insertions, 0 deletions
diff --git a/meta/recipes-support/libcroco/libcroco/CVE-2017-7960.patch b/meta/recipes-support/libcroco/libcroco/CVE-2017-7960.patch
new file mode 100644
index 0000000000..f6f43c3d26
--- /dev/null
+++ b/meta/recipes-support/libcroco/libcroco/CVE-2017-7960.patch
@@ -0,0 +1,56 @@
+input: check end of input before reading a byte
+When reading bytes we weren't check that the index wasn't
+out of bound and this could produce an invalid read which
+could deal to a security bug.
+Upstream-Status: Backport[https://gitlab.gnome.org/GNOME/libcroco/
+                 commit/898e3a8c8c0314d2e6b106809a8e3e93cf9d4394]
+CVE: CVE-2017-7960 
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+diff --git a/src/cr-input.c b/src/cr-input.c
+index 49000b1f5f07fe057135f1b8fc69bdcf9613e300..3b63a88ee3b1c56778e58172d147d958951bf099 100644
+--- a/src/cr-input.c
+++ b/src/cr-input.c
+@@ -256,7 +256,7 @@ cr_input_new_from_uri (const gchar * a_file_uri, enum CREncoding a_enc)
+                  *we should  free buf here because it's own by CRInput.
+                  *(see the last parameter of cr_input_new_from_buf().
+                  */
+-                buf = NULL ;
+                buf = NULL;
+         }
+ 
+  cleanup:
+@@ -404,6 +404,8 @@ cr_input_get_nb_bytes_left (CRInput const * a_this)
+ enum CRStatus
+ cr_input_read_byte (CRInput * a_this, guchar * a_byte)
+ {
+        gulong nb_bytes_left = 0;
+
+         g_return_val_if_fail (a_this && PRIVATE (a_this)
+                               && a_byte, CR_BAD_PARAM_ERROR);
+ 
+@@ -413,6 +415,12 @@ cr_input_read_byte (CRInput * a_this, guchar * a_byte)
+         if (PRIVATE (a_this)->end_of_input == TRUE)
+                 return CR_END_OF_INPUT_ERROR;
+ 
+        nb_bytes_left = cr_input_get_nb_bytes_left (a_this);
+
+        if (nb_bytes_left < 1) {
+                return CR_END_OF_INPUT_ERROR;
+        }
+
+         *a_byte = PRIVATE (a_this)->in_buf[PRIVATE (a_this)->next_byte_index];
+ 
+         if (PRIVATE (a_this)->nb_bytes -
+@@ -477,7 +485,6 @@ cr_input_read_char (CRInput * a_this, guint32 * a_char)
+                 if (*a_char == '\n') {
+                         PRIVATE (a_this)->end_of_line = TRUE;
+                 }
+-
+         }
+ 
+         return status;
diff --git a/meta/recipes-support/libcroco/libcroco_0.6.12.bb b/meta/recipes-support/libcroco/libcroco_0.6.12.bb
index d86ddd6464..5b962ee738 100644
--- a/meta/recipes-support/libcroco/libcroco_0.6.12.bb
+++ b/meta/recipes-support/libcroco/libcroco_0.6.12.bb
@@ -16,5 +16,7 @@ BINCONFIG = "${bindir}/croco-0.6-config"
 inherit gnomebase gtk-doc binconfig-disabled
+SRC_URI += "file://CVE-2017-7960.patch"
 SRC_URI[archive.md5sum] = "bc0984fce078ba2ce29f9500c6b9ddce"
 SRC_URI[archive.sha256sum] = "ddc4b5546c9fb4280a5017e2707fbd4839034ed1aba5b7d4372212f34f84f860"
author	Changqing Li <changqing.li@windriver.com>	2018-08-28 17:39:23 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2018-09-27 12:17:45 +0100
commit	d3e6b9e6f4f46920a255a5a7b96fffede9bbcb84 (patch)
tree	17874eb6e6e6d5398eab4ab64667279f61b62009 /meta/recipes-support
parent	6a1b1ea6203c8c8a0cde003c0f478913796a7b79 (diff)
download	poky-d3e6b9e6f4f46920a255a5a7b96fffede9bbcb84.tar.gz

diff --git a/meta/recipes-support/libcroco/libcroco/CVE-2017-7960.patch b/meta/recipes-support/libcroco/libcroco/CVE-2017-7960.patch new file mode 100644 index 0000000000..f6f43c3d26 --- /dev/null +++ b/meta/recipes-support/libcroco/libcroco/CVE-2017-7960.patch
@@ -0,0 +1,56 @@
		1	input: check end of input before reading a byte
		2
		3	When reading bytes we weren't check that the index wasn't
		4	out of bound and this could produce an invalid read which
		5	could deal to a security bug.
		6
		7	Upstream-Status: Backport[https://gitlab.gnome.org/GNOME/libcroco/
		8	commit/898e3a8c8c0314d2e6b106809a8e3e93cf9d4394]
		9
		10	CVE: CVE-2017-7960
		11
		12	Signed-off-by: Changqing Li <changqing.li@windriver.com>
		13
		14	diff --git a/src/cr-input.c b/src/cr-input.c
		15	index 49000b1f5f07fe057135f1b8fc69bdcf9613e300..3b63a88ee3b1c56778e58172d147d958951bf099 100644
		16	--- a/src/cr-input.c
		17	+++ b/src/cr-input.c
		18	@@ -256,7 +256,7 @@ cr_input_new_from_uri (const gchar * a_file_uri, enum CREncoding a_enc)
		19	*we should free buf here because it's own by CRInput.
		20	*(see the last parameter of cr_input_new_from_buf().
		21	*/
		22	- buf = NULL ;
		23	+ buf = NULL;
		24	}
		25
		26	cleanup:
		27	@@ -404,6 +404,8 @@ cr_input_get_nb_bytes_left (CRInput const * a_this)
		28	enum CRStatus
		29	cr_input_read_byte (CRInput * a_this, guchar * a_byte)
		30	{
		31	+ gulong nb_bytes_left = 0;
		32	+
		33	g_return_val_if_fail (a_this && PRIVATE (a_this)
		34	&& a_byte, CR_BAD_PARAM_ERROR);
		35
		36	@@ -413,6 +415,12 @@ cr_input_read_byte (CRInput * a_this, guchar * a_byte)
		37	if (PRIVATE (a_this)->end_of_input == TRUE)
		38	return CR_END_OF_INPUT_ERROR;
		39
		40	+ nb_bytes_left = cr_input_get_nb_bytes_left (a_this);
		41	+
		42	+ if (nb_bytes_left < 1) {
		43	+ return CR_END_OF_INPUT_ERROR;
		44	+ }
		45	+
		46	*a_byte = PRIVATE (a_this)->in_buf[PRIVATE (a_this)->next_byte_index];
		47
		48	if (PRIVATE (a_this)->nb_bytes -
		49	@@ -477,7 +485,6 @@ cr_input_read_char (CRInput * a_this, guint32 * a_char)
		50	if (*a_char == '\n') {
		51	PRIVATE (a_this)->end_of_line = TRUE;
		52	}
		53	-
		54	}
		55
		56	return status;


diff --git a/meta/recipes-support/libcroco/libcroco_0.6.12.bb b/meta/recipes-support/libcroco/libcroco_0.6.12.bb index d86ddd6464..5b962ee738 100644 --- a/meta/recipes-support/libcroco/libcroco_0.6.12.bb +++ b/meta/recipes-support/libcroco/libcroco_0.6.12.bb
@@ -16,5 +16,7 @@ BINCONFIG = "${bindir}/croco-0.6-config"
16		16
17	inherit gnomebase gtk-doc binconfig-disabled	17	inherit gnomebase gtk-doc binconfig-disabled
18		18
		19	SRC_URI += "file://CVE-2017-7960.patch"
		20
19	SRC_URI[archive.md5sum] = "bc0984fce078ba2ce29f9500c6b9ddce"	21	SRC_URI[archive.md5sum] = "bc0984fce078ba2ce29f9500c6b9ddce"
20	SRC_URI[archive.sha256sum] = "ddc4b5546c9fb4280a5017e2707fbd4839034ed1aba5b7d4372212f34f84f860"	22	SRC_URI[archive.sha256sum] = "ddc4b5546c9fb4280a5017e2707fbd4839034ed1aba5b7d4372212f34f84f860"