diff options
-rw-r--r-- | meta/recipes-extended/less/less/0001-Fix-possible-buffer-overrun-with-invalid-UTF-8.patch | 49 | ||||
-rw-r--r-- | meta/recipes-extended/less/less_471.bb | 4 |
2 files changed, 52 insertions, 1 deletions
diff --git a/meta/recipes-extended/less/less/0001-Fix-possible-buffer-overrun-with-invalid-UTF-8.patch b/meta/recipes-extended/less/less/0001-Fix-possible-buffer-overrun-with-invalid-UTF-8.patch new file mode 100644 index 0000000000..455eafc492 --- /dev/null +++ b/meta/recipes-extended/less/less/0001-Fix-possible-buffer-overrun-with-invalid-UTF-8.patch | |||
@@ -0,0 +1,49 @@ | |||
1 | From e0a1add063a657b98611c94debb3631b8ffa36fe Mon Sep 17 00:00:00 2001 | ||
2 | From: Junling Zheng <zhengjunling@huawei.com> | ||
3 | Date: Fri, 24 Apr 2015 11:24:04 +0800 | ||
4 | Subject: [PATCH] Fix possible buffer overrun with invalid UTF-8 | ||
5 | |||
6 | An out of bounds read access in the UTF-8 decoding can be triggered with | ||
7 | a malformed file in the tool less. The access happens in the function | ||
8 | is_utf8_well_formed due to a truncated multibyte character in the sample | ||
9 | file. | ||
10 | |||
11 | The bug does not crash less, it can only be made visible by running less | ||
12 | with valgrind or compiling it with Address Sanitizer. | ||
13 | |||
14 | Version 475 of less contains a fix for this issue. The file version.c | ||
15 | contains some entry mentioning this issue (without any credit): | ||
16 | |||
17 | - v475 3/2/15 Fix possible buffer overrun with invalid UTF-8 | ||
18 | |||
19 | The fix is in the file line.c. We derive this patch from: | ||
20 | |||
21 | https://blog.fuzzing-project.org/3-less-out-of-bounds-read-access-TFPA-0022014.html | ||
22 | |||
23 | Thank Claire Robinson for validating it on Mageia 4 i586. Refer to: | ||
24 | |||
25 | https://bugs.mageia.org/show_bug.cgi?id=15567 | ||
26 | |||
27 | Upstream Status: Backported | ||
28 | |||
29 | Signed-off-by: Junling Zheng <zhengjunling@huawei.com> | ||
30 | --- | ||
31 | line.c | 2 +- | ||
32 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
33 | |||
34 | diff --git a/line.c b/line.c | ||
35 | index 89495a3..474be2c 100644 | ||
36 | --- a/line.c | ||
37 | +++ b/line.c | ||
38 | @@ -807,7 +807,7 @@ pappend(c, pos) | ||
39 | mbc_buf[mbc_buf_index++] = c; | ||
40 | if (mbc_buf_index < mbc_buf_len) | ||
41 | return (0); | ||
42 | - if (is_utf8_well_formed(mbc_buf)) | ||
43 | + if (is_utf8_well_formed(mbc_buf, mbc_buf_index)) | ||
44 | r = do_append(get_wchar(mbc_buf), mbc_buf, mbc_pos); | ||
45 | else | ||
46 | /* Complete, but not shortest form, sequence. */ | ||
47 | -- | ||
48 | 1.9.1 | ||
49 | |||
diff --git a/meta/recipes-extended/less/less_471.bb b/meta/recipes-extended/less/less_471.bb index 81d354ccf0..72d256276b 100644 --- a/meta/recipes-extended/less/less_471.bb +++ b/meta/recipes-extended/less/less_471.bb | |||
@@ -24,7 +24,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \ | |||
24 | file://LICENSE;md5=866cc220f330b04ae4661fc3cdfedea7" | 24 | file://LICENSE;md5=866cc220f330b04ae4661fc3cdfedea7" |
25 | DEPENDS = "ncurses" | 25 | DEPENDS = "ncurses" |
26 | 26 | ||
27 | SRC_URI = "http://www.greenwoodsoftware.com/${BPN}/${BPN}-${PV}.tar.gz" | 27 | SRC_URI = "http://www.greenwoodsoftware.com/${BPN}/${BPN}-${PV}.tar.gz \ |
28 | file://0001-Fix-possible-buffer-overrun-with-invalid-UTF-8.patch \ | ||
29 | " | ||
28 | 30 | ||
29 | SRC_URI[md5sum] = "9a40d29a2d84b41f9f36d7dd90b4f950" | 31 | SRC_URI[md5sum] = "9a40d29a2d84b41f9f36d7dd90b4f950" |
30 | SRC_URI[sha256sum] = "37f613fa9a526378788d790a92217d59b523574cf7159f6538da8564b3fb27f8" | 32 | SRC_URI[sha256sum] = "37f613fa9a526378788d790a92217d59b523574cf7159f6538da8564b3fb27f8" |