diff options
-rw-r--r-- | meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-14064.patch | 87 | ||||
-rw-r--r-- | meta/recipes-devtools/ruby/ruby_2.4.1.bb | 1 |
2 files changed, 88 insertions, 0 deletions
diff --git a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-14064.patch b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-14064.patch new file mode 100644 index 0000000000..88e693c94e --- /dev/null +++ b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-14064.patch | |||
@@ -0,0 +1,87 @@ | |||
1 | From 8f782fd8e181d9cfe9387ded43a5ca9692266b85 Mon Sep 17 00:00:00 2001 | ||
2 | From: Florian Frank <flori@ping.de> | ||
3 | Date: Thu, 2 Mar 2017 12:12:33 +0100 | ||
4 | Subject: [PATCH] Fix arbitrary heap exposure problem | ||
5 | |||
6 | Upstream-Status: Backport | ||
7 | CVE: CVE-2017-14064 | ||
8 | |||
9 | Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> | ||
10 | --- | ||
11 | ext/json/generator/generator.c | 12 ++++++------ | ||
12 | ext/json/generator/generator.h | 1 - | ||
13 | 2 files changed, 6 insertions(+), 7 deletions(-) | ||
14 | |||
15 | diff --git a/ext/json/generator/generator.c b/ext/json/generator/generator.c | ||
16 | index ef85bb7..c88818c 100644 | ||
17 | --- a/ext/json/generator/generator.c | ||
18 | +++ b/ext/json/generator/generator.c | ||
19 | @@ -308,7 +308,7 @@ static char *fstrndup(const char *ptr, unsigned long len) { | ||
20 | char *result; | ||
21 | if (len <= 0) return NULL; | ||
22 | result = ALLOC_N(char, len); | ||
23 | - memccpy(result, ptr, 0, len); | ||
24 | + memcpy(result, ptr, len); | ||
25 | return result; | ||
26 | } | ||
27 | |||
28 | @@ -1062,7 +1062,7 @@ static VALUE cState_indent_set(VALUE self, VALUE indent) | ||
29 | } | ||
30 | } else { | ||
31 | if (state->indent) ruby_xfree(state->indent); | ||
32 | - state->indent = strdup(RSTRING_PTR(indent)); | ||
33 | + state->indent = fstrndup(RSTRING_PTR(indent), len); | ||
34 | state->indent_len = len; | ||
35 | } | ||
36 | return Qnil; | ||
37 | @@ -1100,7 +1100,7 @@ static VALUE cState_space_set(VALUE self, VALUE space) | ||
38 | } | ||
39 | } else { | ||
40 | if (state->space) ruby_xfree(state->space); | ||
41 | - state->space = strdup(RSTRING_PTR(space)); | ||
42 | + state->space = fstrndup(RSTRING_PTR(space), len); | ||
43 | state->space_len = len; | ||
44 | } | ||
45 | return Qnil; | ||
46 | @@ -1136,7 +1136,7 @@ static VALUE cState_space_before_set(VALUE self, VALUE space_before) | ||
47 | } | ||
48 | } else { | ||
49 | if (state->space_before) ruby_xfree(state->space_before); | ||
50 | - state->space_before = strdup(RSTRING_PTR(space_before)); | ||
51 | + state->space_before = fstrndup(RSTRING_PTR(space_before), len); | ||
52 | state->space_before_len = len; | ||
53 | } | ||
54 | return Qnil; | ||
55 | @@ -1173,7 +1173,7 @@ static VALUE cState_object_nl_set(VALUE self, VALUE object_nl) | ||
56 | } | ||
57 | } else { | ||
58 | if (state->object_nl) ruby_xfree(state->object_nl); | ||
59 | - state->object_nl = strdup(RSTRING_PTR(object_nl)); | ||
60 | + state->object_nl = fstrndup(RSTRING_PTR(object_nl), len); | ||
61 | state->object_nl_len = len; | ||
62 | } | ||
63 | return Qnil; | ||
64 | @@ -1208,7 +1208,7 @@ static VALUE cState_array_nl_set(VALUE self, VALUE array_nl) | ||
65 | } | ||
66 | } else { | ||
67 | if (state->array_nl) ruby_xfree(state->array_nl); | ||
68 | - state->array_nl = strdup(RSTRING_PTR(array_nl)); | ||
69 | + state->array_nl = fstrndup(RSTRING_PTR(array_nl), len); | ||
70 | state->array_nl_len = len; | ||
71 | } | ||
72 | return Qnil; | ||
73 | diff --git a/ext/json/generator/generator.h b/ext/json/generator/generator.h | ||
74 | index 900b4d5..c367a62 100644 | ||
75 | --- a/ext/json/generator/generator.h | ||
76 | +++ b/ext/json/generator/generator.h | ||
77 | @@ -1,7 +1,6 @@ | ||
78 | #ifndef _GENERATOR_H_ | ||
79 | #define _GENERATOR_H_ | ||
80 | |||
81 | -#include <string.h> | ||
82 | #include <math.h> | ||
83 | #include <ctype.h> | ||
84 | |||
85 | -- | ||
86 | 2.10.2 | ||
87 | |||
diff --git a/meta/recipes-devtools/ruby/ruby_2.4.1.bb b/meta/recipes-devtools/ruby/ruby_2.4.1.bb index 4443146b57..7d27ac84ec 100644 --- a/meta/recipes-devtools/ruby/ruby_2.4.1.bb +++ b/meta/recipes-devtools/ruby/ruby_2.4.1.bb | |||
@@ -6,6 +6,7 @@ SRC_URI += " \ | |||
6 | file://ruby-CVE-2017-9227.patch \ | 6 | file://ruby-CVE-2017-9227.patch \ |
7 | file://ruby-CVE-2017-9228.patch \ | 7 | file://ruby-CVE-2017-9228.patch \ |
8 | file://ruby-CVE-2017-9229.patch \ | 8 | file://ruby-CVE-2017-9229.patch \ |
9 | file://ruby-CVE-2017-14064.patch \ | ||
9 | " | 10 | " |
10 | 11 | ||
11 | SRC_URI[md5sum] = "782bca562e474dd25956dd0017d92677" | 12 | SRC_URI[md5sum] = "782bca562e474dd25956dd0017d92677" |