summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--meta/recipes-extended/less/less/0001-Fix-possible-buffer-overrun-with-invalid-UTF-8.patch49
-rw-r--r--meta/recipes-extended/less/less_471.bb4
2 files changed, 52 insertions, 1 deletions
diff --git a/meta/recipes-extended/less/less/0001-Fix-possible-buffer-overrun-with-invalid-UTF-8.patch b/meta/recipes-extended/less/less/0001-Fix-possible-buffer-overrun-with-invalid-UTF-8.patch
new file mode 100644
index 0000000000..455eafc492
--- /dev/null
+++ b/meta/recipes-extended/less/less/0001-Fix-possible-buffer-overrun-with-invalid-UTF-8.patch
@@ -0,0 +1,49 @@
1From e0a1add063a657b98611c94debb3631b8ffa36fe Mon Sep 17 00:00:00 2001
2From: Junling Zheng <zhengjunling@huawei.com>
3Date: Fri, 24 Apr 2015 11:24:04 +0800
4Subject: [PATCH] Fix possible buffer overrun with invalid UTF-8
5
6An out of bounds read access in the UTF-8 decoding can be triggered with
7a malformed file in the tool less. The access happens in the function
8is_utf8_well_formed due to a truncated multibyte character in the sample
9file.
10
11The bug does not crash less, it can only be made visible by running less
12with valgrind or compiling it with Address Sanitizer.
13
14Version 475 of less contains a fix for this issue. The file version.c
15contains some entry mentioning this issue (without any credit):
16
17 - v475 3/2/15 Fix possible buffer overrun with invalid UTF-8
18
19The fix is in the file line.c. We derive this patch from:
20
21https://blog.fuzzing-project.org/3-less-out-of-bounds-read-access-TFPA-0022014.html
22
23Thank Claire Robinson for validating it on Mageia 4 i586. Refer to:
24
25https://bugs.mageia.org/show_bug.cgi?id=15567
26
27Upstream Status: Backported
28
29Signed-off-by: Junling Zheng <zhengjunling@huawei.com>
30---
31 line.c | 2 +-
32 1 file changed, 1 insertion(+), 1 deletion(-)
33
34diff --git a/line.c b/line.c
35index 89495a3..474be2c 100644
36--- a/line.c
37+++ b/line.c
38@@ -807,7 +807,7 @@ pappend(c, pos)
39 mbc_buf[mbc_buf_index++] = c;
40 if (mbc_buf_index < mbc_buf_len)
41 return (0);
42- if (is_utf8_well_formed(mbc_buf))
43+ if (is_utf8_well_formed(mbc_buf, mbc_buf_index))
44 r = do_append(get_wchar(mbc_buf), mbc_buf, mbc_pos);
45 else
46 /* Complete, but not shortest form, sequence. */
47--
481.9.1
49
diff --git a/meta/recipes-extended/less/less_471.bb b/meta/recipes-extended/less/less_471.bb
index 81d354ccf0..72d256276b 100644
--- a/meta/recipes-extended/less/less_471.bb
+++ b/meta/recipes-extended/less/less_471.bb
@@ -24,7 +24,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \
24 file://LICENSE;md5=866cc220f330b04ae4661fc3cdfedea7" 24 file://LICENSE;md5=866cc220f330b04ae4661fc3cdfedea7"
25DEPENDS = "ncurses" 25DEPENDS = "ncurses"
26 26
27SRC_URI = "http://www.greenwoodsoftware.com/${BPN}/${BPN}-${PV}.tar.gz" 27SRC_URI = "http://www.greenwoodsoftware.com/${BPN}/${BPN}-${PV}.tar.gz \
28 file://0001-Fix-possible-buffer-overrun-with-invalid-UTF-8.patch \
29 "
28 30
29SRC_URI[md5sum] = "9a40d29a2d84b41f9f36d7dd90b4f950" 31SRC_URI[md5sum] = "9a40d29a2d84b41f9f36d7dd90b4f950"
30SRC_URI[sha256sum] = "37f613fa9a526378788d790a92217d59b523574cf7159f6538da8564b3fb27f8" 32SRC_URI[sha256sum] = "37f613fa9a526378788d790a92217d59b523574cf7159f6538da8564b3fb27f8"