diff options
Diffstat (limited to 'meta/recipes-core/glibc/glibc/CVE-2019-9169.patch')
-rw-r--r-- | meta/recipes-core/glibc/glibc/CVE-2019-9169.patch | 37 |
1 files changed, 0 insertions, 37 deletions
diff --git a/meta/recipes-core/glibc/glibc/CVE-2019-9169.patch b/meta/recipes-core/glibc/glibc/CVE-2019-9169.patch deleted file mode 100644 index cf3744b24a..0000000000 --- a/meta/recipes-core/glibc/glibc/CVE-2019-9169.patch +++ /dev/null | |||
@@ -1,37 +0,0 @@ | |||
1 | CVE: CVE-2019-9169 | ||
2 | CVE: CVE-2018-20796 | ||
3 | Upstream-Status: Backport | ||
4 | Signed-off-by: Ross Burton <ross.burton@intel.com> | ||
5 | |||
6 | From 583dd860d5b833037175247230a328f0050dbfe9 Mon Sep 17 00:00:00 2001 | ||
7 | From: Paul Eggert <eggert@cs.ucla.edu> | ||
8 | Date: Mon, 21 Jan 2019 11:08:13 -0800 | ||
9 | Subject: [PATCH] regex: fix read overrun [BZ #24114] | ||
10 | |||
11 | Problem found by AddressSanitizer, reported by Hongxu Chen in: | ||
12 | https://debbugs.gnu.org/34140 | ||
13 | * posix/regexec.c (proceed_next_node): | ||
14 | Do not read past end of input buffer. | ||
15 | --- | ||
16 | posix/regexec.c | 6 ++++-- | ||
17 | 2 files changed, 13 insertions(+), 3 deletions(-) | ||
18 | |||
19 | diff --git a/posix/regexec.c b/posix/regexec.c | ||
20 | index 91d5a79..084b122 100644 | ||
21 | --- a/posix/regexec.c | ||
22 | +++ b/posix/regexec.c | ||
23 | @@ -1293,8 +1293,10 @@ proceed_next_node (const re_match_context_t *mctx, Idx nregs, regmatch_t *regs, | ||
24 | else if (naccepted) | ||
25 | { | ||
26 | char *buf = (char *) re_string_get_buffer (&mctx->input); | ||
27 | - if (memcmp (buf + regs[subexp_idx].rm_so, buf + *pidx, | ||
28 | - naccepted) != 0) | ||
29 | + if (mctx->input.valid_len - *pidx < naccepted | ||
30 | + || (memcmp (buf + regs[subexp_idx].rm_so, buf + *pidx, | ||
31 | + naccepted) | ||
32 | + != 0)) | ||
33 | return -1; | ||
34 | } | ||
35 | } | ||
36 | -- | ||
37 | 2.9.3 | ||