diff options
Diffstat (limited to 'meta/recipes-extended/less')
| -rw-r--r-- | meta/recipes-extended/less/less/0001-Fix-possible-buffer-overrun-with-invalid-UTF-8.patch | 49 | ||||
| -rw-r--r-- | meta/recipes-extended/less/less_471.bb | 4 |
2 files changed, 52 insertions, 1 deletions
diff --git a/meta/recipes-extended/less/less/0001-Fix-possible-buffer-overrun-with-invalid-UTF-8.patch b/meta/recipes-extended/less/less/0001-Fix-possible-buffer-overrun-with-invalid-UTF-8.patch new file mode 100644 index 0000000000..455eafc492 --- /dev/null +++ b/meta/recipes-extended/less/less/0001-Fix-possible-buffer-overrun-with-invalid-UTF-8.patch | |||
| @@ -0,0 +1,49 @@ | |||
| 1 | From e0a1add063a657b98611c94debb3631b8ffa36fe Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Junling Zheng <zhengjunling@huawei.com> | ||
| 3 | Date: Fri, 24 Apr 2015 11:24:04 +0800 | ||
| 4 | Subject: [PATCH] Fix possible buffer overrun with invalid UTF-8 | ||
| 5 | |||
| 6 | An out of bounds read access in the UTF-8 decoding can be triggered with | ||
| 7 | a malformed file in the tool less. The access happens in the function | ||
| 8 | is_utf8_well_formed due to a truncated multibyte character in the sample | ||
| 9 | file. | ||
| 10 | |||
| 11 | The bug does not crash less, it can only be made visible by running less | ||
| 12 | with valgrind or compiling it with Address Sanitizer. | ||
| 13 | |||
| 14 | Version 475 of less contains a fix for this issue. The file version.c | ||
| 15 | contains some entry mentioning this issue (without any credit): | ||
| 16 | |||
| 17 | - v475 3/2/15 Fix possible buffer overrun with invalid UTF-8 | ||
| 18 | |||
| 19 | The fix is in the file line.c. We derive this patch from: | ||
| 20 | |||
| 21 | https://blog.fuzzing-project.org/3-less-out-of-bounds-read-access-TFPA-0022014.html | ||
| 22 | |||
| 23 | Thank Claire Robinson for validating it on Mageia 4 i586. Refer to: | ||
| 24 | |||
| 25 | https://bugs.mageia.org/show_bug.cgi?id=15567 | ||
| 26 | |||
| 27 | Upstream Status: Backported | ||
| 28 | |||
| 29 | Signed-off-by: Junling Zheng <zhengjunling@huawei.com> | ||
| 30 | --- | ||
| 31 | line.c | 2 +- | ||
| 32 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
| 33 | |||
| 34 | diff --git a/line.c b/line.c | ||
| 35 | index 89495a3..474be2c 100644 | ||
| 36 | --- a/line.c | ||
| 37 | +++ b/line.c | ||
| 38 | @@ -807,7 +807,7 @@ pappend(c, pos) | ||
| 39 | mbc_buf[mbc_buf_index++] = c; | ||
| 40 | if (mbc_buf_index < mbc_buf_len) | ||
| 41 | return (0); | ||
| 42 | - if (is_utf8_well_formed(mbc_buf)) | ||
| 43 | + if (is_utf8_well_formed(mbc_buf, mbc_buf_index)) | ||
| 44 | r = do_append(get_wchar(mbc_buf), mbc_buf, mbc_pos); | ||
| 45 | else | ||
| 46 | /* Complete, but not shortest form, sequence. */ | ||
| 47 | -- | ||
| 48 | 1.9.1 | ||
| 49 | |||
diff --git a/meta/recipes-extended/less/less_471.bb b/meta/recipes-extended/less/less_471.bb index 81d354ccf0..72d256276b 100644 --- a/meta/recipes-extended/less/less_471.bb +++ b/meta/recipes-extended/less/less_471.bb | |||
| @@ -24,7 +24,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \ | |||
| 24 | file://LICENSE;md5=866cc220f330b04ae4661fc3cdfedea7" | 24 | file://LICENSE;md5=866cc220f330b04ae4661fc3cdfedea7" |
| 25 | DEPENDS = "ncurses" | 25 | DEPENDS = "ncurses" |
| 26 | 26 | ||
| 27 | SRC_URI = "http://www.greenwoodsoftware.com/${BPN}/${BPN}-${PV}.tar.gz" | 27 | SRC_URI = "http://www.greenwoodsoftware.com/${BPN}/${BPN}-${PV}.tar.gz \ |
| 28 | file://0001-Fix-possible-buffer-overrun-with-invalid-UTF-8.patch \ | ||
| 29 | " | ||
| 28 | 30 | ||
| 29 | SRC_URI[md5sum] = "9a40d29a2d84b41f9f36d7dd90b4f950" | 31 | SRC_URI[md5sum] = "9a40d29a2d84b41f9f36d7dd90b4f950" |
| 30 | SRC_URI[sha256sum] = "37f613fa9a526378788d790a92217d59b523574cf7159f6538da8564b3fb27f8" | 32 | SRC_URI[sha256sum] = "37f613fa9a526378788d790a92217d59b523574cf7159f6538da8564b3fb27f8" |