diff options
Diffstat (limited to 'meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch')
-rw-r--r-- | meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch | 29 |
1 files changed, 0 insertions, 29 deletions
diff --git a/meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch b/meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch deleted file mode 100644 index 7f2d93a937..0000000000 --- a/meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch +++ /dev/null | |||
@@ -1,29 +0,0 @@ | |||
1 | Upstream-Status: Backport | ||
2 | |||
3 | libproxy - CVE-2012-4504: | ||
4 | |||
5 | Reference:https://code.google.com/p/libproxy/source/detail?r=853 | ||
6 | |||
7 | Stack-based buffer overflow in the url::get_pac function in url.cpp | ||
8 | in libproxy 0.4.x before 0.4.9 allows remote servers to have an | ||
9 | unspecified impact via a large proxy.pac file. | ||
10 | |||
11 | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4504 | ||
12 | |||
13 | Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com> | ||
14 | |||
15 | diff -urpN a/libproxy/url.cpp b/libproxy/url.cpp | ||
16 | --- a/libproxy/url.cpp 2012-11-26 10:08:47.000000000 +0800 | ||
17 | +++ b/libproxy/url.cpp 2012-11-26 10:05:54.000000000 +0800 | ||
18 | @@ -472,9 +472,10 @@ char* url::get_pac() { | ||
19 | // Add this chunk to our content length, | ||
20 | // ensuring that we aren't over our max size | ||
21 | content_length += chunk_length; | ||
22 | - if (content_length >= PAC_MAX_SIZE) break; | ||
23 | } | ||
24 | |||
25 | + if (content_length >= PAC_MAX_SIZE) break; | ||
26 | + | ||
27 | while (recvd != content_length) { | ||
28 | int r = recv(sock, buffer + recvd, content_length - recvd, 0); | ||
29 | if (r < 0) break; | ||