diff options
Diffstat (limited to 'meta/recipes-support/nspr')
-rw-r--r-- | meta/recipes-support/nspr/nspr/nspr-CVE-2014-1545.patch | 67 |
1 files changed, 0 insertions, 67 deletions
diff --git a/meta/recipes-support/nspr/nspr/nspr-CVE-2014-1545.patch b/meta/recipes-support/nspr/nspr/nspr-CVE-2014-1545.patch deleted file mode 100644 index 565ff168e0..0000000000 --- a/meta/recipes-support/nspr/nspr/nspr-CVE-2014-1545.patch +++ /dev/null | |||
@@ -1,67 +0,0 @@ | |||
1 | Fix for CVE-2014-1545 | ||
2 | |||
3 | Upstream-Status: Backport | ||
4 | |||
5 | Backported from nspr-4.10.6.tar.gz. | ||
6 | --- | ||
7 | --- a/pr/src/io/prprf.c | ||
8 | +++ b/pr/src/io/prprf.c | ||
9 | @@ -50,6 +50,10 @@ | ||
10 | #include "prlog.h" | ||
11 | #include "prmem.h" | ||
12 | |||
13 | +#ifdef _MSC_VER | ||
14 | +#define snprintf _snprintf | ||
15 | +#endif | ||
16 | + | ||
17 | /* | ||
18 | ** WARNING: This code may *NOT* call PR_LOG (because PR_LOG calls it) | ||
19 | */ | ||
20 | @@ -330,7 +334,7 @@ | ||
21 | ** Convert a double precision floating point number into its printable | ||
22 | ** form. | ||
23 | ** | ||
24 | -** XXX stop using sprintf to convert floating point | ||
25 | +** XXX stop using snprintf to convert floating point | ||
26 | */ | ||
27 | static int cvt_f(SprintfState *ss, double d, const char *fmt0, const char *fmt1) | ||
28 | { | ||
29 | @@ -338,15 +342,14 @@ | ||
30 | char fout[300]; | ||
31 | int amount = fmt1 - fmt0; | ||
32 | |||
33 | - PR_ASSERT((amount > 0) && (amount < sizeof(fin))); | ||
34 | - if (amount >= sizeof(fin)) { | ||
35 | - /* Totally bogus % command to sprintf. Just ignore it */ | ||
36 | + if (amount <= 0 || amount >= sizeof(fin)) { | ||
37 | + /* Totally bogus % command to snprintf. Just ignore it */ | ||
38 | return 0; | ||
39 | } | ||
40 | memcpy(fin, fmt0, amount); | ||
41 | fin[amount] = 0; | ||
42 | |||
43 | - /* Convert floating point using the native sprintf code */ | ||
44 | + /* Convert floating point using the native snprintf code */ | ||
45 | #ifdef DEBUG | ||
46 | { | ||
47 | const char *p = fin; | ||
48 | @@ -356,14 +359,11 @@ | ||
49 | } | ||
50 | } | ||
51 | #endif | ||
52 | - sprintf(fout, fin, d); | ||
53 | - | ||
54 | - /* | ||
55 | - ** This assert will catch overflow's of fout, when building with | ||
56 | - ** debugging on. At least this way we can track down the evil piece | ||
57 | - ** of calling code and fix it! | ||
58 | - */ | ||
59 | - PR_ASSERT(strlen(fout) < sizeof(fout)); | ||
60 | + memset(fout, 0, sizeof(fout)); | ||
61 | + snprintf(fout, sizeof(fout), fin, d); | ||
62 | + /* Explicitly null-terminate fout because on Windows snprintf doesn't | ||
63 | + * append a null-terminator if the buffer is too small. */ | ||
64 | + fout[sizeof(fout) - 1] = '\0'; | ||
65 | |||
66 | return (*ss->stuff)(ss, fout, strlen(fout)); | ||
67 | } | ||