summaryrefslogtreecommitdiffstats
path: root/meta/recipes-support
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-support')
-rw-r--r--meta/recipes-support/nspr/nspr/nspr-CVE-2014-1545.patch67
1 files changed, 0 insertions, 67 deletions
diff --git a/meta/recipes-support/nspr/nspr/nspr-CVE-2014-1545.patch b/meta/recipes-support/nspr/nspr/nspr-CVE-2014-1545.patch
deleted file mode 100644
index 565ff168e0..0000000000
--- a/meta/recipes-support/nspr/nspr/nspr-CVE-2014-1545.patch
+++ /dev/null
@@ -1,67 +0,0 @@
1Fix for CVE-2014-1545
2
3Upstream-Status: Backport
4
5Backported from nspr-4.10.6.tar.gz.
6---
7--- a/pr/src/io/prprf.c
8+++ b/pr/src/io/prprf.c
9@@ -50,6 +50,10 @@
10 #include "prlog.h"
11 #include "prmem.h"
12
13+#ifdef _MSC_VER
14+#define snprintf _snprintf
15+#endif
16+
17 /*
18 ** WARNING: This code may *NOT* call PR_LOG (because PR_LOG calls it)
19 */
20@@ -330,7 +334,7 @@
21 ** Convert a double precision floating point number into its printable
22 ** form.
23 **
24-** XXX stop using sprintf to convert floating point
25+** XXX stop using snprintf to convert floating point
26 */
27 static int cvt_f(SprintfState *ss, double d, const char *fmt0, const char *fmt1)
28 {
29@@ -338,15 +342,14 @@
30 char fout[300];
31 int amount = fmt1 - fmt0;
32
33- PR_ASSERT((amount > 0) && (amount < sizeof(fin)));
34- if (amount >= sizeof(fin)) {
35- /* Totally bogus % command to sprintf. Just ignore it */
36+ if (amount <= 0 || amount >= sizeof(fin)) {
37+ /* Totally bogus % command to snprintf. Just ignore it */
38 return 0;
39 }
40 memcpy(fin, fmt0, amount);
41 fin[amount] = 0;
42
43- /* Convert floating point using the native sprintf code */
44+ /* Convert floating point using the native snprintf code */
45 #ifdef DEBUG
46 {
47 const char *p = fin;
48@@ -356,14 +359,11 @@
49 }
50 }
51 #endif
52- sprintf(fout, fin, d);
53-
54- /*
55- ** This assert will catch overflow's of fout, when building with
56- ** debugging on. At least this way we can track down the evil piece
57- ** of calling code and fix it!
58- */
59- PR_ASSERT(strlen(fout) < sizeof(fout));
60+ memset(fout, 0, sizeof(fout));
61+ snprintf(fout, sizeof(fout), fin, d);
62+ /* Explicitly null-terminate fout because on Windows snprintf doesn't
63+ * append a null-terminator if the buffer is too small. */
64+ fout[sizeof(fout) - 1] = '\0';
65
66 return (*ss->stuff)(ss, fout, strlen(fout));
67 }