diff options
Diffstat (limited to 'meta')
-rw-r--r-- | meta/recipes-devtools/libcomps/libcomps/CVE-2019-3817.patch | 97 | ||||
-rw-r--r-- | meta/recipes-devtools/libcomps/libcomps_git.bb | 1 |
2 files changed, 98 insertions, 0 deletions
diff --git a/meta/recipes-devtools/libcomps/libcomps/CVE-2019-3817.patch b/meta/recipes-devtools/libcomps/libcomps/CVE-2019-3817.patch new file mode 100644 index 0000000000..b8cfb3c4db --- /dev/null +++ b/meta/recipes-devtools/libcomps/libcomps/CVE-2019-3817.patch | |||
@@ -0,0 +1,97 @@ | |||
1 | From cea10cd1f2ef6bb4edaac0c1d46d47bf237c42b8 Mon Sep 17 00:00:00 2001 | ||
2 | From: Riccardo Schirone <rschiron@redhat.com> | ||
3 | Date: Mon, 21 Jan 2019 18:11:42 +0100 | ||
4 | Subject: [PATCH] Fix UAF in comps_objmrtree_unite function | ||
5 | |||
6 | The added field is not used at all in many places and it is probably the | ||
7 | left-over of some copy-paste. | ||
8 | |||
9 | Upstream-Status: Backport | ||
10 | [https://github.com/rpm-software-management/libcomps/commit | ||
11 | /e3a5d056633677959ad924a51758876d415e7046] | ||
12 | |||
13 | CVE: CVE-2019-3817 | ||
14 | |||
15 | Signed-off-by: Kevin Weng <t-keweng@microsoft.com> | ||
16 | --- | ||
17 | libcomps/src/comps_mradix.c | 2 -- | ||
18 | libcomps/src/comps_objmradix.c | 2 -- | ||
19 | libcomps/src/comps_objradix.c | 2 -- | ||
20 | libcomps/src/comps_radix.c | 1 - | ||
21 | 4 files changed, 7 deletions(-) | ||
22 | |||
23 | diff --git a/libcomps/src/comps_mradix.c b/libcomps/src/comps_mradix.c | ||
24 | index 338cb07..6ceb7c9 100644 | ||
25 | --- a/libcomps/src/comps_mradix.c | ||
26 | +++ b/libcomps/src/comps_mradix.c | ||
27 | @@ -177,7 +177,6 @@ void comps_mrtree_unite(COMPS_MRTree *rt1, COMPS_MRTree *rt2) { | ||
28 | struct Pair { | ||
29 | COMPS_HSList * subnodes; | ||
30 | char * key; | ||
31 | - char added; | ||
32 | } *pair, *parent_pair; | ||
33 | |||
34 | pair = malloc(sizeof(struct Pair)); | ||
35 | @@ -195,7 +194,6 @@ void comps_mrtree_unite(COMPS_MRTree *rt1, COMPS_MRTree *rt2) { | ||
36 | parent_pair = (struct Pair*) it->data; | ||
37 | free(it); | ||
38 | |||
39 | - pair->added = 0; | ||
40 | for (it = tmp_subnodes->first; it != NULL; it=it->next) { | ||
41 | pair = malloc(sizeof(struct Pair)); | ||
42 | pair->subnodes = ((COMPS_MRTreeData*)it->data)->subnodes; | ||
43 | diff --git a/libcomps/src/comps_objmradix.c b/libcomps/src/comps_objmradix.c | ||
44 | index 9be6648..8771c89 100644 | ||
45 | --- a/libcomps/src/comps_objmradix.c | ||
46 | +++ b/libcomps/src/comps_objmradix.c | ||
47 | @@ -285,7 +285,6 @@ void comps_objmrtree_unite(COMPS_ObjMRTree *rt1, COMPS_ObjMRTree *rt2) { | ||
48 | struct Pair { | ||
49 | COMPS_HSList * subnodes; | ||
50 | char * key; | ||
51 | - char added; | ||
52 | } *pair, *parent_pair; | ||
53 | |||
54 | pair = malloc(sizeof(struct Pair)); | ||
55 | @@ -303,7 +302,6 @@ void comps_objmrtree_unite(COMPS_ObjMRTree *rt1, COMPS_ObjMRTree *rt2) { | ||
56 | parent_pair = (struct Pair*) it->data; | ||
57 | free(it); | ||
58 | |||
59 | - pair->added = 0; | ||
60 | for (it = tmp_subnodes->first; it != NULL; it=it->next) { | ||
61 | pair = malloc(sizeof(struct Pair)); | ||
62 | pair->subnodes = ((COMPS_ObjMRTreeData*)it->data)->subnodes; | ||
63 | diff --git a/libcomps/src/comps_objradix.c b/libcomps/src/comps_objradix.c | ||
64 | index a790270..0ebaf22 100644 | ||
65 | --- a/libcomps/src/comps_objradix.c | ||
66 | +++ b/libcomps/src/comps_objradix.c | ||
67 | @@ -692,7 +692,6 @@ void comps_objrtree_unite(COMPS_ObjRTree *rt1, COMPS_ObjRTree *rt2) { | ||
68 | struct Pair { | ||
69 | COMPS_HSList * subnodes; | ||
70 | char * key; | ||
71 | - char added; | ||
72 | } *pair, *parent_pair; | ||
73 | |||
74 | pair = malloc(sizeof(struct Pair)); | ||
75 | @@ -711,7 +710,6 @@ void comps_objrtree_unite(COMPS_ObjRTree *rt1, COMPS_ObjRTree *rt2) { | ||
76 | //printf("key-part:%s\n", parent_pair->key); | ||
77 | free(it); | ||
78 | |||
79 | - //pair->added = 0; | ||
80 | for (it = tmp_subnodes->first; it != NULL; it=it->next) { | ||
81 | pair = malloc(sizeof(struct Pair)); | ||
82 | pair->subnodes = ((COMPS_ObjRTreeData*)it->data)->subnodes; | ||
83 | diff --git a/libcomps/src/comps_radix.c b/libcomps/src/comps_radix.c | ||
84 | index ada4fda..05dcaf2 100644 | ||
85 | --- a/libcomps/src/comps_radix.c | ||
86 | +++ b/libcomps/src/comps_radix.c | ||
87 | @@ -529,7 +529,6 @@ void comps_rtree_unite(COMPS_RTree *rt1, COMPS_RTree *rt2) { | ||
88 | struct Pair { | ||
89 | COMPS_HSList * subnodes; | ||
90 | char * key; | ||
91 | - char added; | ||
92 | } *pair, *parent_pair; | ||
93 | |||
94 | pair = malloc(sizeof(struct Pair)); | ||
95 | -- | ||
96 | 2.22.0 | ||
97 | |||
diff --git a/meta/recipes-devtools/libcomps/libcomps_git.bb b/meta/recipes-devtools/libcomps/libcomps_git.bb index e69bf67729..b657f3377c 100644 --- a/meta/recipes-devtools/libcomps/libcomps_git.bb +++ b/meta/recipes-devtools/libcomps/libcomps_git.bb | |||
@@ -6,6 +6,7 @@ SRC_URI = "git://github.com/rpm-software-management/libcomps.git \ | |||
6 | file://0001-Do-not-set-PYTHON_INSTALL_DIR-by-running-python.patch \ | 6 | file://0001-Do-not-set-PYTHON_INSTALL_DIR-by-running-python.patch \ |
7 | file://0002-Set-library-installation-path-correctly.patch \ | 7 | file://0002-Set-library-installation-path-correctly.patch \ |
8 | file://0001-Make-__comps_objmrtree_all-static-inline.patch \ | 8 | file://0001-Make-__comps_objmrtree_all-static-inline.patch \ |
9 | file://CVE-2019-3817.patch \ | ||
9 | " | 10 | " |
10 | 11 | ||
11 | PV = "0.1.8+git${SRCPV}" | 12 | PV = "0.1.8+git${SRCPV}" |