Patchwork libproxy: Fix for CVE-2012-4504

login
register
mail settings
Submitter yanjun.zhu
Date Nov. 28, 2012, 2:42 a.m.
Message ID <1354070578-5401-1-git-send-email-yanjun.zhu@windriver.com>
Download mbox | patch
Permalink /patch/39763/
State Not Applicable
Headers show

Comments

yanjun.zhu - Nov. 28, 2012, 2:42 a.m.
From: "yanjun.zhu" <yanjun.zhu@windriver.com>

Reference:https://code.google.com/p/libproxy/source/detail?r=853

Stack-based buffer overflow in the url::get_pac function in url.cpp
in libproxy 0.4.x before 0.4.9 allows remote servers to have an
unspecified impact via a large proxy.pac file.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4504

Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
---
 recipes-support/libproxy/libproxy_0.4.7.bbappend          |  5 +++++
 .../libproxy/patches/libproxy-0.4.7-CVE-2012-4504.patch   | 15 +++++++++++++++
 2 files changed, 20 insertions(+)
 create mode 100644 recipes-support/libproxy/patches/libproxy-0.4.7-CVE-2012-4504.patch
Paul Eggleton - Nov. 28, 2012, 9:44 a.m.
Hi there,

On Wednesday 28 November 2012 10:42:58 yanjun.zhu wrote:
> From: "yanjun.zhu" <yanjun.zhu@windriver.com>
> 
> Reference:https://code.google.com/p/libproxy/source/detail?r=853
> 
> Stack-based buffer overflow in the url::get_pac function in url.cpp
> in libproxy 0.4.x before 0.4.9 allows remote servers to have an
> unspecified impact via a large proxy.pac file.
> 
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4504
> 
> Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
> ---
>  recipes-support/libproxy/libproxy_0.4.7.bbappend          |  5 +++++
>  .../libproxy/patches/libproxy-0.4.7-CVE-2012-4504.patch   | 15

Thanks for submitting this, but this is not the correct mailing list for 
patches against OE-Core. Could you please apply this patch to OE-Core master 
and then re-send the result to openembedded-core@lists.openembedded.org?

Thanks,
Paul
yanjun.zhu - Nov. 28, 2012, 9:58 a.m.
On 11/28/2012 05:44 PM, Paul Eggleton wrote:
> Hi there,
>
> On Wednesday 28 November 2012 10:42:58 yanjun.zhu wrote:
>> From: "yanjun.zhu" <yanjun.zhu@windriver.com>
>>
>> Reference:https://code.google.com/p/libproxy/source/detail?r=853
>>
>> Stack-based buffer overflow in the url::get_pac function in url.cpp
>> in libproxy 0.4.x before 0.4.9 allows remote servers to have an
>> unspecified impact via a large proxy.pac file.
>>
>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4504
>>
>> Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
>> ---
>>   recipes-support/libproxy/libproxy_0.4.7.bbappend          |  5 +++++
>>   .../libproxy/patches/libproxy-0.4.7-CVE-2012-4504.patch   | 15
> Thanks for submitting this, but this is not the correct mailing list for
> patches against OE-Core. Could you please apply this patch to OE-Core master
> and then re-send the result to openembedded-core@lists.openembedded.org?
OK.
Thanks a lot.
Zhu Yanjun
> Thanks,
> Paul
>

Patch

diff --git a/recipes-support/libproxy/libproxy_0.4.7.bbappend b/recipes-support/libproxy/libproxy_0.4.7.bbappend
index e2d2ea2..55d3332 100644
--- a/recipes-support/libproxy/libproxy_0.4.7.bbappend
+++ b/recipes-support/libproxy/libproxy_0.4.7.bbappend
@@ -1,10 +1,15 @@ 
 PRINC = "1"
 
+FILESEXTRAPATHS_prepend := "${THISDIR}/patches:"
+
 # the libproxy-${PV}.tar.gz had many warning/error messages
 SRC_URI = "http://libproxy.googlecode.com/files/libproxy-${PV}.zip \
 	file://g++-namepace.patch \
 	file://libproxy_fix_for_gcc4.7.patch \
 	"
 
+SRC_URI += "file://libproxy-0.4.7-CVE-2012-4504.patch \
+           "
+
 SRC_URI[md5sum] = "62585570de17d10f03a5a63b701ffd52"
 SRC_URI[sha256sum] = "429a19c57d9990349d622beecc805b23051caa62a478066bff5d9a312a8937be"
diff --git a/recipes-support/libproxy/patches/libproxy-0.4.7-CVE-2012-4504.patch b/recipes-support/libproxy/patches/libproxy-0.4.7-CVE-2012-4504.patch
new file mode 100644
index 0000000..323a571
--- /dev/null
+++ b/recipes-support/libproxy/patches/libproxy-0.4.7-CVE-2012-4504.patch
@@ -0,0 +1,15 @@ 
+diff -urpN a/libproxy/url.cpp b/libproxy/url.cpp
+--- a/libproxy/url.cpp	2012-11-26 10:08:47.000000000 +0800
++++ b/libproxy/url.cpp	2012-11-26 10:05:54.000000000 +0800
+@@ -472,9 +472,10 @@ char* url::get_pac() {
+ 				// Add this chunk to our content length,
+ 				// ensuring that we aren't over our max size
+ 				content_length += chunk_length;
+-				if (content_length >= PAC_MAX_SIZE) break;
+ 			}
+ 
++			if (content_length >= PAC_MAX_SIZE) break;
++
+ 			while (recvd != content_length) {
+ 				int r = recv(sock, buffer + recvd, content_length - recvd, 0);
+ 				if (r < 0) break;