| Submitter | yanjun.zhu |
|---|---|
| Date | Nov. 28, 2012, 2:42 a.m. |
| Message ID | <1354070578-5401-1-git-send-email-yanjun.zhu@windriver.com> |
| Download | mbox | patch |
| Permalink | /patch/39763/ |
| State | Not Applicable |
| Headers | show |
Comments
Hi there, On Wednesday 28 November 2012 10:42:58 yanjun.zhu wrote: > From: "yanjun.zhu" <yanjun.zhu@windriver.com> > > Reference:https://code.google.com/p/libproxy/source/detail?r=853 > > Stack-based buffer overflow in the url::get_pac function in url.cpp > in libproxy 0.4.x before 0.4.9 allows remote servers to have an > unspecified impact via a large proxy.pac file. > > http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4504 > > Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com> > --- > recipes-support/libproxy/libproxy_0.4.7.bbappend | 5 +++++ > .../libproxy/patches/libproxy-0.4.7-CVE-2012-4504.patch | 15 Thanks for submitting this, but this is not the correct mailing list for patches against OE-Core. Could you please apply this patch to OE-Core master and then re-send the result to openembedded-core@lists.openembedded.org? Thanks, Paul
On 11/28/2012 05:44 PM, Paul Eggleton wrote: > Hi there, > > On Wednesday 28 November 2012 10:42:58 yanjun.zhu wrote: >> From: "yanjun.zhu" <yanjun.zhu@windriver.com> >> >> Reference:https://code.google.com/p/libproxy/source/detail?r=853 >> >> Stack-based buffer overflow in the url::get_pac function in url.cpp >> in libproxy 0.4.x before 0.4.9 allows remote servers to have an >> unspecified impact via a large proxy.pac file. >> >> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4504 >> >> Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com> >> --- >> recipes-support/libproxy/libproxy_0.4.7.bbappend | 5 +++++ >> .../libproxy/patches/libproxy-0.4.7-CVE-2012-4504.patch | 15 > Thanks for submitting this, but this is not the correct mailing list for > patches against OE-Core. Could you please apply this patch to OE-Core master > and then re-send the result to openembedded-core@lists.openembedded.org? OK. Thanks a lot. Zhu Yanjun > Thanks, > Paul >
Patch
diff --git a/recipes-support/libproxy/libproxy_0.4.7.bbappend b/recipes-support/libproxy/libproxy_0.4.7.bbappend index e2d2ea2..55d3332 100644 --- a/recipes-support/libproxy/libproxy_0.4.7.bbappend +++ b/recipes-support/libproxy/libproxy_0.4.7.bbappend @@ -1,10 +1,15 @@ PRINC = "1" +FILESEXTRAPATHS_prepend := "${THISDIR}/patches:" + # the libproxy-${PV}.tar.gz had many warning/error messages SRC_URI = "http://libproxy.googlecode.com/files/libproxy-${PV}.zip \ file://g++-namepace.patch \ file://libproxy_fix_for_gcc4.7.patch \ " +SRC_URI += "file://libproxy-0.4.7-CVE-2012-4504.patch \ + " + SRC_URI[md5sum] = "62585570de17d10f03a5a63b701ffd52" SRC_URI[sha256sum] = "429a19c57d9990349d622beecc805b23051caa62a478066bff5d9a312a8937be" diff --git a/recipes-support/libproxy/patches/libproxy-0.4.7-CVE-2012-4504.patch b/recipes-support/libproxy/patches/libproxy-0.4.7-CVE-2012-4504.patch new file mode 100644 index 0000000..323a571 --- /dev/null +++ b/recipes-support/libproxy/patches/libproxy-0.4.7-CVE-2012-4504.patch @@ -0,0 +1,15 @@ +diff -urpN a/libproxy/url.cpp b/libproxy/url.cpp +--- a/libproxy/url.cpp 2012-11-26 10:08:47.000000000 +0800 ++++ b/libproxy/url.cpp 2012-11-26 10:05:54.000000000 +0800 +@@ -472,9 +472,10 @@ char* url::get_pac() { + // Add this chunk to our content length, + // ensuring that we aren't over our max size + content_length += chunk_length; +- if (content_length >= PAC_MAX_SIZE) break; + } + ++ if (content_length >= PAC_MAX_SIZE) break; ++ + while (recvd != content_length) { + int r = recv(sock, buffer + recvd, content_length - recvd, 0); + if (r < 0) break;