mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-16 04:17:25 +00:00
brotli: add patch to fix CVE-2020-8927
Port patch to fix CVE-2020-8927 for brotli from Debian Buster CVE: CVE-2020-8927 Signed-off-by: Jan Kraemer <jan@spectrejan.de> [Fixup to apply with URL changes] Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit is contained in:
@@ -0,0 +1,44 @@
|
|||||||
|
From 95ab3786ce0f16e08e41f7bf216969a37dc86cad Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jan Kraemer <jan@spectrejan.de>
|
||||||
|
Date: Thu, 7 Oct 2021 12:48:04 +0200
|
||||||
|
Subject: [PATCH] brotli: fix CVE-2020-8927
|
||||||
|
|
||||||
|
[No upstream tracking] --
|
||||||
|
|
||||||
|
This fixes a potential overflow when input chunk is >2GiB in
|
||||||
|
BrotliGetAvailableBits by capping the returned value to 2^30
|
||||||
|
|
||||||
|
Fixed in brotli version 1.0.8
|
||||||
|
https://github.com/google/brotli as of commit id
|
||||||
|
223d80cfbec8fd346e32906c732c8ede21f0cea6
|
||||||
|
|
||||||
|
Patch taken from Debian Buster: 1.0.7-2+deb10u1
|
||||||
|
http://deb.debian.org/debian/pool/main/b/brotli/brotli_1.0.7-2+deb10u1.dsc
|
||||||
|
https://security-tracker.debian.org/tracker/CVE-2020-8927
|
||||||
|
|
||||||
|
|
||||||
|
Upstream-Status: Backported
|
||||||
|
CVE: CVE-2020-8927
|
||||||
|
|
||||||
|
Signed-off-by: Jan Kraemer <jan@spectrejan.de>
|
||||||
|
---
|
||||||
|
c/dec/bit_reader.h | 5 ++++-
|
||||||
|
1 file changed, 4 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/c/dec/bit_reader.h b/c/dec/bit_reader.h
|
||||||
|
index c06e914..0d20312 100644
|
||||||
|
--- a/c/dec/bit_reader.h
|
||||||
|
+++ b/c/dec/bit_reader.h
|
||||||
|
@@ -87,8 +87,11 @@ static BROTLI_INLINE uint32_t BrotliGetAvailableBits(
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Returns amount of unread bytes the bit reader still has buffered from the
|
||||||
|
- BrotliInput, including whole bytes in br->val_. */
|
||||||
|
+ BrotliInput, including whole bytes in br->val_. Result is capped with
|
||||||
|
+ maximal ring-buffer size (larger number won't be utilized anyway). */
|
||||||
|
static BROTLI_INLINE size_t BrotliGetRemainingBytes(BrotliBitReader* br) {
|
||||||
|
+ static const size_t kCap = (size_t)1 << 30;
|
||||||
|
+ if (br->avail_in > kCap) return kCap;
|
||||||
|
return br->avail_in + (BrotliGetAvailableBits(br) >> 3);
|
||||||
|
}
|
||||||
|
|
||||||
@@ -6,7 +6,9 @@ BUGTRACKER = "https://github.com/google/brotli/issues"
|
|||||||
LICENSE = "MIT"
|
LICENSE = "MIT"
|
||||||
LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=941ee9cd1609382f946352712a319b4b"
|
LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=941ee9cd1609382f946352712a319b4b"
|
||||||
|
|
||||||
SRC_URI = "git://github.com/google/brotli.git;branch=master;protocol=https"
|
SRC_URI = "git://github.com/google/brotli.git;branch=master;protocol=https \
|
||||||
|
file://0001-brotli-fix-CVE-2020-8927.patch \
|
||||||
|
"
|
||||||
# tag 1.0.7
|
# tag 1.0.7
|
||||||
SRCREV= "d6d98957ca8ccb1ef45922e978bb10efca0ea541"
|
SRCREV= "d6d98957ca8ccb1ef45922e978bb10efca0ea541"
|
||||||
S = "${WORKDIR}/git"
|
S = "${WORKDIR}/git"
|
||||||
|
|||||||
Reference in New Issue
Block a user