mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-06-14 05:49:57 +00:00
Gyorgy Sarvari
782c49a05a
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-33464
The patch was taken from Debian:
https://sources.debian.org/patches/yasm/1.3.0-8/1010-nasm-pp-no-env-CVE-2021-33464.patch/
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 66a0b01b52)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
35 lines
1.2 KiB
Diff
35 lines
1.2 KiB
Diff
From 3c3f968d48d768c1e355199d4067d99cb72abc26 Mon Sep 17 00:00:00 2001
|
|
From: Gyorgy Sarvari <skandigraun@gmail.com>
|
|
Date: Sat, 15 Nov 2025 13:30:12 +0100
|
|
Subject: [PATCH] Handle file descriptors with nonexisting env names better.
|
|
Avoid writing past allocated memory.
|
|
|
|
This fixes CVE-2021-33464.
|
|
Author: Petter Reinholdtsen <pere@debian.org>
|
|
Bug: https://github.com/yasm/yasm/issues/164
|
|
Bug-Debian: https://bugs.debian.org/1016353
|
|
Forwarded: https://github.com/yasm/yasm/issues/164
|
|
Last-Update: 2025-04-30
|
|
|
|
CVE: CVE-2021-33464
|
|
Upstream-Status: Submitted [https://github.com/yasm/yasm/issues/164]
|
|
|
|
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
|
---
|
|
modules/preprocs/nasm/nasm-pp.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/modules/preprocs/nasm/nasm-pp.c b/modules/preprocs/nasm/nasm-pp.c
|
|
index 512f02c3..f9f92dd1 100644
|
|
--- a/modules/preprocs/nasm/nasm-pp.c
|
|
+++ b/modules/preprocs/nasm/nasm-pp.c
|
|
@@ -1815,7 +1815,7 @@ inc_fopen(char *file, char **newname)
|
|
error(ERR_WARNING, "environment variable `%s' does not exist",
|
|
p1+1);
|
|
*p2 = '%';
|
|
- p1 = p2+1;
|
|
+ pb = p1 = p2+1;
|
|
continue;
|
|
}
|
|
/* need to expand */
|