mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-06-01 00:59:48 +00:00
Code Issues Projects Releases Wiki Activity

coreutils: parse-datetime: CVE-2014-9471

Browse Source 
Memory corruption flaw in parse_datetime()

Reference
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9471

(From OE-Core rev: 0b13fbf3f9b4419141445b381ffa9445af6e52ab)

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Sona Sarmadi
2015-04-29 11:02:20 +02:00
committed by Richard Purdie
parent cafdccb29c
commit ccbb7ef72f
2 changed files with 44 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-core/coreutils/coreutils-8.22/parse-datetime-CVE-2014-9471.patch
+43
View File
@@ -0,0 +1,43 @@
Upstream-Status: Backport
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
---
diff -ruN a/ChangeLog b/ChangeLog
--- a/ChangeLog 2013-12-13 16:20:00.000000000 +0100
+++ b/ChangeLog 2015-02-26 09:24:10.640577829 +0100
@@ -1,3 +1,11 @@
+2014-02-25 Sona Sarmadi <sona.sarmadi@enea.com>
+
+ parse-datetime: fix crash or infloop in TZ="" parsing
+ * lib/parse-datetime.y (parse_datetime): Break out of the
+ TZ="" parsing loop once the second significant " is found.
+ Also skip over any subsequent whitespace to be consistent
+ with the non TZ= case (CVE-2014-9471)
+
2013-12-13 Pádraig Brady <P@draigBrady.com>
version 8.22
diff -ruN a/lib/parse-datetime.y b/lib/parse-datetime.y
--- a/lib/parse-datetime.y 2013-12-04 15:53:33.000000000 +0100
+++ b/lib/parse-datetime.y 2015-02-26 09:20:15.238528670 +0100
@@ -1303,8 +1303,6 @@
char tz1buf[TZBUFSIZE];
bool large_tz = TZBUFSIZE < tzsize;
bool setenv_ok;
- /* Free tz0, in case this is the 2nd or subsequent time through. */
- free (tz0);
tz0 = get_tz (tz0buf);
z = tz1 = large_tz ? xmalloc (tzsize) : tz1buf;
for (s = tzbase; *s != '"'; s++)
@@ -1316,7 +1314,12 @@
if (!setenv_ok)
goto fail;
tz_was_altered = true;
+
p = s + 1;
+ while (c = *p, c_isspace (c))
+ p++;
+
+ break;
}
}
meta/recipes-core/coreutils/coreutils_8.22.bb
+1
View File
@@ -16,6 +16,7 @@ SRC_URI = "${GNU_MIRROR}/coreutils/${BP}.tar.xz \
file://remove-usr-local-lib-from-m4.patch \ file://remove-usr-local-lib-from-m4.patch \
file://dummy_help2man.patch \ file://dummy_help2man.patch \
file://fix-for-dummy-man-usage.patch \ file://fix-for-dummy-man-usage.patch \
file://parse-datetime-CVE-2014-9471.patch \
" "
SRC_URI[md5sum] = "8fb0ae2267aa6e728958adc38f8163a2" SRC_URI[md5sum] = "8fb0ae2267aa6e728958adc38f8163a2"