mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-09 17:39:31 +00:00
Code Issues Projects Releases Wiki Activity

gpgme: fix CVE-2014-3564

Browse Source 
Backport patch to fix CVE-2014-3564.

http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=commit;h=2cbd76f

(From OE-Core rev: 421e21b08a6a32db88aaf46033ca503a99e49b74)

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Kai Kang
2015-05-28 09:26:14 +08:00
committed by Richard Purdie
parent 1c5e37acb9
commit fb0da9e6f3
2 changed files with 59 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-support/gpgme/gpgme-1.4.3/gpgme-fix-CVE-2014-3564.patch
+56
View File
@@ -0,0 +1,56 @@
Upstream-Status: Backport
Backport patch to fix CVE-2014-3564.
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=commit;h=2cbd76f7911fc215845e89b50d6af5ff4a83dd77
Signed-off-by: Kai Kang <kai.kang@windriver.com>
---
From 2cbd76f7911fc215845e89b50d6af5ff4a83dd77 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Wed, 30 Jul 2014 11:04:55 +0200
Subject: [PATCH 1/1] Fix possible realloc overflow for gpgsm and uiserver
engines.
After a realloc (realloc is also used for initial alloc) the allocated
size if the buffer is not correctly recorded. Thus an overflow can be
introduced by receiving data with different line lengths in a specific
order. This is not easy exploitable because libassuan constructs the
line. However a crash has been reported and thus it might be possible
to constructs an exploit.
CVE-id: CVE-2014-3564
Reported-by: Tomáš Trnka
---
src/engine-gpgsm.c | 2 +-
src/engine-uiserver.c | 2 +-
3 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/src/engine-gpgsm.c b/src/engine-gpgsm.c
index 8ec1598..3a83757 100644
--- a/src/engine-gpgsm.c
+++ b/src/engine-gpgsm.c
@@ -836,7 +836,7 @@ status_handler (void *opaque, int fd)
else
{
*aline = newline;
- gpgsm->colon.attic.linesize += linelen + 1;
+ gpgsm->colon.attic.linesize = *alinelen + linelen + 1;
}
}
if (!err)
diff --git a/src/engine-uiserver.c b/src/engine-uiserver.c
index 2738c36..a7184b7 100644
--- a/src/engine-uiserver.c
+++ b/src/engine-uiserver.c
@@ -698,7 +698,7 @@ status_handler (void *opaque, int fd)
else
{
*aline = newline;
- uiserver->colon.attic.linesize += linelen + 1;
+ uiserver->colon.attic.linesize = *alinelen + linelen + 1;
}
}
if (!err)
--
2.1.4
meta/recipes-support/gpgme/gpgme_1.4.3.bb
+3 -1
View File
@@ -11,7 +11,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f \
SRC_URI = "ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-${PV}.tar.bz2 \ SRC_URI = "ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-${PV}.tar.bz2 \
file://gpgme.pc \ file://gpgme.pc \
file://pkgconfig.patch" file://pkgconfig.patch \
file://gpgme-fix-CVE-2014-3564.patch \
"
SRC_URI[md5sum] = "334e524cffa8af4e2f43ae8afe585672" SRC_URI[md5sum] = "334e524cffa8af4e2f43ae8afe585672"
SRC_URI[sha256sum] = "2d1cc12411753752d9c5b9037e6fd3fd363517af720154768cc7b46b60120496" SRC_URI[sha256sum] = "2d1cc12411753752d9c5b9037e6fd3fd363517af720154768cc7b46b60120496"