[libyaml-libyaml-perl] 01/02: Add CVE-2014-2525.patch patch
Salvatore Bonaccorso
carnil at debian.org
Wed Mar 26 19:36:23 UTC 2014
This is an automated email from the git hooks/post-receive script.
carnil pushed a commit to branch squeeze
in repository libyaml-libyaml-perl.
commit 51169717d030108c4c86fbf0d6958b1b2021ad0f
Author: Salvatore Bonaccorso <carnil at debian.org>
Date: Sun Mar 23 08:28:23 2014 +0100
Add CVE-2014-2525.patch patch
CVE-2014-2525: Heap overflow when parsing YAML tags.
The heap overflow is caused by not properly expanding a string before
writing to it in function yaml_parser_scan_uri_escapes in scanner.c.
---
debian/patches/CVE-2014-2525.patch | 35 +++++++++++++++++++++++++++++++++++
debian/patches/series | 1 +
2 files changed, 36 insertions(+)
diff --git a/debian/patches/CVE-2014-2525.patch b/debian/patches/CVE-2014-2525.patch
new file mode 100644
index 0000000..d80a9a6
--- /dev/null
+++ b/debian/patches/CVE-2014-2525.patch
@@ -0,0 +1,35 @@
+Description: CVE-2014-2525: Heap overflow when parsing YAML tags
+ The heap overflow is caused by not properly expanding a string before
+ writing to it in function yaml_parser_scan_uri_escapes in scanner.c.
+Origin: upstream
+Last-Update: 2014-03-23
+
+--- a/LibYAML/scanner.c
++++ b/LibYAML/scanner.c
+@@ -2627,6 +2627,9 @@
+ /* Check if it is a URI-escape sequence. */
+
+ if (CHECK(parser->buffer, '%')) {
++ if (!STRING_EXTEND(parser, string))
++ goto error;
++
+ if (!yaml_parser_scan_uri_escapes(parser,
+ directive, start_mark, &string)) goto error;
+ }
+--- a/LibYAML/yaml_private.h
++++ b/LibYAML/yaml_private.h
+@@ -128,9 +128,12 @@
+ (string).start = (string).pointer = (string).end = 0)
+
+ #define STRING_EXTEND(context,string) \
+- (((string).pointer+5 < (string).end) \
++ ((((string).pointer+5 < (string).end) \
+ || yaml_string_extend(&(string).start, \
+- &(string).pointer, &(string).end))
++ &(string).pointer, &(string).end)) ? \
++ 1 : \
++ ((context)->error = YAML_MEMORY_ERROR, \
++ 0))
+
+ #define CLEAR(context,string) \
+ ((string).pointer = (string).start, \
diff --git a/debian/patches/series b/debian/patches/series
index 9119dca..3004f4e 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,3 +2,4 @@ format-error.patch
libyaml-string-overflow.patch
libyaml-node-id-hardening.patch
libyaml-guard-against-overflows-in-indent-and-flow_level.patch
+CVE-2014-2525.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/libyaml-libyaml-perl.git
More information about the Pkg-perl-cvs-commits
mailing list