[oe-commits] Kang Kai : postgresql: add fix for CVE-2014-0065 and CVE-2014-0066 Security Advisory

git at git.openembedded.org git at git.openembedded.org
Wed Dec 3 14:15:42 UTC 2014 

Module: meta-openembedded.git
Branch: dizzy
Commit: 21adba175d21e0ae554c258d5d3d084fff355ad5
URL:    http://git.openembedded.org/?p=meta-openembedded.git&a=commit;h=21adba175d21e0ae554c258d5d3d084fff355ad5

Author: Kang Kai <kai.kang at windriver.com>
Date:   Wed Oct 29 08:30:58 2014 +0800

postgresql: add fix for CVE-2014-0065 and CVE-2014-0066 Security Advisory

Coverity identified a number of places in which it couldn't prove that a
string being copied into a fixed-size buffer would fit.  We believe that
most, perhaps all of these are in fact safe, or are copying data that is
coming from a trusted source so that any overrun is not really a
security issue.  Nonetheless it seems prudent to forestall any risk by
using strlcpy() and similar functions.

Fixes by Peter Eisentraut and Jozef Mlich based on Coverity reports.

In addition, fix a potential null-pointer-dereference crash in
contrib/chkpass.  The crypt(3) function is defined to return NULL on
failure, but chkpass.c didn't check for that before using the result.
The main practical case in which this could be an issue is if libc is
configured to refuse to execute unapproved hashing algorithms (e.g.,
"FIPS mode").  This ideally should've been a separate commit, but since
it touches code adjacent to one of the buffer overrun changes, I
included it in this commit to avoid last-minute merge issues.  This
issue was reported by Honza Horak.

Security: CVE-2014-0065 for buffer overruns, CVE-2014-0066 for crypt()

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0066

Signed-off-by: Yue Tao <Yue.Tao at windriver.com>
Signed-off-by: Kai Kang <kai.kang at windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa at gmail.com>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>

---

 ...-potential-overruns-of-fixed-size-buffers.patch | 393 +++++++++++++++++++++
 meta-oe/recipes-support/postgresql/postgresql.inc  |   1 +
 2 files changed, 394 insertions(+)

Diff:   http://git.openembedded.org/?p=meta-openembedded.git/?a=commitdiff;h=21adba175d21e0ae554c258d5d3d084fff355ad5

More information about the Openembedded-commits mailing list