[oe-commits] [openembedded-core] 36/53: ruby: Security fix for CVE-2017-14064
git at git.openembedded.org
git at git.openembedded.org
Tue Nov 21 14:44:57 UTC 2017
This is an automated email from the git hooks/post-receive script.
rpurdie pushed a commit to branch morty
in repository openembedded-core.
commit 8d53b03e8fa1bc20c0d77d6cd7869bd7f7325987
Author: Rajkumar Veer <rveer at mvista.com>
AuthorDate: Sat Nov 4 10:45:58 2017 -0700
ruby: Security fix for CVE-2017-14064
Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1
Signed-off-by: Rajkumar Veer <rveer at mvista.com>
Signed-off-by: Armin Kuster <akuster at mvista.com>
---
.../ruby/ruby/CVE-2017-14064.patch | 79 ++++++++++++++++++++++
meta/recipes-devtools/ruby/ruby_2.2.5.bb | 1 +
2 files changed, 80 insertions(+)
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2017-14064.patch b/meta/recipes-devtools/ruby/ruby/CVE-2017-14064.patch
new file mode 100644
index 0000000..073d214
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2017-14064.patch
@@ -0,0 +1,79 @@
+From 8f782fd8e181d9cfe9387ded43a5ca9692266b85 Mon Sep 17 00:00:00 2001
+From: Florian Frank <flori at ping.de>
+Date: Thu, 2 Mar 2017 12:12:33 +0100
+Subject: [PATCH] Fix arbitrary heap exposure problem
+
+Upstream-Status: Backport
+CVE: CVE-2017-14064
+
+Signed-off-by: Rajkumar Veer<rveer at mvista.com>
+---
+ ext/json/ext/generator/generator.c | 12 ++++++------
+ ext/json/ext/generator/generator.h | 1 -
+ 2 files changed, 6 insertions(+), 7 deletions(-)
+--- a/ext/json/generator/generator.c
++++ b/ext/json/generator/generator.c
+@@ -301,7 +301,7 @@
+ char *result;
+ if (len <= 0) return NULL;
+ result = ALLOC_N(char, len);
+- memccpy(result, ptr, 0, len);
++ memcpy(result, ptr, len);
+ return result;
+ }
+
+@@ -1055,7 +1055,7 @@
+ }
+ } else {
+ if (state->indent) ruby_xfree(state->indent);
+- state->indent = strdup(RSTRING_PTR(indent));
++ state->indent = fstrndup(RSTRING_PTR(indent), len);
+ state->indent_len = len;
+ }
+ return Qnil;
+@@ -1093,7 +1093,7 @@
+ }
+ } else {
+ if (state->space) ruby_xfree(state->space);
+- state->space = strdup(RSTRING_PTR(space));
++ state->space = fstrndup(RSTRING_PTR(space), len);
+ state->space_len = len;
+ }
+ return Qnil;
+@@ -1129,7 +1129,7 @@
+ }
+ } else {
+ if (state->space_before) ruby_xfree(state->space_before);
+- state->space_before = strdup(RSTRING_PTR(space_before));
++ state->space_before = fstrndup(RSTRING_PTR(space_before), len);
+ state->space_before_len = len;
+ }
+ return Qnil;
+@@ -1166,7 +1166,7 @@
+ }
+ } else {
+ if (state->object_nl) ruby_xfree(state->object_nl);
+- state->object_nl = strdup(RSTRING_PTR(object_nl));
++ state->object_nl = fstrndup(RSTRING_PTR(object_nl), len);
+ state->object_nl_len = len;
+ }
+ return Qnil;
+@@ -1201,7 +1201,7 @@
+ }
+ } else {
+ if (state->array_nl) ruby_xfree(state->array_nl);
+- state->array_nl = strdup(RSTRING_PTR(array_nl));
++ state->array_nl = fstrndup(RSTRING_PTR(array_nl), len);
+ state->array_nl_len = len;
+ }
+ return Qnil;
+--- a/ext/json/generator/generator.h
++++ b/ext/json/generator/generator.h
+@@ -1,7 +1,6 @@
+ #ifndef _GENERATOR_H_
+ #define _GENERATOR_H_
+
+-#include <string.h>
+ #include <math.h>
+ #include <ctype.h>
+
diff --git a/meta/recipes-devtools/ruby/ruby_2.2.5.bb b/meta/recipes-devtools/ruby/ruby_2.2.5.bb
index 0830805..750ddc6 100644
--- a/meta/recipes-devtools/ruby/ruby_2.2.5.bb
+++ b/meta/recipes-devtools/ruby/ruby_2.2.5.bb
@@ -10,6 +10,7 @@ SRC_URI += "file://prevent-gc.patch \
file://CVE-2017-9226.patch \
file://CVE-2017-9229.patch \
file://CVE-2017-14033.patch \
+ file://CVE-2017-14064.patch \
"
# it's unknown to configure script, but then passed to extconf.rb
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Openembedded-commits
mailing list