[OE-core] [oe][PATCH] libproxy: Fix for CVE-2012-4504

[Saul Wold]

On 11/28/2012 02:13 AM, yanjun.zhu wrote:
> From: "yanjun.zhu" <yanjun.zhu at windriver.com>
>
> Reference:https://code.google.com/p/libproxy/source/detail?r=853
>
> Stack-based buffer overflow in the url::get_pac function in url.cpp
> in libproxy 0.4.x before 0.4.9 allows remote servers to have an
> unspecified impact via a large proxy.pac file.
>
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4504
>
> Signed-off-by: yanjun.zhu <yanjun.zhu at windriver.com>
> ---
>   .../libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch  | 15 +++++++++++++++
>   meta/recipes-support/libproxy/libproxy_0.4.7.bb           |  1 +
>   2 files changed, 16 insertions(+)
>   create mode 100644 meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch
>
> diff --git a/meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch b/meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch
> new file mode 100644
> index 0000000..323a571
> --- /dev/null
> +++ b/meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch

This is missing a patch header with Signed-off-by and Upstream-Status, 
please add them.

Thanks
	Sau!

> @@ -0,0 +1,15 @@
> +diff -urpN a/libproxy/url.cpp b/libproxy/url.cpp
> +--- a/libproxy/url.cpp	2012-11-26 10:08:47.000000000 +0800
> ++++ b/libproxy/url.cpp	2012-11-26 10:05:54.000000000 +0800
> +@@ -472,9 +472,10 @@ char* url::get_pac() {
> + 				// Add this chunk to our content length,
> + 				// ensuring that we aren't over our max size
> + 				content_length += chunk_length;
> +-				if (content_length >= PAC_MAX_SIZE) break;
> + 			}
> +
> ++			if (content_length >= PAC_MAX_SIZE) break;
> ++
> + 			while (recvd != content_length) {
> + 				int r = recv(sock, buffer + recvd, content_length - recvd, 0);
> + 				if (r < 0) break;
> diff --git a/meta/recipes-support/libproxy/libproxy_0.4.7.bb b/meta/recipes-support/libproxy/libproxy_0.4.7.bb
> index e3721a8..fc32f57 100644
> --- a/meta/recipes-support/libproxy/libproxy_0.4.7.bb
> +++ b/meta/recipes-support/libproxy/libproxy_0.4.7.bb
> @@ -13,6 +13,7 @@ PR = "r4"
>   SRC_URI = "http://libproxy.googlecode.com/files/libproxy-${PV}.tar.gz \
>              file://g++-namepace.patch \
>              file://libproxy_fix_for_gcc4.7.patch \
> +           file://libproxy-0.4.7-CVE-2012-4504.patch \
>             "
>
>   SRC_URI[md5sum] = "509e03a488a61cd62bfbaf3ab6a2a7a5"
>