[OE-core] [oe][PATCH] libproxy: Fix for CVE-2012-4504
Saul Wold
sgw at linux.intel.com
Thu Nov 29 17:45:45 UTC 2012
On 11/28/2012 02:13 AM, yanjun.zhu wrote:
> From: "yanjun.zhu" <yanjun.zhu at windriver.com>
>
> Reference:https://code.google.com/p/libproxy/source/detail?r=853
>
> Stack-based buffer overflow in the url::get_pac function in url.cpp
> in libproxy 0.4.x before 0.4.9 allows remote servers to have an
> unspecified impact via a large proxy.pac file.
>
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4504
>
> Signed-off-by: yanjun.zhu <yanjun.zhu at windriver.com>
> ---
> .../libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch | 15 +++++++++++++++
> meta/recipes-support/libproxy/libproxy_0.4.7.bb | 1 +
> 2 files changed, 16 insertions(+)
> create mode 100644 meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch
>
> diff --git a/meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch b/meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch
> new file mode 100644
> index 0000000..323a571
> --- /dev/null
> +++ b/meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch
This is missing a patch header with Signed-off-by and Upstream-Status,
please add them.
Thanks
Sau!
> @@ -0,0 +1,15 @@
> +diff -urpN a/libproxy/url.cpp b/libproxy/url.cpp
> +--- a/libproxy/url.cpp 2012-11-26 10:08:47.000000000 +0800
> ++++ b/libproxy/url.cpp 2012-11-26 10:05:54.000000000 +0800
> +@@ -472,9 +472,10 @@ char* url::get_pac() {
> + // Add this chunk to our content length,
> + // ensuring that we aren't over our max size
> + content_length += chunk_length;
> +- if (content_length >= PAC_MAX_SIZE) break;
> + }
> +
> ++ if (content_length >= PAC_MAX_SIZE) break;
> ++
> + while (recvd != content_length) {
> + int r = recv(sock, buffer + recvd, content_length - recvd, 0);
> + if (r < 0) break;
> diff --git a/meta/recipes-support/libproxy/libproxy_0.4.7.bb b/meta/recipes-support/libproxy/libproxy_0.4.7.bb
> index e3721a8..fc32f57 100644
> --- a/meta/recipes-support/libproxy/libproxy_0.4.7.bb
> +++ b/meta/recipes-support/libproxy/libproxy_0.4.7.bb
> @@ -13,6 +13,7 @@ PR = "r4"
> SRC_URI = "http://libproxy.googlecode.com/files/libproxy-${PV}.tar.gz \
> file://g++-namepace.patch \
> file://libproxy_fix_for_gcc4.7.patch \
> + file://libproxy-0.4.7-CVE-2012-4504.patch \
> "
>
> SRC_URI[md5sum] = "509e03a488a61cd62bfbaf3ab6a2a7a5"
>
More information about the Openembedded-core
mailing list