summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAnuj Mittal <anuj.mittal@intel.com>2019-07-26 12:47:26 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2019-07-29 10:25:30 +0100
commitbff3467315a442094f4ec43beaedb2ebd083ded6 (patch)
tree8040c7fe0bc527583878ee5f64cb45d15251895b
parent9cf897d23af4d1a7d09e7eecd35f3f6e84a90519 (diff)
downloadpoky-bff3467315a442094f4ec43beaedb2ebd083ded6.tar.gz
poky-bff3467315a442094f4ec43beaedb2ebd083ded6.tar.bz2
poky-bff3467315a442094f4ec43beaedb2ebd083ded6.zip
wget: fix CVE-2019-5953
(From OE-Core rev: db17c2467af57a802f29a423ce1e9f0508bff5fe) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-extended/wget/wget/CVE-2019-5953.patch34
-rw-r--r--meta/recipes-extended/wget/wget_1.20.1.bb1
2 files changed, 35 insertions, 0 deletions
diff --git a/meta/recipes-extended/wget/wget/CVE-2019-5953.patch b/meta/recipes-extended/wget/wget/CVE-2019-5953.patch
new file mode 100644
index 0000000000..00efe20a2f
--- /dev/null
+++ b/meta/recipes-extended/wget/wget/CVE-2019-5953.patch
@@ -0,0 +1,34 @@
+From 692d5c5215de0db482c252492a92fc424cc6a97c Mon Sep 17 00:00:00 2001
+From: Tim Ruehsen <tim.ruehsen@gmx.de>
+Date: Fri, 5 Apr 2019 11:50:44 +0200
+Subject: Fix a buffer overflow vulnerability
+
+* src/iri.c(do_conversion): Reallocate the output buffer to a larger
+ size if it is already full
+Upstream-Status: Backport
+CVE: CVE-2019-5953
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+---
+--- a/src/iri.c
++++ b/src/iri.c
+@@ -188,11 +191,14 @@ do_conversion (const char *tocode, const char *fromcode, char const *in_org, siz
+ }
+ else if (errno == E2BIG) /* Output buffer full */
+ {
++ logprintf (LOG_VERBOSE,
++ _("Reallocate output buffer len=%d outlen=%d inlen=%d\n"), len, outlen, inlen);
+ tooshort++;
+ done = len;
+- len = outlen = done + inlen * 2;
+- s = xrealloc (s, outlen + 1);
+- *out = s + done;
++ len = done + inlen * 2;
++ s = xrealloc (s, len + 1);
++ *out = s + done - outlen;
++ outlen += inlen * 2;
+ }
+ else /* Weird, we got an unspecified error */
+ {
+--
+cgit v1.0-41-gc330
+
diff --git a/meta/recipes-extended/wget/wget_1.20.1.bb b/meta/recipes-extended/wget/wget_1.20.1.bb
index d176bd0acd..e852a0c0cf 100644
--- a/meta/recipes-extended/wget/wget_1.20.1.bb
+++ b/meta/recipes-extended/wget/wget_1.20.1.bb
@@ -1,5 +1,6 @@
SRC_URI = "${GNU_MIRROR}/wget/wget-${PV}.tar.gz \
file://0002-improve-reproducibility.patch \
+ file://CVE-2019-5953.patch \
"
SRC_URI[md5sum] = "f6ebe9c7b375fc9832fb1b2028271fb7"