diff options
Diffstat (limited to 'meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch')
| -rw-r--r-- | meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch b/meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch new file mode 100644 index 0000000000..7f2d93a937 --- /dev/null +++ b/meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch @@ -0,0 +1,29 @@ +Upstream-Status: Backport + +libproxy - CVE-2012-4504: + +Reference:https://code.google.com/p/libproxy/source/detail?r=853 + +Stack-based buffer overflow in the url::get_pac function in url.cpp +in libproxy 0.4.x before 0.4.9 allows remote servers to have an +unspecified impact via a large proxy.pac file. + +http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4504 + +Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com> + +diff -urpN a/libproxy/url.cpp b/libproxy/url.cpp +--- a/libproxy/url.cpp 2012-11-26 10:08:47.000000000 +0800 ++++ b/libproxy/url.cpp 2012-11-26 10:05:54.000000000 +0800 +@@ -472,9 +472,10 @@ char* url::get_pac() { + // Add this chunk to our content length, + // ensuring that we aren't over our max size + content_length += chunk_length; +- if (content_length >= PAC_MAX_SIZE) break; + } + ++ if (content_length >= PAC_MAX_SIZE) break; ++ + while (recvd != content_length) { + int r = recv(sock, buffer + recvd, content_length - recvd, 0); + if (r < 0) break; |