From: Saul Wold <sgw@linux.intel.com>
To: "yanjun.zhu" <yanjun.zhu@windriver.com>
Cc: openembedded-core@lists.openembedded.org
Subject: Re: [oe][PATCH] libproxy: Fix for CVE-2012-4504
Date: Thu, 29 Nov 2012 09:45:45 -0800 [thread overview]
Message-ID: <50B79F49.7020906@linux.intel.com> (raw)
In-Reply-To: <1354097622-27424-1-git-send-email-yanjun.zhu@windriver.com>
On 11/28/2012 02:13 AM, yanjun.zhu wrote:
> From: "yanjun.zhu" <yanjun.zhu@windriver.com>
>
> Reference:https://code.google.com/p/libproxy/source/detail?r=853
>
> Stack-based buffer overflow in the url::get_pac function in url.cpp
> in libproxy 0.4.x before 0.4.9 allows remote servers to have an
> unspecified impact via a large proxy.pac file.
>
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4504
>
> Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
> ---
> .../libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch | 15 +++++++++++++++
> meta/recipes-support/libproxy/libproxy_0.4.7.bb | 1 +
> 2 files changed, 16 insertions(+)
> create mode 100644 meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch
>
> diff --git a/meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch b/meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch
> new file mode 100644
> index 0000000..323a571
> --- /dev/null
> +++ b/meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch
This is missing a patch header with Signed-off-by and Upstream-Status,
please add them.
Thanks
Sau!
> @@ -0,0 +1,15 @@
> +diff -urpN a/libproxy/url.cpp b/libproxy/url.cpp
> +--- a/libproxy/url.cpp 2012-11-26 10:08:47.000000000 +0800
> ++++ b/libproxy/url.cpp 2012-11-26 10:05:54.000000000 +0800
> +@@ -472,9 +472,10 @@ char* url::get_pac() {
> + // Add this chunk to our content length,
> + // ensuring that we aren't over our max size
> + content_length += chunk_length;
> +- if (content_length >= PAC_MAX_SIZE) break;
> + }
> +
> ++ if (content_length >= PAC_MAX_SIZE) break;
> ++
> + while (recvd != content_length) {
> + int r = recv(sock, buffer + recvd, content_length - recvd, 0);
> + if (r < 0) break;
> diff --git a/meta/recipes-support/libproxy/libproxy_0.4.7.bb b/meta/recipes-support/libproxy/libproxy_0.4.7.bb
> index e3721a8..fc32f57 100644
> --- a/meta/recipes-support/libproxy/libproxy_0.4.7.bb
> +++ b/meta/recipes-support/libproxy/libproxy_0.4.7.bb
> @@ -13,6 +13,7 @@ PR = "r4"
> SRC_URI = "http://libproxy.googlecode.com/files/libproxy-${PV}.tar.gz \
> file://g++-namepace.patch \
> file://libproxy_fix_for_gcc4.7.patch \
> + file://libproxy-0.4.7-CVE-2012-4504.patch \
> "
>
> SRC_URI[md5sum] = "509e03a488a61cd62bfbaf3ab6a2a7a5"
>
next prev parent reply other threads:[~2012-11-29 18:00 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <3487>
2012-11-28 10:13 ` [oe][PATCH] libproxy: Fix for CVE-2012-4504 yanjun.zhu
2012-11-29 17:45 ` Saul Wold [this message]
2012-11-30 5:42 ` [PATCH 1/1] " yanjun.zhu
2012-11-30 5:44 ` yzhu1
2012-11-30 6:04 ` yanjun.zhu
2012-11-30 11:08 ` yanjun.zhu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=50B79F49.7020906@linux.intel.com \
--to=sgw@linux.intel.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=yanjun.zhu@windriver.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox