libproxy: Fix for CVE-2012-4504
Reference:https://code.google.com/p/libproxy/source/detail?r=853 Stack-based buffer overflow in the url::get_pac function in url.cpp in libproxy 0.4.x before 0.4.9 allows remote servers to have an unspecified impact via a large proxy.pac file. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4504 [YOCTO #3487] (From OE-Core rev: 821401df8cd79e4878ad87f918b1ce8d0da141ec) Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
parent
bca7285d84
commit
07d689aa87
|
@ -0,0 +1,29 @@
|
|||
Upstream-Status: Backport
|
||||
|
||||
libproxy - CVE-2012-4504:
|
||||
|
||||
Reference:https://code.google.com/p/libproxy/source/detail?r=853
|
||||
|
||||
Stack-based buffer overflow in the url::get_pac function in url.cpp
|
||||
in libproxy 0.4.x before 0.4.9 allows remote servers to have an
|
||||
unspecified impact via a large proxy.pac file.
|
||||
|
||||
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4504
|
||||
|
||||
Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
|
||||
|
||||
diff -urpN a/libproxy/url.cpp b/libproxy/url.cpp
|
||||
--- a/libproxy/url.cpp 2012-11-26 10:08:47.000000000 +0800
|
||||
+++ b/libproxy/url.cpp 2012-11-26 10:05:54.000000000 +0800
|
||||
@@ -472,9 +472,10 @@ char* url::get_pac() {
|
||||
// Add this chunk to our content length,
|
||||
// ensuring that we aren't over our max size
|
||||
content_length += chunk_length;
|
||||
- if (content_length >= PAC_MAX_SIZE) break;
|
||||
}
|
||||
|
||||
+ if (content_length >= PAC_MAX_SIZE) break;
|
||||
+
|
||||
while (recvd != content_length) {
|
||||
int r = recv(sock, buffer + recvd, content_length - recvd, 0);
|
||||
if (r < 0) break;
|
|
@ -13,6 +13,7 @@ PR = "r5"
|
|||
SRC_URI = "http://libproxy.googlecode.com/files/libproxy-${PV}.tar.gz \
|
||||
file://g++-namepace.patch \
|
||||
file://libproxy_fix_for_gcc4.7.patch \
|
||||
file://libproxy-0.4.7-CVE-2012-4504.patch \
|
||||
"
|
||||
|
||||
SRC_URI[md5sum] = "509e03a488a61cd62bfbaf3ab6a2a7a5"
|
||||
|
|
Loading…
Reference in New Issue