ruby: fix CVE-2017-9224
Use DATA_ENSURE(1) before access. (From OE-Core rev: 9db907a0bd331c47c4882b82f9f1d2a7ef1f6d1f) (From OE-Core rev: 7ba25f0d8d95ece5f5d56ace5b1e9c8c797efbc0) Signed-off-by: Joe Slater <jslater@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Fixed up to get to apply Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
parent
960a653e0c
commit
62e244d713
|
@ -0,0 +1,41 @@
|
|||
From 690313a061f7a4fa614ec5cc8368b4f2284e059b Mon Sep 17 00:00:00 2001
|
||||
From: "K.Kosako" <kosako@sofnec.co.jp>
|
||||
Date: Tue, 23 May 2017 10:28:58 +0900
|
||||
Subject: [PATCH] fix #57 : DATA_ENSURE() check must be before data access
|
||||
|
||||
---
|
||||
regexec.c | 5 -----
|
||||
1 file changed, 5 deletions(-)
|
||||
|
||||
--- end of original header
|
||||
|
||||
CVE: CVE-2017-9224
|
||||
|
||||
Context modified so that patch applies for version 2.4.1.
|
||||
|
||||
Upstream-Status: Pending
|
||||
Signed-off-by: Joe Slater <joe.slater@windriver.com>
|
||||
|
||||
|
||||
diff --git a/regexec.c b/regexec.c
|
||||
index 35fef11..d4e577d 100644
|
||||
--- a/regexec.c
|
||||
+++ b/regexec.c
|
||||
@@ -1473,14 +1473,9 @@ match_at(regex_t* reg, const UChar* str, const UChar* end,
|
||||
NEXT;
|
||||
|
||||
CASE(OP_EXACT1) MOP_IN(OP_EXACT1);
|
||||
-#if 0
|
||||
DATA_ENSURE(1);
|
||||
if (*p != *s) goto fail;
|
||||
p++; s++;
|
||||
-#endif
|
||||
- if (*p != *s++) goto fail;
|
||||
- DATA_ENSURE(0);
|
||||
- p++;
|
||||
MOP_OUT;
|
||||
break;
|
||||
|
||||
--
|
||||
1.7.9.5
|
||||
|
|
@ -1,5 +1,9 @@
|
|||
require ruby.inc
|
||||
|
||||
SRC_URI += " \
|
||||
file://ruby-CVE-2017-9224.patch \
|
||||
"
|
||||
|
||||
SRC_URI[md5sum] = "7e9485dcdb86ff52662728de2003e625"
|
||||
SRC_URI[sha256sum] = "152fd0bd15a90b4a18213448f485d4b53e9f7662e1508190aa5b702446b29e3d"
|
||||
|
||||
|
|
Loading…
Reference in New Issue