Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:akselmo
perl-YAML-LibYAML.CentOS6
YAML-LibYAML-0.38-CVE-2014-2525.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File YAML-LibYAML-0.38-CVE-2014-2525.patch of Package perl-YAML-LibYAML.CentOS6
Description: CVE-2014-2525: Fixes heap overflow in yaml_parser_scan_uri_escapes The heap overflow is caused by not properly expanding a string before writing to it in function yaml_parser_scan_uri_escapes in scanner.c. Origin: backport, https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048 Author: Salvatore Bonaccorso <carnil@debian.org> Last-Update: 2014-03-20 Applied-Upstream: 0.1.6 --- LibYAML/scanner.c +++ LibYAML/scanner.c @@ -2617,6 +2617,9 @@ yaml_parser_scan_tag_uri(yaml_parser_t * /* Check if it is a URI-escape sequence. */ if (CHECK(parser->buffer, '%')) { + if (!STRING_EXTEND(parser, string)) + goto error; + if (!yaml_parser_scan_uri_escapes(parser, directive, start_mark, &string)) goto error; } --- LibYAML/yaml_private.h +++ LibYAML/yaml_private.h @@ -127,9 +127,12 @@ yaml_string_join( (string).start = (string).pointer = (string).end = 0) #define STRING_EXTEND(context,string) \ - (((string).pointer+5 < (string).end) \ + ((((string).pointer+5 < (string).end) \ || yaml_string_extend(&(string).start, \ - &(string).pointer, &(string).end)) + &(string).pointer, &(string).end)) ? \ + 1 : \ + ((context)->error = YAML_MEMORY_ERROR, \ + 0)) #define CLEAR(context,string) \ ((string).pointer = (string).start, \
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor