Re: [OE-core] [oe][PATCH] libproxy: Fix for CVE-2012-4504

Thu, 29 Nov 2012 09:46:33 -0800 

On 11/28/2012 02:13 AM, yanjun.zhu wrote:

From: "yanjun.zhu" <yanjun....@windriver.com>

Reference:https://code.google.com/p/libproxy/source/detail?r=853

Stack-based buffer overflow in the url::get_pac function in url.cpp
in libproxy 0.4.x before 0.4.9 allows remote servers to have an
unspecified impact via a large proxy.pac file.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4504

Signed-off-by: yanjun.zhu <yanjun....@windriver.com>
---
  .../libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch  | 15 +++++++++++++++
  meta/recipes-support/libproxy/libproxy_0.4.7.bb           |  1 +
  2 files changed, 16 insertions(+)
  create mode 100644 
meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch

diff --git 
a/meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch 
b/meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch
new file mode 100644
index 0000000..323a571
--- /dev/null
+++ b/meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch
This is missing a patch header with Signed-off-by and Upstream-Status, please add them. 

Thanks
        Sau!


@@ -0,0 +1,15 @@
+diff -urpN a/libproxy/url.cpp b/libproxy/url.cpp
+--- a/libproxy/url.cpp 2012-11-26 10:08:47.000000000 +0800
++++ b/libproxy/url.cpp 2012-11-26 10:05:54.000000000 +0800
+@@ -472,9 +472,10 @@ char* url::get_pac() {
+                               // Add this chunk to our content length,
+                               // ensuring that we aren't over our max size
+                               content_length += chunk_length;
+-                              if (content_length >= PAC_MAX_SIZE) break;
+                       }
+
++                      if (content_length >= PAC_MAX_SIZE) break;
++
+                       while (recvd != content_length) {
+                               int r = recv(sock, buffer + recvd, 
content_length - recvd, 0);
+                               if (r < 0) break;
diff --git a/meta/recipes-support/libproxy/libproxy_0.4.7.bb 
b/meta/recipes-support/libproxy/libproxy_0.4.7.bb
index e3721a8..fc32f57 100644
--- a/meta/recipes-support/libproxy/libproxy_0.4.7.bb
+++ b/meta/recipes-support/libproxy/libproxy_0.4.7.bb
@@ -13,6 +13,7 @@ PR = "r4"
  SRC_URI = "http://libproxy.googlecode.com/files/libproxy-${PV}.tar.gz \
             file://g++-namepace.patch \
             file://libproxy_fix_for_gcc4.7.patch \
+           file://libproxy-0.4.7-CVE-2012-4504.patch \
            "

  SRC_URI[md5sum] = "509e03a488a61cd62bfbaf3ab6a2a7a5"



_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core

Reply via email to