صفحهٔ اصلی گشت‌و‌گذار راهنما
ورود
PUBLIC_REPOS
/
buildroot
mirrorاز git://git.buildroot.net/buildroot
2
1
انشعاب 0
پرونده‌ها
درخت: 010745a955
شاخه‌ها تگ‌ها
buildroot
/
package
/
libyaml
/
libyaml-0003-string-overflow.patch

libyaml-0003-string-overflow.patch 1.1 KB
تاريخچه خام

12345678910111213141516171819202122232425262728 
  1. Description: CVE-2013-6393: yaml_parser_scan_tag_uri: fix int overflow leading to buffer overflow
    2. 

  2.  This is a proposed patch from Florian Weimer <fweimer@redhat.com> for
    3. 

  3.  the string overflow issue. It has been ack'd by upstream.
    4. 

  4. Origin: https://bugzilla.redhat.com/show_bug.cgi?id=1033990
    5. 

  5. Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1033990
    6. 

  6. Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737076
    7. 

  7. Last-Update: 2014-01-29
    8. 

  8. ---
    9. 

  9. # HG changeset patch
    10. 

  10. # User Florian Weimer <fweimer@redhat.com>
    11. 

  11. # Date 1389273500 -3600
    12. 

  12. #      Thu Jan 09 14:18:20 2014 +0100
    13. 

  13. # Node ID a54d7af707f25dc298a7be60fd152001d2b3035b
    14. 

  14. # Parent  3e6507fa0c26d20c09f8f468f2bd04aa2fd1b5b5
    15. 

  15. yaml_parser_scan_tag_uri: fix int overflow leading to buffer overflow
    16. 

  16. 

  17. diff --git a/src/scanner.c b/src/scanner.c
    18. 

  18. --- a/src/scanner.c
    19. 

  19. +++ b/src/scanner.c
    20. 

  20. @@ -2574,7 +2574,7 @@
    21. 

  21.  
    22. 

  22.      /* Resize the string to include the head. */
    23. 

  23.  
    24. 

  24. -    while (string.end - string.start <= (int)length) {
    25. 

  25. +    while ((size_t)(string.end - string.start) <= length) {
    26. 

  26.          if (!yaml_string_extend(&string.start, &string.pointer, &string.end)) {
    27. 

  27.              parser->error = YAML_MEMORY_ERROR;
    28. 

  28.              goto error;
    29.