Home Explore Help
Sign In
PUBLIC_REPOS
/
buildroot
mirror of git://git.buildroot.net/buildroot
2
1
Fork 0
Files
Tree: eee0f6c078
Branches Tags
buildroot
/
package
/
libsoup
/
0003-sniffer-fix-potential-overflow.patch

0003-sniffer-fix-potential-overflow.patch 2.1 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859 
  1. From 2eacbd762332795e00692ddab2515c6da23198d3 Mon Sep 17 00:00:00 2001
    2. 

  2. From: Changqing Li <changqing.li@windriver.com>
    3. 

  3. Date: Mon, 12 May 2025 14:06:41 +0800
    4. 

  4. Subject: [PATCH] sniffer: Add better coverage of skip_insignificant_space()
    5. 

  5. 

  6. CVE: CVE-2025-2784
    7. 

  7. Upstream-Status: Backport
    8. 

  8. [https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/435/diffs?commit_id=242a10fbb12dbdc12d254bd8fc8669a0ac055304;
    9. 

  9.  https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/442/diffs?commit_id=c415ad0b6771992e66c70edf373566c6e247089d]
    10. 

  10. 

  11. Test code is not added since it uses some functions not defined in
    12. 

  12. version 2.74. These tests are not used now, so just ignore them.
    13. 

  13. 

  14. Upstream: https://git.openembedded.org/meta-openembedded/plain/meta-oe/recipes-support/libsoup/libsoup-2.4/CVE-2025-2784.patch
    15. 

  15. 

  16. Signed-off-by: Changqing Li <changqing.li@windriver.com>
    17. 

  17. Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
    18. 

  18. ---
    19. 

  19.  libsoup/soup-content-sniffer.c |  9 +++----
    20. 

  20.  1 files changed, 3 insertions(+), 4 deletions(-)
    21. 

  21. 

  22. diff --git a/libsoup/soup-content-sniffer.c b/libsoup/soup-content-sniffer.c
    23. 

  23. index 5f2896e..9554636 100644
    24. 

  24. --- a/libsoup/soup-content-sniffer.c
    25. 

  25. +++ b/libsoup/soup-content-sniffer.c
    26. 

  26. @@ -612,8 +612,10 @@ sniff_text_or_binary (SoupContentSniffer *sniffer, SoupBuffer *buffer)
    27. 

  27.  }
    28. 

  28.  
    29. 

  29.  static gboolean
    30. 

  30. -skip_insignificant_space (const char *resource, int *pos, int resource_length)
    31. 

  31. +skip_insignificant_space (const char *resource, gsize *pos, gsize resource_length)
    32. 

  32.  {
    33. 

  33. +	if (*pos >= resource_length)
    34. 

  34. +		return TRUE;
    35. 

  35.  	while ((resource[*pos] == '\x09') ||
    36. 

  36.  	       (resource[*pos] == '\x20') ||
    37. 

  37.  	       (resource[*pos] == '\x0A') ||
    38. 

  38. @@ -632,7 +634,7 @@ sniff_feed_or_html (SoupContentSniffer *sniffer, SoupBuffer *buffer)
    39. 

  39.  {
    40. 

  40.  	const char *resource = (const char *)buffer->data;
    41. 

  41.  	int resource_length = MIN (512, buffer->length);
    42. 

  42. -	int pos = 0;
    43. 

  43. +	gsize pos = 0;
    44. 

  44.  
    45. 

  45.  	if (resource_length < 3)
    46. 

  46.  		goto text_html;
    47. 

  47. @@ -642,9 +644,6 @@ sniff_feed_or_html (SoupContentSniffer *sniffer, SoupBuffer *buffer)
    48. 

  48.  		pos = 3;
    49. 

  49.  
    50. 

  50.   look_for_tag:
    51. 

  51. -	if (pos > resource_length)
    52. 

  52. -		goto text_html;
    53. 

  53. -
    54. 

  54.  	if (skip_insignificant_space (resource, &pos, resource_length))
    55. 

  55.  		goto text_html;
    56. 

  56. 

  57. -- 
    58. 

  58. 2.34.1
    59. 

  59.