summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--meta/recipes-extended/less/less/0001-Fix-possible-buffer-overrun-with-invalid-UTF-8.patch49
-rw-r--r--meta/recipes-extended/less/less_471.bb4
2 files changed, 52 insertions, 1 deletions
diff --git a/meta/recipes-extended/less/less/0001-Fix-possible-buffer-overrun-with-invalid-UTF-8.patch b/meta/recipes-extended/less/less/0001-Fix-possible-buffer-overrun-with-invalid-UTF-8.patch
new file mode 100644
index 0000000000..455eafc492
--- /dev/null
+++ b/meta/recipes-extended/less/less/0001-Fix-possible-buffer-overrun-with-invalid-UTF-8.patch
@@ -0,0 +1,49 @@
+From e0a1add063a657b98611c94debb3631b8ffa36fe Mon Sep 17 00:00:00 2001
+From: Junling Zheng <zhengjunling@huawei.com>
+Date: Fri, 24 Apr 2015 11:24:04 +0800
+Subject: [PATCH] Fix possible buffer overrun with invalid UTF-8
+
+An out of bounds read access in the UTF-8 decoding can be triggered with
+a malformed file in the tool less. The access happens in the function
+is_utf8_well_formed due to a truncated multibyte character in the sample
+file.
+
+The bug does not crash less, it can only be made visible by running less
+with valgrind or compiling it with Address Sanitizer.
+
+Version 475 of less contains a fix for this issue. The file version.c
+contains some entry mentioning this issue (without any credit):
+
+ - v475 3/2/15 Fix possible buffer overrun with invalid UTF-8
+
+The fix is in the file line.c. We derive this patch from:
+
+https://blog.fuzzing-project.org/3-less-out-of-bounds-read-access-TFPA-0022014.html
+
+Thank Claire Robinson for validating it on Mageia 4 i586. Refer to:
+
+https://bugs.mageia.org/show_bug.cgi?id=15567
+
+Upstream Status: Backported
+
+Signed-off-by: Junling Zheng <zhengjunling@huawei.com>
+---
+ line.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/line.c b/line.c
+index 89495a3..474be2c 100644
+--- a/line.c
++++ b/line.c
+@@ -807,7 +807,7 @@ pappend(c, pos)
+ mbc_buf[mbc_buf_index++] = c;
+ if (mbc_buf_index < mbc_buf_len)
+ return (0);
+- if (is_utf8_well_formed(mbc_buf))
++ if (is_utf8_well_formed(mbc_buf, mbc_buf_index))
+ r = do_append(get_wchar(mbc_buf), mbc_buf, mbc_pos);
+ else
+ /* Complete, but not shortest form, sequence. */
+--
+1.9.1
+
diff --git a/meta/recipes-extended/less/less_471.bb b/meta/recipes-extended/less/less_471.bb
index 81d354ccf0..72d256276b 100644
--- a/meta/recipes-extended/less/less_471.bb
+++ b/meta/recipes-extended/less/less_471.bb
@@ -24,7 +24,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \
file://LICENSE;md5=866cc220f330b04ae4661fc3cdfedea7"
DEPENDS = "ncurses"
-SRC_URI = "http://www.greenwoodsoftware.com/${BPN}/${BPN}-${PV}.tar.gz"
+SRC_URI = "http://www.greenwoodsoftware.com/${BPN}/${BPN}-${PV}.tar.gz \
+ file://0001-Fix-possible-buffer-overrun-with-invalid-UTF-8.patch \
+ "
SRC_URI[md5sum] = "9a40d29a2d84b41f9f36d7dd90b4f950"
SRC_URI[sha256sum] = "37f613fa9a526378788d790a92217d59b523574cf7159f6538da8564b3fb27f8"