From 17dbfd967019f9b50a9f6aa3f48cd3658fcccc70 Mon Sep 17 00:00:00 2001
From: Ovidiu Panait <ovidiu.panait@windriver.com>
Date: Fri, 15 Sep 2017 14:36:58 +0300
Subject: ruby: CVE-2017-14064

Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose
arbitrary memory during a JSON.generate call. The issues lies in using
strdup in ext/json/ext/generator/generator.c, which will stop after
encountering a '\0' byte, returning a pointer to a string of length zero,
which is not the length stored in space_len.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2017-14064

Upstream patch:
https://github.com/flori/json/commit/8f782fd8e181d9cfe9387ded43a5ca9692266b85

Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
---
 meta/recipes-devtools/ruby/ruby_2.4.1.bb | 1 +
 1 file changed, 1 insertion(+)

(limited to 'meta/recipes-devtools/ruby/ruby_2.4.1.bb')

diff --git a/meta/recipes-devtools/ruby/ruby_2.4.1.bb b/meta/recipes-devtools/ruby/ruby_2.4.1.bb
index 4443146b57..7d27ac84ec 100644
--- a/meta/recipes-devtools/ruby/ruby_2.4.1.bb
+++ b/meta/recipes-devtools/ruby/ruby_2.4.1.bb
@@ -6,6 +6,7 @@ SRC_URI += " \
            file://ruby-CVE-2017-9227.patch \
            file://ruby-CVE-2017-9228.patch \
            file://ruby-CVE-2017-9229.patch \
+           file://ruby-CVE-2017-14064.patch \
            "
 
 SRC_URI[md5sum] = "782bca562e474dd25956dd0017d92677"
-- 
cgit v1.2.3