[libyaml-libyaml-perl] 02/04: Add libyaml-node-id-hardening.patch patch

Salvatore Bonaccorso carnil at debian.org
Thu Feb 27 19:25:18 UTC 2014 

This is an automated email from the git hooks/post-receive script.

carnil pushed a commit to branch master
in repository libyaml-libyaml-perl.

commit 4847abdab63b4fd3012eb2cbbc4ecfecc76a02c3
Author: Salvatore Bonaccorso <carnil at debian.org>
Date:   Sat Feb 8 23:48:13 2014 +0100

    Add libyaml-node-id-hardening.patch patch
    
    Guard against integer overflow.
---
 debian/patches/libyaml-node-id-hardening.patch | 34 ++++++++++++++++++++++++++
 debian/patches/series                          |  1 +
 2 files changed, 35 insertions(+)

diff --git a/debian/patches/libyaml-node-id-hardening.patch b/debian/patches/libyaml-node-id-hardening.patch
new file mode 100644
index 0000000..c92d372
--- /dev/null
+++ b/debian/patches/libyaml-node-id-hardening.patch
@@ -0,0 +1,34 @@
+Description: CVE-2013-6393: yaml_stack_extend: guard against integer overflow
+ This is a hardening patch also from Florian Weimer
+ <fweimer at redhat.com>.  It is not required to fix this CVE however it
+ improves the robustness of the code against future issues by avoiding
+ large node ID's in a central place.
+Origin: https://bugzilla.redhat.com/show_bug.cgi?id=1033990
+Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1033990
+Last-Update: 2014-01-29
+---
+# HG changeset patch
+# User Florian Weimer <fweimer at redhat.com>
+# Date 1389274355 -3600
+#      Thu Jan 09 14:32:35 2014 +0100
+# Node ID 034d7a91581ac930e5958683f1a06f41e96d24a2
+# Parent  a54d7af707f25dc298a7be60fd152001d2b3035b
+yaml_stack_extend: guard against integer overflow
+
+diff --git a/src/api.c b/src/api.c
+--- a/LibYAML/api.c
++++ b/LibYAML/api.c
+@@ -117,7 +117,12 @@
+ YAML_DECLARE(int)
+ yaml_stack_extend(void **start, void **top, void **end)
+ {
+-    void *new_start = yaml_realloc(*start, ((char *)*end - (char *)*start)*2);
++    void *new_start;
++
++    if ((char *)*end - (char *)*start >= INT_MAX / 2)
++	return 0;
++
++    new_start = yaml_realloc(*start, ((char *)*end - (char *)*start)*2);
+ 
+     if (!new_start) return 0;
+ 
diff --git a/debian/patches/series b/debian/patches/series
index 74850df..3028c1d 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
 fix_ftbfs_hardening_flags.diff
 disable-update.sh.patch
 libyaml-string-overflow.patch
+libyaml-node-id-hardening.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/libyaml-libyaml-perl.git

More information about the Pkg-perl-cvs-commits mailing list