[libyaml-libyaml-perl] 01/02: Add CVE-2014-2525.patch patch

Salvatore Bonaccorso carnil at debian.org
Wed Mar 26 19:36:23 UTC 2014 

This is an automated email from the git hooks/post-receive script.

carnil pushed a commit to branch wheezy
in repository libyaml-libyaml-perl.

commit 1088127a9520582bc06d0480fb61af93e997359c
Author: Salvatore Bonaccorso <carnil at debian.org>
Date:   Sun Mar 23 08:28:23 2014 +0100

    Add CVE-2014-2525.patch patch
    
    CVE-2014-2525: Heap overflow when parsing YAML tags.
    
    The heap overflow is caused by not properly expanding a string before
    writing to it in function yaml_parser_scan_uri_escapes in scanner.c.
---
 debian/patches/CVE-2014-2525.patch | 35 +++++++++++++++++++++++++++++++++++
 debian/patches/series              |  1 +
 2 files changed, 36 insertions(+)

diff --git a/debian/patches/CVE-2014-2525.patch b/debian/patches/CVE-2014-2525.patch
new file mode 100644
index 0000000..d80a9a6
--- /dev/null
+++ b/debian/patches/CVE-2014-2525.patch
@@ -0,0 +1,35 @@
+Description: CVE-2014-2525: Heap overflow when parsing YAML tags
+  The heap overflow is caused by not properly expanding a string before
+  writing to it in function yaml_parser_scan_uri_escapes in scanner.c. 
+Origin: upstream
+Last-Update: 2014-03-23
+
+--- a/LibYAML/scanner.c
++++ b/LibYAML/scanner.c
+@@ -2627,6 +2627,9 @@
+         /* Check if it is a URI-escape sequence. */
+ 
+         if (CHECK(parser->buffer, '%')) {
++            if (!STRING_EXTEND(parser, string))
++                goto error;
++
+             if (!yaml_parser_scan_uri_escapes(parser,
+                         directive, start_mark, &string)) goto error;
+         }
+--- a/LibYAML/yaml_private.h
++++ b/LibYAML/yaml_private.h
+@@ -128,9 +128,12 @@
+      (string).start = (string).pointer = (string).end = 0)
+ 
+ #define STRING_EXTEND(context,string)                                           \
+-    (((string).pointer+5 < (string).end)                                        \
++    ((((string).pointer+5 < (string).end)                                       \
+         || yaml_string_extend(&(string).start,                                  \
+-            &(string).pointer, &(string).end))
++            &(string).pointer, &(string).end)) ?                                \
++         1 :                                                                    \
++        ((context)->error = YAML_MEMORY_ERROR,                                  \
++         0))
+ 
+ #define CLEAR(context,string)                                                   \
+     ((string).pointer = (string).start,                                         \
diff --git a/debian/patches/series b/debian/patches/series
index b1c3a90..5641b03 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,3 +2,4 @@ fix_ftbfs_hardening_flags.diff
 libyaml-string-overflow.patch
 libyaml-node-id-hardening.patch
 libyaml-guard-against-overflows-in-indent-and-flow_level.patch
+CVE-2014-2525.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/libyaml-libyaml-perl.git

More information about the Pkg-perl-cvs-commits mailing list