Re: [OE-core] [PATCH] libcroco: CVE-2020-12825 Security Advisory
On Fri, 2021-02-05 at 22:44 -0800, Khem Raj wrote: > I am also seeing > > ERROR: libcroco-native-0.6.13-r0 do_patch: Fuzz detected: > > Applying patch CVE-2020-12825.patch > patching file src/cr-parser.c > Hunk #4 succeeded at 799 with fuzz 1. > > > The context lines in the patches can be updated with devtool: > > devtool modify libcroco-native > devtool finish --force-patch-refresh libcroco-native There was a more recently submitted version of this. I've refreshed it, in master-next it looks like it was whitespace damaged somehow. Cheers, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#147720): https://lists.openembedded.org/g/openembedded-core/message/147720 Mute This Topic: https://lists.openembedded.org/mt/79998594/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH] libcroco: CVE-2020-12825 Security Advisory
I am also seeing ERROR: libcroco-native-0.6.13-r0 do_patch: Fuzz detected: Applying patch CVE-2020-12825.patch patching file src/cr-parser.c Hunk #4 succeeded at 799 with fuzz 1. The context lines in the patches can be updated with devtool: devtool modify libcroco-native devtool finish --force-patch-refresh libcroco-native On Thu, Jan 21, 2021 at 3:53 AM Ross Burton wrote: > > And a CVE: CVE-2020-12825 tag alongside that too would be good. > > Ross > > On Thu, 21 Jan 2021 at 10:50, Richard Purdie > wrote: > > > > On Thu, 2021-01-21 at 14:59 +0800, Wang Mingyu wrote: > > > References > > > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12825 > > > > > > Signed-off-by: Wang Mingyu > > > --- > > > .../libcroco/libcroco/CVE-2020-12825.patch| 170 ++ > > > .../libcroco/libcroco_0.6.13.bb | 2 + > > > 2 files changed, 172 insertions(+) > > > create mode 100644 > > > meta/recipes-support/libcroco/libcroco/CVE-2020-12825.patch > > > > > > diff --git a/meta/recipes-support/libcroco/libcroco/CVE-2020-12825.patch > > > b/meta/recipes-support/libcroco/libcroco/CVE-2020-12825.patch > > > new file mode 100644 > > > index 00..cde0abd676 > > > --- /dev/null > > > +++ b/meta/recipes-support/libcroco/libcroco/CVE-2020-12825.patch > > > @@ -0,0 +1,170 @@ > > > +Subject: [PATCH] libcroco: Limit recursion in block and any productions > > > + > > > +Signed-off-by:Michael Catanzaro @mcatanzaro > > > > Thanks for this, the patch has no Upstream-Status set though? Could you > > resend with one please? > > > > Cheers, > > > > Richard > > > > > > > > > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#147718): https://lists.openembedded.org/g/openembedded-core/message/147718 Mute This Topic: https://lists.openembedded.org/mt/79998594/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH] libcroco: CVE-2020-12825 Security Advisory
And a CVE: CVE-2020-12825 tag alongside that too would be good. Ross On Thu, 21 Jan 2021 at 10:50, Richard Purdie wrote: > > On Thu, 2021-01-21 at 14:59 +0800, Wang Mingyu wrote: > > References > > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12825 > > > > Signed-off-by: Wang Mingyu > > --- > > .../libcroco/libcroco/CVE-2020-12825.patch| 170 ++ > > .../libcroco/libcroco_0.6.13.bb | 2 + > > 2 files changed, 172 insertions(+) > > create mode 100644 > > meta/recipes-support/libcroco/libcroco/CVE-2020-12825.patch > > > > diff --git a/meta/recipes-support/libcroco/libcroco/CVE-2020-12825.patch > > b/meta/recipes-support/libcroco/libcroco/CVE-2020-12825.patch > > new file mode 100644 > > index 00..cde0abd676 > > --- /dev/null > > +++ b/meta/recipes-support/libcroco/libcroco/CVE-2020-12825.patch > > @@ -0,0 +1,170 @@ > > +Subject: [PATCH] libcroco: Limit recursion in block and any productions > > + > > +Signed-off-by:Michael Catanzaro @mcatanzaro > > Thanks for this, the patch has no Upstream-Status set though? Could you > resend with one please? > > Cheers, > > Richard > > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#147058): https://lists.openembedded.org/g/openembedded-core/message/147058 Mute This Topic: https://lists.openembedded.org/mt/79998594/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH] libcroco: CVE-2020-12825 Security Advisory
On Thu, 2021-01-21 at 14:59 +0800, Wang Mingyu wrote: > References > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12825 > > Signed-off-by: Wang Mingyu > --- > .../libcroco/libcroco/CVE-2020-12825.patch| 170 ++ > .../libcroco/libcroco_0.6.13.bb | 2 + > 2 files changed, 172 insertions(+) > create mode 100644 > meta/recipes-support/libcroco/libcroco/CVE-2020-12825.patch > > diff --git a/meta/recipes-support/libcroco/libcroco/CVE-2020-12825.patch > b/meta/recipes-support/libcroco/libcroco/CVE-2020-12825.patch > new file mode 100644 > index 00..cde0abd676 > --- /dev/null > +++ b/meta/recipes-support/libcroco/libcroco/CVE-2020-12825.patch > @@ -0,0 +1,170 @@ > +Subject: [PATCH] libcroco: Limit recursion in block and any productions > + > +Signed-off-by:Michael Catanzaro @mcatanzaro Thanks for this, the patch has no Upstream-Status set though? Could you resend with one please? Cheers, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#147057): https://lists.openembedded.org/g/openembedded-core/message/147057 Mute This Topic: https://lists.openembedded.org/mt/79998594/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] libcroco: CVE-2020-12825 Security Advisory
References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12825 Signed-off-by: Wang Mingyu --- .../libcroco/libcroco/CVE-2020-12825.patch| 170 ++ .../libcroco/libcroco_0.6.13.bb | 2 + 2 files changed, 172 insertions(+) create mode 100644 meta/recipes-support/libcroco/libcroco/CVE-2020-12825.patch diff --git a/meta/recipes-support/libcroco/libcroco/CVE-2020-12825.patch b/meta/recipes-support/libcroco/libcroco/CVE-2020-12825.patch new file mode 100644 index 00..cde0abd676 --- /dev/null +++ b/meta/recipes-support/libcroco/libcroco/CVE-2020-12825.patch @@ -0,0 +1,170 @@ +Subject: [PATCH] libcroco: Limit recursion in block and any productions + +Signed-off-by:Michael Catanzaro @mcatanzaro +--- + src/cr-parser.c | 42 +++--- + 1 file changed, 27 insertions(+), 15 deletions(-) + +diff --git a/src/cr-parser.c b/src/cr-parser.c +index 18c9a01..4e5b424 100644 +--- a/src/cr-parser.c b/src/cr-parser.c +@@ -136,6 +136,8 @@ struct _CRParserPriv { + + #define CHARS_TAB_SIZE 12 + ++#define RECURSIVE_CALLERS_LIMIT 100 ++ + /** + * IS_NUM: + *@a_char: the char to test. +@@ -344,9 +346,11 @@ static enum CRStatus cr_parser_parse_selector_core (CRParser * a_this); + + static enum CRStatus cr_parser_parse_declaration_core (CRParser * a_this); + +-static enum CRStatus cr_parser_parse_any_core (CRParser * a_this); ++static enum CRStatus cr_parser_parse_any_core (CRParser * a_this, ++ guint n_calls); + +-static enum CRStatus cr_parser_parse_block_core (CRParser * a_this); ++static enum CRStatus cr_parser_parse_block_core (CRParser * a_this, ++ guint n_calls); + + static enum CRStatus cr_parser_parse_value_core (CRParser * a_this); + +@@ -784,7 +788,7 @@ cr_parser_parse_atrule_core (CRParser * a_this) + cr_parser_try_to_skip_spaces_and_comments (a_this); + + do { +-status = cr_parser_parse_any_core (a_this); ++ status = cr_parser_parse_any_core (a_this, 0); + } while (status == CR_OK); + + status = cr_tknzr_get_next_token (PRIVATE (a_this)->tknzr, +@@ -795,7 +799,7 @@ cr_parser_parse_atrule_core (CRParser * a_this) + cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, + token); + token = NULL; +-status = cr_parser_parse_block_core (a_this); ++ status = cr_parser_parse_block_core (a_this, 0); + CHECK_PARSING_STATUS (status, + FALSE); + goto done; +@@ -930,11 +934,11 @@ cr_parser_parse_selector_core (CRParser * a_this) + + RECORD_INITIAL_POS (a_this, _pos); + +-status = cr_parser_parse_any_core (a_this); ++ status = cr_parser_parse_any_core (a_this, 0); + CHECK_PARSING_STATUS (status, FALSE); + + do { +-status = cr_parser_parse_any_core (a_this); ++ status = cr_parser_parse_any_core (a_this, 0); + + } while (status == CR_OK); + +@@ -959,7 +963,8 @@ cr_parser_parse_selector_core (CRParser * a_this) + *FIXME: code this function. + */ + static enum CRStatus +-cr_parser_parse_block_core (CRParser * a_this) ++cr_parser_parse_block_core (CRParser * a_this, ++guint n_calls) + { + CRToken *token = NULL; + CRInputPos init_pos; +@@ -967,6 +972,9 @@ cr_parser_parse_block_core (CRParser * a_this) + + g_return_val_if_fail (a_this && PRIVATE (a_this), CR_BAD_PARAM_ERROR); + ++ if (n_calls > RECURSIVE_CALLERS_LIMIT) ++return CR_ERROR; ++ + RECORD_INITIAL_POS (a_this, _pos); + + status = cr_tknzr_get_next_token (PRIVATE (a_this)->tknzr, ); +@@ -996,13 +1004,13 @@ cr_parser_parse_block_core (CRParser * a_this) + } else if (token->type == CBO_TK) { + cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, token); + token = NULL; +-status = cr_parser_parse_block_core (a_this); ++ status = cr_parser_parse_block_core (a_this, n_calls + 1); + CHECK_PARSING_STATUS (status, FALSE); + goto parse_block_content; + } else { + cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, token); + token = NULL; +-status = cr_parser_parse_any_core (a_this); ++ status = cr_parser_parse_any_core (a_this, n_calls + 1); + CHECK_PARSING_STATUS (status, FALSE); + goto parse_block_content; + } +@@ -1109,7 +1117,7 @@ cr_parser_parse_value_core (CRParser * a_this) + status = cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, +token); + token = NULL; +-status = cr_parser_parse_block_core