subject:"\[OE\-core\] \[PATCH 2\/4\] glibc\: CVE\-2015\-8779"

[OE-core] [PATCH 2/4] glibc: CVE-2015-8779

2016-01-25 Thread Armin Kuster

From: Armin Kuster 

Signed-off-by: Armin Kuster 
---
 meta/recipes-core/glibc/glibc/CVE-2015-8779.patch | 282 ++
 meta/recipes-core/glibc/glibc_2.21.bb |   1 +
 2 files changed, 283 insertions(+)
 create mode 100644 meta/recipes-core/glibc/glibc/CVE-2015-8779.patch

diff --git a/meta/recipes-core/glibc/glibc/CVE-2015-8779.patch 
b/meta/recipes-core/glibc/glibc/CVE-2015-8779.patch
new file mode 100644
index 000..78268c3
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2015-8779.patch
@@ -0,0 +1,282 @@
+From fb410c22544dfd6cc82f59523ac9824d0325 Mon Sep 17 00:00:00 2001
+From: Armin Kuster 
+Date: Fri, 22 Jan 2016 20:19:24 -0800
+Subject: [PATCH 2/4] glibc: CVE-2015-8779
+
+A stack overflow vulnerability in the catopen function was found, causing
+applications which pass long strings to the catopen function to crash or,
+potentially execute arbitrary code.
+
+Signed-off-by: Armin Kuster 
+---
+ meta/recipes-core/glibc/glibc/CVE-2015-8779.patch | 262 ++
+ 2 files changed, 263 insertions(+)
+ create mode 100644 meta/recipes-core/glibc/glibc/CVE-2015-8779.patch
+
+Index: git/meta/recipes-core/glibc/glibc/CVE-2015-8779.patch
+===
+--- /dev/null
 git/meta/recipes-core/glibc/glibc/CVE-2015-8779.patch
+@@ -0,0 +1,262 @@
++From 0f58539030e436449f79189b6edab17d7479796e Mon Sep 17 00:00:00 2001
++From: Paul Pluzhnikov 
++Date: Sat, 8 Aug 2015 15:53:03 -0700
++Subject: [PATCH] Fix BZ #17905
++
++Upstream-Status: Backport
++CVE: CVE-2015-8779
++[Yocto # 8980]
++
++https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=0f58539030e436449f79189b6edab17d7479796e
++
++Signed-off-by: Armin Kuster 
++
++---
++ ChangeLog  |  8 
++ NEWS   |  2 +-
++ catgets/Makefile   |  9 -
++ catgets/catgets.c  | 19 ---
++ catgets/open_catalog.c | 23 ++-
++ catgets/tst-catgets.c  | 31 +++
++ 6 files changed, 74 insertions(+), 18 deletions(-)
++
++Index: git/catgets/Makefile
++===
++--- git.orig/catgets/Makefile
+ git/catgets/Makefile
++@@ -37,6 +37,7 @@ ifeq (y,$(OPTION_EGLIBC_CATGETS))
++ ifeq ($(run-built-tests),yes)
++ tests-special += $(objpfx)de/libc.cat $(objpfx)test1.cat $(objpfx)test2.cat \
++   $(objpfx)sample.SJIS.cat $(objpfx)test-gencat.out
+++tests-special += $(objpfx)tst-catgets-mem.out
++ endif
++ endif
++ gencat-modules   = xmalloc
++@@ -53,9 +54,11 @@ catgets-CPPFLAGS := -DNLSPATH='"$(msgcat
++
++ generated += de.msg test1.cat test1.h test2.cat test2.h sample.SJIS.cat \
++   test-gencat.h
+++generated += tst-catgets.mtrace tst-catgets-mem.out
+++
++ generated-dirs += de
++
++-tst-catgets-ENV = NLSPATH="$(objpfx)%l/%N.cat" LANG=de
+++tst-catgets-ENV = NLSPATH="$(objpfx)%l/%N.cat" LANG=de 
MALLOC_TRACE=$(objpfx)tst-catgets.mtrace
++
++ ifeq ($(run-built-tests),yes)
++ # This test just checks whether the program produces any error or not.
++@@ -89,4 +92,8 @@ $(objpfx)test-gencat.out: test-gencat.sh
++ $(objpfx)sample.SJIS.cat: sample.SJIS $(objpfx)gencat
++  $(built-program-cmd) -H $(objpfx)test-gencat.h < $(word 1,$^) > $@; \
++  $(evaluate-test)
+++
+++$(objpfx)tst-catgets-mem.out: $(objpfx)tst-catgets.out
+++ $(common-objpfx)malloc/mtrace $(objpfx)tst-catgets.mtrace > $@; \
+++ $(evaluate-test)
++ endif
++Index: git/catgets/catgets.c
++===
++--- git.orig/catgets/catgets.c
+ git/catgets/catgets.c
++@@ -16,7 +16,6 @@
++License along with the GNU C Library; if not, see
++.  */
++
++-#include 
++ #include 
++ #include 
++ #include 
++@@ -35,6 +34,7 @@ catopen (const char *cat_name, int flag)
++   __nl_catd result;
++   const char *env_var = NULL;
++   const char *nlspath = NULL;
+++  char *tmp = NULL;
++
++   if (strchr (cat_name, '/') == NULL)
++ {
++@@ -54,7 +54,10 @@ catopen (const char *cat_name, int flag)
++  {
++/* Append the system dependent directory.  */
++size_t len = strlen (nlspath) + 1 + sizeof NLSPATH;
++-   char *tmp = alloca (len);
+++   tmp = malloc (len);
+++
+++   if (__glibc_unlikely (tmp == NULL))
+++ return (nl_catd) -1;
++
++__stpcpy (__stpcpy (__stpcpy (tmp, nlspath), ":"), NLSPATH);
++nlspath = tmp;
++@@ -65,16 +68,18 @@ catopen (const char *cat_name, int flag)
++
++   result = (__nl_catd) malloc (sizeof (*result));
++   if (result == NULL)
++-/* We cannot get enough memory.  */
++-return (nl_catd) -1;
++-
++-  if (__open_catalog (cat_name, nlspath, env_var, result) != 0)
+++{
+++  /* We cannot get enough memory.  */
+++  result = (nl_catd) -1;
+++}

[OE-core] [PATCH 2/4] glibc: CVE-2015-8779

2016-01-25 Thread Armin Kuster

From: Armin Kuster 

A stack overflow vulnerability in the catopen function was found, causing
applications which pass long strings to the catopen function to crash or,
potentially execute arbitrary code.

Signed-off-by: Armin Kuster 
---
 meta/recipes-core/glibc/glibc/CVE-2015-8779.patch | 262 ++
 meta/recipes-core/glibc/glibc_2.22.bb |   1 +
 2 files changed, 263 insertions(+)
 create mode 100644 meta/recipes-core/glibc/glibc/CVE-2015-8779.patch

diff --git a/meta/recipes-core/glibc/glibc/CVE-2015-8779.patch 
b/meta/recipes-core/glibc/glibc/CVE-2015-8779.patch
new file mode 100644
index 000..4dc93c7
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2015-8779.patch
@@ -0,0 +1,262 @@
+From 0f58539030e436449f79189b6edab17d7479796e Mon Sep 17 00:00:00 2001
+From: Paul Pluzhnikov 
+Date: Sat, 8 Aug 2015 15:53:03 -0700
+Subject: [PATCH] Fix BZ #17905
+
+Upstream-Status: Backport
+CVE: CVE-2015-8779
+[Yocto # 8980]
+
+https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=0f58539030e436449f79189b6edab17d7479796e
+
+Signed-off-by: Armin Kuster 
+
+---
+ ChangeLog  |  8 
+ NEWS   |  2 +-
+ catgets/Makefile   |  9 -
+ catgets/catgets.c  | 19 ---
+ catgets/open_catalog.c | 23 ++-
+ catgets/tst-catgets.c  | 31 +++
+ 6 files changed, 74 insertions(+), 18 deletions(-)
+
+Index: git/catgets/Makefile
+===
+--- git.orig/catgets/Makefile
 git/catgets/Makefile
+@@ -37,6 +37,7 @@ ifeq (y,$(OPTION_EGLIBC_CATGETS))
+ ifeq ($(run-built-tests),yes)
+ tests-special += $(objpfx)de/libc.cat $(objpfx)test1.cat $(objpfx)test2.cat \
+$(objpfx)sample.SJIS.cat $(objpfx)test-gencat.out
++tests-special += $(objpfx)tst-catgets-mem.out
+ endif
+ endif
+ gencat-modules= xmalloc
+@@ -53,9 +54,11 @@ catgets-CPPFLAGS := -DNLSPATH='"$(msgcat
+ 
+ generated += de.msg test1.cat test1.h test2.cat test2.h sample.SJIS.cat \
+test-gencat.h
++generated += tst-catgets.mtrace tst-catgets-mem.out
++
+ generated-dirs += de
+ 
+-tst-catgets-ENV = NLSPATH="$(objpfx)%l/%N.cat" LANG=de
++tst-catgets-ENV = NLSPATH="$(objpfx)%l/%N.cat" LANG=de 
MALLOC_TRACE=$(objpfx)tst-catgets.mtrace
+ 
+ ifeq ($(run-built-tests),yes)
+ # This test just checks whether the program produces any error or not.
+@@ -89,4 +92,8 @@ $(objpfx)test-gencat.out: test-gencat.sh
+ $(objpfx)sample.SJIS.cat: sample.SJIS $(objpfx)gencat
+   $(built-program-cmd) -H $(objpfx)test-gencat.h < $(word 1,$^) > $@; \
+   $(evaluate-test)
++
++$(objpfx)tst-catgets-mem.out: $(objpfx)tst-catgets.out
++  $(common-objpfx)malloc/mtrace $(objpfx)tst-catgets.mtrace > $@; \
++  $(evaluate-test)
+ endif
+Index: git/catgets/catgets.c
+===
+--- git.orig/catgets/catgets.c
 git/catgets/catgets.c
+@@ -16,7 +16,6 @@
+License along with the GNU C Library; if not, see
+.  */
+ 
+-#include 
+ #include 
+ #include 
+ #include 
+@@ -35,6 +34,7 @@ catopen (const char *cat_name, int flag)
+   __nl_catd result;
+   const char *env_var = NULL;
+   const char *nlspath = NULL;
++  char *tmp = NULL;
+ 
+   if (strchr (cat_name, '/') == NULL)
+ {
+@@ -54,7 +54,10 @@ catopen (const char *cat_name, int flag)
+   {
+ /* Append the system dependent directory.  */
+ size_t len = strlen (nlspath) + 1 + sizeof NLSPATH;
+-char *tmp = alloca (len);
++tmp = malloc (len);
++
++if (__glibc_unlikely (tmp == NULL))
++  return (nl_catd) -1;
+ 
+ __stpcpy (__stpcpy (__stpcpy (tmp, nlspath), ":"), NLSPATH);
+ nlspath = tmp;
+@@ -65,16 +68,18 @@ catopen (const char *cat_name, int flag)
+ 
+   result = (__nl_catd) malloc (sizeof (*result));
+   if (result == NULL)
+-/* We cannot get enough memory.  */
+-return (nl_catd) -1;
+-
+-  if (__open_catalog (cat_name, nlspath, env_var, result) != 0)
++{
++  /* We cannot get enough memory.  */
++  result = (nl_catd) -1;
++}
++  else if (__open_catalog (cat_name, nlspath, env_var, result) != 0)
+ {
+   /* Couldn't open the file.  */
+   free ((void *) result);
+-  return (nl_catd) -1;
++  result = (nl_catd) -1;
+ }
+ 
++  free (tmp);
+   return (nl_catd) result;
+ }
+ 
+Index: git/catgets/open_catalog.c
+===
+--- git.orig/catgets/open_catalog.c
 git/catgets/open_catalog.c
+@@ -47,6 +47,7 @@ __open_catalog (const char *cat_name, co
+   size_t tab_size;
+   const char *lastp;
+   int result = -1;
++  char *buf = NULL;
+ 
+   if (strchr (cat_name, '/') != NULL || nlspath == NULL)
+ fd = open_not_cancel_2 (cat_name, O_RDONLY);
+@@ -57,23 +58,23 @@ __open_catalog (const

[OE-core] [PATCH 2/4] glibc: CVE-2015-8779

[OE-core] [PATCH 2/4] glibc: CVE-2015-8779

2 matches

Site Navigation

Mail list logo

Footer information