subject:"\[OE\-core\] \[poky\]\[dunfell\]\[PATCH\] libcroco\: Added CVE\-2020\-12825"

Re: [OE-core] [poky][dunfell][PATCH] libcroco: Added CVE-2020-12825

2021-02-05 Thread Steve Sakoman

On Fri, Feb 5, 2021 at 3:01 AM saloni  wrote:
>
> Added below CVE:
> CVE-2020-12825
> Link: CVE-2020-12825 
> [https://gitlab.gnome.org/Archive/libcroco/-/commit/6eb257e5c731c691eb137fca94e916ca73941a5a]
> Link: https://gitlab.gnome.org/Archive/libcroco/-/issues/8
>
> Signed-off-by: Saloni Jain 
> ---
>  .../libcroco/files/CVE-2020-12825.patch| 193 
> +
>  meta/recipes-support/libcroco/libcroco_0.6.13.bb   |   3 +
>  2 files changed, 196 insertions(+)
>  create mode 100644 meta/recipes-support/libcroco/files/CVE-2020-12825.patch
>
> diff --git a/meta/recipes-support/libcroco/files/CVE-2020-12825.patch 
> b/meta/recipes-support/libcroco/files/CVE-2020-12825.patch
> new file mode 100644
> index 000..966b812
> --- /dev/null
> +++ b/meta/recipes-support/libcroco/files/CVE-2020-12825.patch
> @@ -0,0 +1,193 @@
> +From 6eb257e5c731c691eb137fca94e916ca73941a5a Mon Sep 17 00:00:00 2001
> +From: Michael Catanzaro 
> +Date: Fri, 31 Jul 2020 15:21:53 -0500
> +Subject: [PATCH] libcroco: Limit recursion in block and any productions
> + (CVE-2020-12825)
> +
> +If we don't have any limits, we can recurse forever and overflow the
> +stack.
> +
> +Fixes #8
> +This is per https://gitlab.gnome.org/Archive/libcroco/-/issues/8
> +
> +https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1404
> +
> +CVE: CVE-2020-12825
> +Upstream-Status: Backport 
> [https://gitlab.gnome.org/Archive/libcroco/-/commit/6eb257e5c731c691eb137fca94e916ca73941a5a]
> +Comment: No changes done.
> +Signed-off-by: Saloni Jain 
> +---
> + src/cr-parser.c | 44 +---
> + 1 file changed, 29 insertions(+), 15 deletions(-)
> +
> +diff --git a/src/cr-parser.c b/src/cr-parser.c
> +index 18c9a01..f4a62e3 100644
> +--- a/src/cr-parser.c
>  b/src/cr-parser.c
> +@@ -136,6 +136,8 @@ struct _CRParserPriv {
> +
> + #define CHARS_TAB_SIZE 12
> +
> ++#define RECURSIVE_CALLERS_LIMIT 100
> ++
> + /**
> +  * IS_NUM:
> +  *@a_char: the char to test.
> +@@ -344,9 +346,11 @@ static enum CRStatus cr_parser_parse_selector_core 
> (CRParser * a_this);
> +
> + static enum CRStatus cr_parser_parse_declaration_core (CRParser * a_this);
> +
> +-static enum CRStatus cr_parser_parse_any_core (CRParser * a_this);
> ++static enum CRStatus cr_parser_parse_any_core (CRParser * a_this,
> ++   guint  n_calls);
> +
> +-static enum CRStatus cr_parser_parse_block_core (CRParser * a_this);
> ++static enum CRStatus cr_parser_parse_block_core (CRParser * a_this,
> ++ guint  n_calls);
> +
> + static enum CRStatus cr_parser_parse_value_core (CRParser * a_this);
> +
> +@@ -784,7 +788,7 @@ cr_parser_parse_atrule_core (CRParser * a_this)
> + cr_parser_try_to_skip_spaces_and_comments (a_this);
> +
> + do {
> +-status = cr_parser_parse_any_core (a_this);
> ++status = cr_parser_parse_any_core (a_this, 0);
> + } while (status == CR_OK);
> +
> + status = cr_tknzr_get_next_token (PRIVATE (a_this)->tknzr,
> +@@ -795,7 +799,7 @@ cr_parser_parse_atrule_core (CRParser * a_this)
> + cr_tknzr_unget_token (PRIVATE (a_this)->tknzr,
> +   token);
> + token = NULL;
> +-status = cr_parser_parse_block_core (a_this);
> ++status = cr_parser_parse_block_core (a_this, 0);
> + CHECK_PARSING_STATUS (status,
> +   FALSE);
> + goto done;
> +@@ -930,11 +934,11 @@ cr_parser_parse_selector_core (CRParser * a_this)
> +
> + RECORD_INITIAL_POS (a_this, _pos);
> +
> +-status = cr_parser_parse_any_core (a_this);
> ++status = cr_parser_parse_any_core (a_this, 0);
> + CHECK_PARSING_STATUS (status, FALSE);
> +
> + do {
> +-status = cr_parser_parse_any_core (a_this);
> ++status = cr_parser_parse_any_core (a_this, 0);
> +
> + } while (status == CR_OK);
> +
> +@@ -956,10 +960,12 @@ cr_parser_parse_selector_core (CRParser * a_this)
> +  *in chapter 4.1 of the css2 spec.
> +  *block ::= '{' S* [ any | block | ATKEYWORD S* | ';' ]* '}' S*;
> +  *@param a_this the current instance of #CRParser.
> ++ *@param n_calls used to limit recursion depth
> +  *FIXME: code this function.
> +  */
> + static enum CRStatus
> +-cr_parser_parse_block_core (CRParser * a_this)
> ++cr_parser_parse_block_core (CRParser * a_this,
> ++guint  n_calls)
> + {
> + CRToken *token = NULL;
> + CRInputPos init_pos;
> +@@ -967,6 +973,9 @@ cr_parser_parse_block_core (CRParser * a_this)
> +
> + g_return_val_if_fail (a_this && PRIVATE (a_this), 
> CR_BAD_PARAM_ERROR);
> +
> ++if (n_calls > RECURSIVE_CALLERS_LIMIT)
> ++return CR_ERROR;
> ++
> + RECORD_INITIAL_POS (a_this, _pos);
> +
> + status =

[OE-core] [poky][dunfell][PATCH] libcroco: Added CVE-2020-12825

2021-02-05 Thread saloni

Added below CVE:
CVE-2020-12825
Link: CVE-2020-12825 
[https://gitlab.gnome.org/Archive/libcroco/-/commit/6eb257e5c731c691eb137fca94e916ca73941a5a]
Link: https://gitlab.gnome.org/Archive/libcroco/-/issues/8

Signed-off-by: Saloni Jain 
---
 .../libcroco/files/CVE-2020-12825.patch| 193 +
 meta/recipes-support/libcroco/libcroco_0.6.13.bb   |   3 +
 2 files changed, 196 insertions(+)
 create mode 100644 meta/recipes-support/libcroco/files/CVE-2020-12825.patch

diff --git a/meta/recipes-support/libcroco/files/CVE-2020-12825.patch 
b/meta/recipes-support/libcroco/files/CVE-2020-12825.patch
new file mode 100644
index 000..966b812
--- /dev/null
+++ b/meta/recipes-support/libcroco/files/CVE-2020-12825.patch
@@ -0,0 +1,193 @@
+From 6eb257e5c731c691eb137fca94e916ca73941a5a Mon Sep 17 00:00:00 2001
+From: Michael Catanzaro 
+Date: Fri, 31 Jul 2020 15:21:53 -0500
+Subject: [PATCH] libcroco: Limit recursion in block and any productions
+ (CVE-2020-12825)
+
+If we don't have any limits, we can recurse forever and overflow the
+stack.
+
+Fixes #8
+This is per https://gitlab.gnome.org/Archive/libcroco/-/issues/8
+
+https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1404
+
+CVE: CVE-2020-12825
+Upstream-Status: Backport 
[https://gitlab.gnome.org/Archive/libcroco/-/commit/6eb257e5c731c691eb137fca94e916ca73941a5a]
+Comment: No changes done.
+Signed-off-by: Saloni Jain 
+---
+ src/cr-parser.c | 44 +---
+ 1 file changed, 29 insertions(+), 15 deletions(-)
+
+diff --git a/src/cr-parser.c b/src/cr-parser.c
+index 18c9a01..f4a62e3 100644
+--- a/src/cr-parser.c
 b/src/cr-parser.c
+@@ -136,6 +136,8 @@ struct _CRParserPriv {
+
+ #define CHARS_TAB_SIZE 12
+
++#define RECURSIVE_CALLERS_LIMIT 100
++
+ /**
+  * IS_NUM:
+  *@a_char: the char to test.
+@@ -344,9 +346,11 @@ static enum CRStatus cr_parser_parse_selector_core 
(CRParser * a_this);
+
+ static enum CRStatus cr_parser_parse_declaration_core (CRParser * a_this);
+
+-static enum CRStatus cr_parser_parse_any_core (CRParser * a_this);
++static enum CRStatus cr_parser_parse_any_core (CRParser * a_this,
++   guint  n_calls);
+
+-static enum CRStatus cr_parser_parse_block_core (CRParser * a_this);
++static enum CRStatus cr_parser_parse_block_core (CRParser * a_this,
++ guint  n_calls);
+
+ static enum CRStatus cr_parser_parse_value_core (CRParser * a_this);
+
+@@ -784,7 +788,7 @@ cr_parser_parse_atrule_core (CRParser * a_this)
+ cr_parser_try_to_skip_spaces_and_comments (a_this);
+
+ do {
+-status = cr_parser_parse_any_core (a_this);
++status = cr_parser_parse_any_core (a_this, 0);
+ } while (status == CR_OK);
+
+ status = cr_tknzr_get_next_token (PRIVATE (a_this)->tknzr,
+@@ -795,7 +799,7 @@ cr_parser_parse_atrule_core (CRParser * a_this)
+ cr_tknzr_unget_token (PRIVATE (a_this)->tknzr,
+   token);
+ token = NULL;
+-status = cr_parser_parse_block_core (a_this);
++status = cr_parser_parse_block_core (a_this, 0);
+ CHECK_PARSING_STATUS (status,
+   FALSE);
+ goto done;
+@@ -930,11 +934,11 @@ cr_parser_parse_selector_core (CRParser * a_this)
+
+ RECORD_INITIAL_POS (a_this, _pos);
+
+-status = cr_parser_parse_any_core (a_this);
++status = cr_parser_parse_any_core (a_this, 0);
+ CHECK_PARSING_STATUS (status, FALSE);
+
+ do {
+-status = cr_parser_parse_any_core (a_this);
++status = cr_parser_parse_any_core (a_this, 0);
+
+ } while (status == CR_OK);
+
+@@ -956,10 +960,12 @@ cr_parser_parse_selector_core (CRParser * a_this)
+  *in chapter 4.1 of the css2 spec.
+  *block ::= '{' S* [ any | block | ATKEYWORD S* | ';' ]* '}' S*;
+  *@param a_this the current instance of #CRParser.
++ *@param n_calls used to limit recursion depth
+  *FIXME: code this function.
+  */
+ static enum CRStatus
+-cr_parser_parse_block_core (CRParser * a_this)
++cr_parser_parse_block_core (CRParser * a_this,
++guint  n_calls)
+ {
+ CRToken *token = NULL;
+ CRInputPos init_pos;
+@@ -967,6 +973,9 @@ cr_parser_parse_block_core (CRParser * a_this)
+
+ g_return_val_if_fail (a_this && PRIVATE (a_this), CR_BAD_PARAM_ERROR);
+
++if (n_calls > RECURSIVE_CALLERS_LIMIT)
++return CR_ERROR;
++
+ RECORD_INITIAL_POS (a_this, _pos);
+
+ status = cr_tknzr_get_next_token (PRIVATE (a_this)->tknzr, );
+@@ -996,13 +1005,13 @@ cr_parser_parse_block_core (CRParser * a_this)
+ } else if (token->type == CBO_TK) {
+ cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, token);
+ token = NULL;
+-status =

Re: [OE-core] [poky][dunfell][PATCH] libcroco: Added CVE-2020-12825

[OE-core] [poky][dunfell][PATCH] libcroco: Added CVE-2020-12825

2 matches

Site Navigation

Mail list logo

Footer information