git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commit

author	Junling Zheng <zhengjunling@huawei.com>
	Fri, 24 Apr 2015 05:58:59 +0000 (13:58 +0800)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Tue, 28 Apr 2015 06:56:56 +0000 (07:56 +0100)
commit	0a6e3a9d69359ad64467dc29d8665ee7f425fbf9
tree	46ab671be0dbfcbdf8f35ec1ba6b54a51ed3d770	tree
parent	b6288432bfe241141408bd46b68d57bca2b185ea	commit \| diff

less: fix CVE-2014-9488

An out of bounds read access in the UTF-8 decoding can be triggered with
a malformed file in the tool less. The access happens in the function
is_utf8_well_formed due to a truncated multibyte character in the sample
file.

The bug does not crash less, it can only be made visible by running less
with valgrind or compiling it with Address Sanitizer.

Version 475 of less contains a fix for this issue. The file version.c
contains some entry mentioning this issue (without any credit):

- v475 3/2/15 Fix possible buffer overrun with invalid UTF-8

The fix is in the file line.c. We derive this patch from:

https://blog.fuzzing-project.org/3-less-out-of-bounds-read-access-TFPA-0022014.html

Thank Claire Robinson for validating it on Mageia 4 i586. Refer to:

https://bugs.mageia.org/show_bug.cgi?id=15567

(From OE-Core rev: 68994284f3c059b737bfc5afc2600ebd09bdf47f)

Signed-off-by: Junling Zheng <zhengjunling@huawei.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

meta/recipes-extended/less/less/0001-Fix-possible-buffer-overrun-with-invalid-UTF-8.patch	[new file with mode: 0644]	blob
meta/recipes-extended/less/less_471.bb		diff \| blob \| blame \| history