kumquat-buildroot/package/patch/0001-Fix-segfault-with-mangled-rename-patch.patch
Baruch Siach 38d8d86d31 patch: security bump to version 2.7.6
Fixes CVE-2016-10713: Out-of-bounds access within pch_write_line() in
pch.c can possibly lead to DoS via a crafted input file.

Add upstream patch fixing CVE-2018-6951: There is a segmentation fault,
associated with a NULL pointer dereference, leading to a denial of
service in the intuit_diff_type function in pch.c, aka a "mangled
rename" issue.

This bump does NOT fix CVE-2018-6952. See upstream bug #53133
(https://savannah.gnu.org/bugs/index.php?53133).

Add license file hash.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-02-23 09:08:48 +01:00

34 lines
1.1 KiB
Diff

From f290f48a621867084884bfff87f8093c15195e6a Mon Sep 17 00:00:00 2001
From: Andreas Gruenbacher <agruen@gnu.org>
Date: Mon, 12 Feb 2018 16:48:24 +0100
Subject: [PATCH] Fix segfault with mangled rename patch
http://savannah.gnu.org/bugs/?53132
* src/pch.c (intuit_diff_type): Ensure that two filenames are specified
for renames and copies (fix the existing check).
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Patch status: upstream commit f290f48a6218
src/pch.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/pch.c b/src/pch.c
index ff9ed2cebb8a..bc6278c4032c 100644
--- a/src/pch.c
+++ b/src/pch.c
@@ -974,7 +974,8 @@ intuit_diff_type (bool need_header, mode_t *p_file_type)
if ((pch_rename () || pch_copy ())
&& ! inname
&& ! ((i == OLD || i == NEW) &&
- p_name[! reverse] &&
+ p_name[reverse] && p_name[! reverse] &&
+ name_is_valid (p_name[reverse]) &&
name_is_valid (p_name[! reverse])))
{
say ("Cannot %s file without two valid file names\n", pch_rename () ? "rename" : "copy");
--
2.16.1