diff options
| author | tnn <tnn@pkgsrc.org> | 2016-05-10 09:20:52 +0000 |
|---|---|---|
| committer | tnn <tnn@pkgsrc.org> | 2016-05-10 09:20:52 +0000 |
| commit | 2e0d6f0d01b102896afe10b328938b42b213cc50 (patch) | |
| tree | 8f6dd6d47616262336de77dad3434ec98ae79b4c /devel | |
| parent | 0c68b7b497b35803182aaad5f557d193468081e0 (diff) | |
| download | pkgsrc-2e0d6f0d01b102896afe10b328938b42b213cc50.tar.gz | |
CVE-2015-8863 heap-based buffer overflow (via upstream)
Diffstat (limited to 'devel')
| -rw-r--r-- | devel/jq/Makefile | 3 | ||||
| -rw-r--r-- | devel/jq/distinfo | 3 | ||||
| -rw-r--r-- | devel/jq/patches/patch-src_jv__parse.c | 38 |
3 files changed, 42 insertions, 2 deletions
diff --git a/devel/jq/Makefile b/devel/jq/Makefile index 5d65a845dcd..b6695ac5039 100644 --- a/devel/jq/Makefile +++ b/devel/jq/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.6 2015/08/28 09:09:22 wiz Exp $ +# $NetBSD: Makefile,v 1.7 2016/05/10 09:20:52 tnn Exp $ DISTNAME= jq-1.5 +PKGREVISION= 1 CATEGORIES= devel MASTER_SITES= ${MASTER_SITE_GITHUB:=stedolan/} GITHUB_PROJECT= jq diff --git a/devel/jq/distinfo b/devel/jq/distinfo index d8a31837291..bdcad93c260 100644 --- a/devel/jq/distinfo +++ b/devel/jq/distinfo @@ -1,6 +1,7 @@ -$NetBSD: distinfo,v 1.6 2015/11/03 03:27:36 agc Exp $ +$NetBSD: distinfo,v 1.7 2016/05/10 09:20:52 tnn Exp $ SHA1 (jq-1.5.tar.gz) = 664638b560d9e734178e8cafb21d98817af5b5f3 RMD160 (jq-1.5.tar.gz) = 33ac77ac93e0539f6d66d29cd717013cdab8cf61 SHA512 (jq-1.5.tar.gz) = 3f9049321e8430b04dbccf81d7f2ab691b89383e91526eaf585bbeeb67698dea73a36b3aa179f6a95ef97cd73a8a9b6dc53cb1a5b0398b6422c11289b705de7b Size (jq-1.5.tar.gz) = 1118086 bytes +SHA1 (patch-src_jv__parse.c) = efca86e70daf27291a01bf538487b745b7bd600c diff --git a/devel/jq/patches/patch-src_jv__parse.c b/devel/jq/patches/patch-src_jv__parse.c new file mode 100644 index 00000000000..70a540e25b7 --- /dev/null +++ b/devel/jq/patches/patch-src_jv__parse.c @@ -0,0 +1,38 @@ +$NetBSD: patch-src_jv__parse.c,v 1.1 2016/05/10 09:20:52 tnn Exp $ + +CVE-2015-8863 + +From 8eb1367ca44e772963e704a700ef72ae2e12babd Mon Sep 17 00:00:00 2001 +From: Nicolas Williams <nico@cryptonector.com> +Date: Sat, 24 Oct 2015 17:24:57 -0500 +Subject: [PATCH] Heap buffer overflow in tokenadd() (fix #105) + +This was an off-by one: the NUL terminator byte was not allocated on +resize. This was triggered by JSON-encoded numbers longer than 256 +bytes. +--- + src/jv_parse.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/jv_parse.c b/src/jv_parse.c +index 3102ed4..84245b8 100644 +--- jv_parse.c ++++ jv_parse.c +@@ -383,7 +383,7 @@ static pfunc stream_token(struct jv_parser* p, char ch) { + + static void tokenadd(struct jv_parser* p, char c) { + assert(p->tokenpos <= p->tokenlen); +- if (p->tokenpos == p->tokenlen) { ++ if (p->tokenpos >= (p->tokenlen - 1)) { + p->tokenlen = p->tokenlen*2 + 256; + p->tokenbuf = jv_mem_realloc(p->tokenbuf, p->tokenlen); + } +@@ -485,7 +485,7 @@ static pfunc check_literal(struct jv_parser* p) { + TRY(value(p, v)); + } else { + // FIXME: better parser +- p->tokenbuf[p->tokenpos] = 0; // FIXME: invalid ++ p->tokenbuf[p->tokenpos] = 0; + char* end = 0; + double d = jvp_strtod(&p->dtoa, p->tokenbuf, &end); + if (end == 0 || *end != 0) |