projects / buildroot.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a660373)
busybox: add security patch for CVE-2014-4607
authorGustavo Zacarias <gustavo@zacarias.com.ar>
Mon, 30 Jun 2014 12:59:08 +0000 (09:59 -0300)
committerPeter Korsgaard <peter@korsgaard.com>
Mon, 30 Jun 2014 21:34:43 +0000 (23:34 +0200)
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/busybox/1.19.4/0001-lzop-add-overflow-check.patch [new file with mode: 0644] patch | blob
package/busybox/1.20.2/0001-lzop-add-overflow-check.patch [new file with mode: 0644] patch | blob
package/busybox/1.21.1/0004-lzop-add-overflow-check.patch [new file with mode: 0644] patch | blob
package/busybox/1.22.1/0006-lzop-add-overflow-check.patch [new file with mode: 0644] patch | blob

diff --git a/package/busybox/1.19.4/0001-lzop-add-overflow-check.patch b/package/busybox/1.19.4/0001-lzop-add-overflow-check.patch
new file mode 100644 (file)
index 0000000..d3f6c67
--- /dev/null
+++ b/package/busybox/1.19.4/0001-lzop-add-overflow-check.patch
@@ -0,0 +1,66 @@
+From a9dc7c2f59dc5e92870d2d46316ea5c1f14740e3 Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko <vda.linux@googlemail.com>
+Date: Mon, 30 Jun 2014 10:14:34 +0200
+Subject: [PATCH] lzop: add overflow check
+
+See CVE-2014-4607
+http://www.openwall.com/lists/oss-security/2014/06/26/20
+
+function                                             old     new   delta
+lzo1x_decompress_safe                               1010    1031     +21
+
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+---
+ archival/libarchive/liblzo.h  | 2 ++
+ archival/libarchive/lzo1x_d.c | 3 +++
+ 2 files changed, 5 insertions(+)
+
+diff --git a/archival/libarchive/liblzo.h b/archival/libarchive/liblzo.h
+index 843997c..4596620 100644
+--- a/archival/libarchive/liblzo.h
++++ b/archival/libarchive/liblzo.h
+@@ -76,11 +76,13 @@
+ #    define TEST_IP             (ip < ip_end)
+ #    define NEED_IP(x) \
+             if ((unsigned)(ip_end - ip) < (unsigned)(x))  goto input_overrun
++#    define TEST_IV(x)          if ((x) > (unsigned)0 - (511)) goto input_overrun
+ #    undef TEST_OP              /* don't need both of the tests here */
+ #    define TEST_OP             1
+ #    define NEED_OP(x) \
+             if ((unsigned)(op_end - op) < (unsigned)(x))  goto output_overrun
++#    define TEST_OV(x)          if ((x) > (unsigned)0 - (511)) goto output_overrun
+ #define HAVE_ANY_OP 1
+diff --git a/archival/libarchive/lzo1x_d.c b/archival/libarchive/lzo1x_d.c
+index 9bc1270..40b167e 100644
+--- a/archival/libarchive/lzo1x_d.c
++++ b/archival/libarchive/lzo1x_d.c
+@@ -92,6 +92,7 @@ int lzo1x_decompress_safe(const uint8_t* in, unsigned in_len,
+                               ip++;
+                               NEED_IP(1);
+                       }
++                      TEST_IV(t);
+                       t += 15 + *ip++;
+               }
+               /* copy literals */
+@@ -224,6 +225,7 @@ int lzo1x_decompress_safe(const uint8_t* in, unsigned in_len,
+                                               ip++;
+                                               NEED_IP(1);
+                                       }
++                                      TEST_IV(t);
+                                       t += 31 + *ip++;
+                               }
+ #if defined(COPY_DICT)
+@@ -265,6 +267,7 @@ int lzo1x_decompress_safe(const uint8_t* in, unsigned in_len,
+                                               ip++;
+                                               NEED_IP(1);
+                                       }
++                                      TEST_IV(t);
+                                       t += 7 + *ip++;
+                               }
+ #if defined(COPY_DICT)
+-- 
+1.8.5.5
+
diff --git a/package/busybox/1.20.2/0001-lzop-add-overflow-check.patch b/package/busybox/1.20.2/0001-lzop-add-overflow-check.patch
new file mode 100644 (file)
index 0000000..d3f6c67
--- /dev/null
+++ b/package/busybox/1.20.2/0001-lzop-add-overflow-check.patch
@@ -0,0 +1,66 @@
+From a9dc7c2f59dc5e92870d2d46316ea5c1f14740e3 Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko <vda.linux@googlemail.com>
+Date: Mon, 30 Jun 2014 10:14:34 +0200
+Subject: [PATCH] lzop: add overflow check
+
+See CVE-2014-4607
+http://www.openwall.com/lists/oss-security/2014/06/26/20
+
+function                                             old     new   delta
+lzo1x_decompress_safe                               1010    1031     +21
+
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+---
+ archival/libarchive/liblzo.h  | 2 ++
+ archival/libarchive/lzo1x_d.c | 3 +++
+ 2 files changed, 5 insertions(+)
+
+diff --git a/archival/libarchive/liblzo.h b/archival/libarchive/liblzo.h
+index 843997c..4596620 100644
+--- a/archival/libarchive/liblzo.h
++++ b/archival/libarchive/liblzo.h
+@@ -76,11 +76,13 @@
+ #    define TEST_IP             (ip < ip_end)
+ #    define NEED_IP(x) \
+             if ((unsigned)(ip_end - ip) < (unsigned)(x))  goto input_overrun
++#    define TEST_IV(x)          if ((x) > (unsigned)0 - (511)) goto input_overrun
+ #    undef TEST_OP              /* don't need both of the tests here */
+ #    define TEST_OP             1
+ #    define NEED_OP(x) \
+             if ((unsigned)(op_end - op) < (unsigned)(x))  goto output_overrun
++#    define TEST_OV(x)          if ((x) > (unsigned)0 - (511)) goto output_overrun
+ #define HAVE_ANY_OP 1
+diff --git a/archival/libarchive/lzo1x_d.c b/archival/libarchive/lzo1x_d.c
+index 9bc1270..40b167e 100644
+--- a/archival/libarchive/lzo1x_d.c
++++ b/archival/libarchive/lzo1x_d.c
+@@ -92,6 +92,7 @@ int lzo1x_decompress_safe(const uint8_t* in, unsigned in_len,
+                               ip++;
+                               NEED_IP(1);
+                       }
++                      TEST_IV(t);
+                       t += 15 + *ip++;
+               }
+               /* copy literals */
+@@ -224,6 +225,7 @@ int lzo1x_decompress_safe(const uint8_t* in, unsigned in_len,
+                                               ip++;
+                                               NEED_IP(1);
+                                       }
++                                      TEST_IV(t);
+                                       t += 31 + *ip++;
+                               }
+ #if defined(COPY_DICT)
+@@ -265,6 +267,7 @@ int lzo1x_decompress_safe(const uint8_t* in, unsigned in_len,
+                                               ip++;
+                                               NEED_IP(1);
+                                       }
++                                      TEST_IV(t);
+                                       t += 7 + *ip++;
+                               }
+ #if defined(COPY_DICT)
+-- 
+1.8.5.5
+
diff --git a/package/busybox/1.21.1/0004-lzop-add-overflow-check.patch b/package/busybox/1.21.1/0004-lzop-add-overflow-check.patch
new file mode 100644 (file)
index 0000000..d3f6c67
--- /dev/null
+++ b/package/busybox/1.21.1/0004-lzop-add-overflow-check.patch
@@ -0,0 +1,66 @@
+From a9dc7c2f59dc5e92870d2d46316ea5c1f14740e3 Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko <vda.linux@googlemail.com>
+Date: Mon, 30 Jun 2014 10:14:34 +0200
+Subject: [PATCH] lzop: add overflow check
+
+See CVE-2014-4607
+http://www.openwall.com/lists/oss-security/2014/06/26/20
+
+function                                             old     new   delta
+lzo1x_decompress_safe                               1010    1031     +21
+
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+---
+ archival/libarchive/liblzo.h  | 2 ++
+ archival/libarchive/lzo1x_d.c | 3 +++
+ 2 files changed, 5 insertions(+)
+
+diff --git a/archival/libarchive/liblzo.h b/archival/libarchive/liblzo.h
+index 843997c..4596620 100644
+--- a/archival/libarchive/liblzo.h
++++ b/archival/libarchive/liblzo.h
+@@ -76,11 +76,13 @@
+ #    define TEST_IP             (ip < ip_end)
+ #    define NEED_IP(x) \
+             if ((unsigned)(ip_end - ip) < (unsigned)(x))  goto input_overrun
++#    define TEST_IV(x)          if ((x) > (unsigned)0 - (511)) goto input_overrun
+ #    undef TEST_OP              /* don't need both of the tests here */
+ #    define TEST_OP             1
+ #    define NEED_OP(x) \
+             if ((unsigned)(op_end - op) < (unsigned)(x))  goto output_overrun
++#    define TEST_OV(x)          if ((x) > (unsigned)0 - (511)) goto output_overrun
+ #define HAVE_ANY_OP 1
+diff --git a/archival/libarchive/lzo1x_d.c b/archival/libarchive/lzo1x_d.c
+index 9bc1270..40b167e 100644
+--- a/archival/libarchive/lzo1x_d.c
++++ b/archival/libarchive/lzo1x_d.c
+@@ -92,6 +92,7 @@ int lzo1x_decompress_safe(const uint8_t* in, unsigned in_len,
+                               ip++;
+                               NEED_IP(1);
+                       }
++                      TEST_IV(t);
+                       t += 15 + *ip++;
+               }
+               /* copy literals */
+@@ -224,6 +225,7 @@ int lzo1x_decompress_safe(const uint8_t* in, unsigned in_len,
+                                               ip++;
+                                               NEED_IP(1);
+                                       }
++                                      TEST_IV(t);
+                                       t += 31 + *ip++;
+                               }
+ #if defined(COPY_DICT)
+@@ -265,6 +267,7 @@ int lzo1x_decompress_safe(const uint8_t* in, unsigned in_len,
+                                               ip++;
+                                               NEED_IP(1);
+                                       }
++                                      TEST_IV(t);
+                                       t += 7 + *ip++;
+                               }
+ #if defined(COPY_DICT)
+-- 
+1.8.5.5
+
diff --git a/package/busybox/1.22.1/0006-lzop-add-overflow-check.patch b/package/busybox/1.22.1/0006-lzop-add-overflow-check.patch
new file mode 100644 (file)
index 0000000..d3f6c67
--- /dev/null
+++ b/package/busybox/1.22.1/0006-lzop-add-overflow-check.patch
@@ -0,0 +1,66 @@
+From a9dc7c2f59dc5e92870d2d46316ea5c1f14740e3 Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko <vda.linux@googlemail.com>
+Date: Mon, 30 Jun 2014 10:14:34 +0200
+Subject: [PATCH] lzop: add overflow check
+
+See CVE-2014-4607
+http://www.openwall.com/lists/oss-security/2014/06/26/20
+
+function                                             old     new   delta
+lzo1x_decompress_safe                               1010    1031     +21
+
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+---
+ archival/libarchive/liblzo.h  | 2 ++
+ archival/libarchive/lzo1x_d.c | 3 +++
+ 2 files changed, 5 insertions(+)
+
+diff --git a/archival/libarchive/liblzo.h b/archival/libarchive/liblzo.h
+index 843997c..4596620 100644
+--- a/archival/libarchive/liblzo.h
++++ b/archival/libarchive/liblzo.h
+@@ -76,11 +76,13 @@
+ #    define TEST_IP             (ip < ip_end)
+ #    define NEED_IP(x) \
+             if ((unsigned)(ip_end - ip) < (unsigned)(x))  goto input_overrun
++#    define TEST_IV(x)          if ((x) > (unsigned)0 - (511)) goto input_overrun
+ #    undef TEST_OP              /* don't need both of the tests here */
+ #    define TEST_OP             1
+ #    define NEED_OP(x) \
+             if ((unsigned)(op_end - op) < (unsigned)(x))  goto output_overrun
++#    define TEST_OV(x)          if ((x) > (unsigned)0 - (511)) goto output_overrun
+ #define HAVE_ANY_OP 1
+diff --git a/archival/libarchive/lzo1x_d.c b/archival/libarchive/lzo1x_d.c
+index 9bc1270..40b167e 100644
+--- a/archival/libarchive/lzo1x_d.c
++++ b/archival/libarchive/lzo1x_d.c
+@@ -92,6 +92,7 @@ int lzo1x_decompress_safe(const uint8_t* in, unsigned in_len,
+                               ip++;
+                               NEED_IP(1);
+                       }
++                      TEST_IV(t);
+                       t += 15 + *ip++;
+               }
+               /* copy literals */
+@@ -224,6 +225,7 @@ int lzo1x_decompress_safe(const uint8_t* in, unsigned in_len,
+                                               ip++;
+                                               NEED_IP(1);
+                                       }
++                                      TEST_IV(t);
+                                       t += 31 + *ip++;
+                               }
+ #if defined(COPY_DICT)
+@@ -265,6 +267,7 @@ int lzo1x_decompress_safe(const uint8_t* in, unsigned in_len,
+                                               ip++;
+                                               NEED_IP(1);
+                                       }
++                                      TEST_IV(t);
+                                       t += 7 + *ip++;
+                               }
+ #if defined(COPY_DICT)
+-- 
+1.8.5.5
+