code.ossystems Code Review - openembedded-core.git/commit

author	Maxin B. John <maxin.john@enea.com>
	Wed, 7 Jan 2015 12:11:43 +0000 (13:11 +0100)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Wed, 11 Feb 2015 17:39:47 +0000 (17:39 +0000)
commit	54debe63cbd38dba56895541c434f895e158f70b
tree	e3ca8722c8470d6d33d8aeb9fd93f25c2e1978f4	tree \| snapshot
parent	965943176c580b7943bb4d94efd58b8818c04919	commit \| diff

coreutils: Fix CVE-2014-9471

Fiedler Roman discovered that coreutils' parse_datetime() function
has some flaws that may be exploitable if the date(1), touch(1),
or potentially other programs, accept untrusted input for certain
parameters. While researching this issue, he discovered that it
was independently discovered by Bertrand Jacquin and reported at
http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16872

$ touch '--date=TZ="123"345" @1'
*** Error in `touch': free(): invalid pointer: 0x00007fffd33e55e0 ***
Aborted

$ date '--date=TZ="123"345" @1'
date[394]: segfault at 7fff24000000 ip 00007f6dd5b73404 sp 00007fff27cce8f8
error 4 in libc-2.20.so[7f6dd5af7000+199000]
Segmentation fault

Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

meta/recipes-core/coreutils/coreutils-8.22/date-tz-crash.patch	[new file with mode: 0644]	blob
meta/recipes-core/coreutils/coreutils_8.22.bb		diff \| blob \| history