]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: f280b4f) | patch
less: fix CVE-2014-9488
authorJunling Zheng <zhengjunling@huawei.com>
Fri, 24 Apr 2015 05:58:59 +0000 (13:58 +0800)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Tue, 28 Apr 2015 06:56:00 +0000 (07:56 +0100)
commit68994284f3c059b737bfc5afc2600ebd09bdf47f
tree152652114b9897ec3b75044ae3ae501fcbc67852tree | snapshot
parentf280b4f28231ea5a416266ae022d6e4c4ea91117commit | diff
less: fix CVE-2014-9488

An out of bounds read access in the UTF-8 decoding can be triggered with
a malformed file in the tool less. The access happens in the function
is_utf8_well_formed due to a truncated multibyte character in the sample
file.

The bug does not crash less, it can only be made visible by running less
with valgrind or compiling it with Address Sanitizer.

Version 475 of less contains a fix for this issue. The file version.c
contains some entry mentioning this issue (without any credit):

 - v475 3/2/15 Fix possible buffer overrun with invalid UTF-8

The fix is in the file line.c. We derive this patch from:

https://blog.fuzzing-project.org/3-less-out-of-bounds-read-access-TFPA-0022014.html

Thank Claire Robinson for validating it on Mageia 4 i586. Refer to:

https://bugs.mageia.org/show_bug.cgi?id=15567

Signed-off-by: Junling Zheng <zhengjunling@huawei.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-extended/less/less/0001-Fix-possible-buffer-overrun-with-invalid-UTF-8.patch [new file with mode: 0644] blob
meta/recipes-extended/less/less_471.bb diff | blob | history
Mirror of the official openembedded-core repository