'[OE-core] [poky][zeus][PATCH] libpcre: Add fix for CVE-2020-14155'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openembedded-core
Subject:    [OE-core] [poky][zeus][PATCH] libpcre: Add fix for CVE-2020-14155
From:       "saloni" <saloni.jain () kpit ! com>
Date:       2020-07-30 8:53:51
Message-ID: 1596098511-12536-1-git-send-email-Saloni.Jain () kpit ! com
[Download RAW message or body]

From: Rahul Taya <Rahul.Taya@kpit.com>

Added below patch in libpcre
CVE-2020-14155.patch

This patch fixes below error:
PCRE could allow a remote attacker to execute arbitrary
code on the system, caused by an integer overflow in
libpcre via a large number after (?C substring.
By sending a request with a large number, an attacker
can execute arbitrary code on the system or
cause the application to crash.

Tested-by: Rahul Taya <Rahul.Taya@kpit.com>
Signed-off-by: Saloni Jain <Saloni.Jain@kpit.com>

Please Note: CVE already fixed in master and dunfell branches,
applicable for zeus only.
---
 .../libpcre/libpcre/CVE-2020-14155.patch           | 41 ++++++++++++++++++++++
 meta/recipes-support/libpcre/libpcre_8.43.bb       |  1 +
 2 files changed, 42 insertions(+)
 create mode 100644 meta/recipes-support/libpcre/libpcre/CVE-2020-14155.patch

diff --git a/meta/recipes-support/libpcre/libpcre/CVE-2020-14155.patch \
b/meta/recipes-support/libpcre/libpcre/CVE-2020-14155.patch new file mode 100644
index 0000000..183512f
--- /dev/null
+++ b/meta/recipes-support/libpcre/libpcre/CVE-2020-14155.patch
@@ -0,0 +1,41 @@
+--- pcre-8.43/pcre_compile.c    2020-07-05 22:26:25.310501521 +0530
++++ pcre-8.43/pcre_compile1.c   2020-07-05 22:30:22.254489562 +0530
+
+CVE: CVE-2020-14155
+Upstream-Status: Backport \
[https://vcs.pcre.org/pcre/code/trunk/pcre_compile.c?view=patch&r1=1761&r2=1760&pathrev=1761]
 +Signed-off-by: Rahul Taya<Rahul.Taya@kpit.com>
+
+@@ -6,7 +6,7 @@
+ and semantics are as close as possible to those of the Perl 5 language.
+
+                        Written by Philip Hazel
+-           Copyright (c) 1997-2018 University of Cambridge
++           Copyright (c) 1997-2020 University of Cambridge
+
+ -----------------------------------------------------------------------------
+ Redistribution and use in source and binary forms, with or without
+@@ -7130,17 +7130,19 @@
+           int n = 0;
+           ptr++;
+           while(IS_DIGIT(*ptr))
++           {
+             n = n * 10 + *ptr++ - CHAR_0;
++            if (n > 255)
++               {
++               *errorcodeptr = ERR38;
++               goto FAILED;
++               }
++            }
+           if (*ptr != CHAR_RIGHT_PARENTHESIS)
+             {
+             *errorcodeptr = ERR39;
+             goto FAILED;
+             }
+-          if (n > 255)
+-            {
+-            *errorcodeptr = ERR38;
+-            goto FAILED;
+-            }
+           *code++ = n;
+           PUT(code, 0, (int)(ptr - cd->start_pattern + 1)); /* Pattern offset */
+           PUT(code, LINK_SIZE, 0);                          /* Default length */
diff --git a/meta/recipes-support/libpcre/libpcre_8.43.bb \
b/meta/recipes-support/libpcre/libpcre_8.43.bb index b97af08..60ece64 100644
--- a/meta/recipes-support/libpcre/libpcre_8.43.bb
+++ b/meta/recipes-support/libpcre/libpcre_8.43.bb
@@ -12,6 +12,7 @@ SRC_URI = "https://ftp.pcre.org/pub/pcre/pcre-${PV}.tar.bz2 \
            file://out-of-tree.patch \
            file://run-ptest \
            file://Makefile \
+           file://CVE-2020-14155.patch \
 "

 SRC_URI[md5sum] = "636222e79e392c3d95dcc545f24f98c4"
--
2.7.4

This message contains information that may be privileged or confidential and is the \
property of the KPIT Technologies Ltd. It is intended only for the person to whom it \
is addressed. If you are not the intended recipient, you are not authorized to read, \
print, retain copy, disseminate, distribute, or use this message or any part thereof. \
If you receive this message in error, please notify the sender immediately and delete \
all copies of this message. KPIT Technologies Ltd. does not accept any liability for \
virus infected mails.



-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#141121): https://lists.openembedded.org/g/openembedded-core/message/141121
Mute This Topic: https://lists.openembedded.org/mt/75863890/4454766
Group Owner: openembedded-core+owner@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub  [openembedded-core@marc.info]
-=-=-=-=-=-=-=-=-=-=-=-


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic