icu: CVE-2017-14952

Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a "redundant UVector entry clean up function call" issue. Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-14952 Upstream patches: http://bugs.icu-project.org/trac/changeset/40324/trunk/icu4c/source/i18n/zonemeta.cpp (From OE-Core rev: 4ff12a8bf2b8d094085afbe8fa1d43f781cfa79d) Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2026-04-21 03:32:12 +02:00 · 2017-11-10 17:46:10 +02:00
parent e75d9c3364
commit 3bd6d1831b
2 changed files with 29 additions and 0 deletions
--- a/meta/recipes-support/icu/icu/CVE-2017-14952.patch
+++ b/meta/recipes-support/icu/icu/CVE-2017-14952.patch
@@ -0,0 +1,28 @@
+From fc83cd832725d3968011f118637b9f5d212e8717 Mon Sep 17 00:00:00 2001
+From: Ovidiu Panait <ovidiu.panait@windriver.com>
+Date: Fri, 10 Nov 2017 16:51:25 +0200
+Subject: [PATCH] Removed redundant UVector entry clean up function call.
+
+Upstream-Status: Backport
+CVE: CVE-2017-14952
+
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+---
+ i18n/zonemeta.cpp | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/i18n/zonemeta.cpp b/i18n/zonemeta.cpp
+index 84a9657..e163b00 100644
+--- a/i18n/zonemeta.cpp
+++ b/i18n/zonemeta.cpp
+@@ -690,7 +690,6 @@ ZoneMeta::createMetazoneMappings(const UnicodeString &tzid) {
+                     mzMappings = new UVector(deleteOlsonToMetaMappingEntry, NULL, status);
+                     if (U_FAILURE(status)) {
+                         delete mzMappings;
+-                        deleteOlsonToMetaMappingEntry(entry);
+                         uprv_free(entry);
+                         break;
+                     }
+-- 
+2.10.2
+
--- a/meta/recipes-support/icu/icu_59.1.bb
+++ b/meta/recipes-support/icu/icu_59.1.bb
@@ -17,6 +17,7 @@ SRC_URI = "${BASE_SRC_URI} \
           file://icu-pkgdata-large-cmd.patch \
           file://fix-install-manx.patch \
           file://0001-i18n-Drop-include-xlocale.h.patch \
+           file://CVE-2017-14952.patch \
           "

 SRC_URI_append_class-target = "\