mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-02-07 09:16:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
81f9e815d36848761a9dfa94b00ad998bb39a4a6
poky/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9226.patch
Huang Qiyu a62c43a363 ruby: 2.4.2 -> 2.5.0 
1.Upgrade ruby form 2.4.2 to 2.5.0.
2.Update the checksum of LIC_FILES_CHKSUM.
3.Delete ruby-CVE-2017-9224.patch, ruby-CVE-2017-9227.patch, ruby-CVE-2017-9229.patch, since it is integrated upstream.
4.Modify ruby-CVE-2017-9226.patch, since the data has been changed.

(From OE-Core rev: 67b9f407f7c40c63c7f9518b4ee3d4d1cc7c75ce)

Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-02-06 11:06:27 +00:00

33 lines
881 B
Diff
Raw Blame History

From b4bf968ad52afe14e60a2dc8a95d3555c543353a Mon Sep 17 00:00:00 2001
From: "K.Kosako" <kosako@sofnec.co.jp>
Date: Thu, 18 May 2017 17:05:27 +0900
Subject: [PATCH] fix #55 : check too big code point value for single byte
value in next_state_val()
---
regparse.c | 3 +++
1 file changed, 3 insertions(+)
--- end of original header
CVE: CVE-2017-9226
Add check for octal number bigger than 255.
Upstream-Status: Pending
Signed-off-by: Joe Slater <joe.slater@windriver.com>
--- ruby-2.4.1.orig/regparse.c
+++ ruby-2.4.1/regparse.c
@@ -4450,6 +4450,9 @@ next_state_val(CClassNode* cc, CClassNod
switch (*state) {
case CCS_VALUE:
if (*type == CCV_SB) {
+ if (*from > 0xff)
+ return ONIGERR_INVALID_CODE_POINT_VALUE;
+
BITSET_SET_BIT_CHKDUP(cc->bs, (int )(*from));
if (IS_NOT_NULL(asc_cc))
BITSET_SET_BIT(asc_cc->bs, (int )(*from));
Reference in New Issue View Git Blame Copy Permalink