forked from pool/yaml-cpp
Accepting request 576810 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- Security fix: [bsc#1032144, CVE-2017-5950] * Stack overflow in SingleDocParser::HandleNode() function * Added patch yaml-cpp-CVE-2017-5950.patch OBS-URL: https://build.opensuse.org/request/show/576810 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/yaml-cpp?expand=0&rev=22
This commit is contained in:
Tomáš Chvátal
committed by
Git OBS Bridge
Git OBS Bridge
parent
f6fc394b55
commit
d61772d000
82
yaml-cpp-CVE-2017-5950.patch
Normal file
82
yaml-cpp-CVE-2017-5950.patch
Normal file
@@ -0,0 +1,82 @@
|
|||||||
|
Index: yaml-cpp-yaml-cpp-0.6.1/src/singledocparser.cpp
|
||||||
|
===================================================================
|
||||||
|
--- yaml-cpp-yaml-cpp-0.6.1.orig/src/singledocparser.cpp
|
||||||
|
+++ yaml-cpp-yaml-cpp-0.6.1/src/singledocparser.cpp
|
||||||
|
@@ -46,6 +46,9 @@ void SingleDocParser::HandleDocument(Eve
|
||||||
|
}
|
||||||
|
|
||||||
|
void SingleDocParser::HandleNode(EventHandler& eventHandler) {
|
||||||
|
+ if (depth > depth_limit) {
|
||||||
|
+ throw ParserException(m_scanner.mark(), ErrorMsg::BAD_FILE);
|
||||||
|
+ }
|
||||||
|
// an empty node *is* a possibility
|
||||||
|
if (m_scanner.empty()) {
|
||||||
|
eventHandler.OnNull(m_scanner.mark(), NullAnchor);
|
||||||
|
@@ -57,9 +60,11 @@ void SingleDocParser::HandleNode(EventHa
|
||||||
|
|
||||||
|
// special case: a value node by itself must be a map, with no header
|
||||||
|
if (m_scanner.peek().type == Token::VALUE) {
|
||||||
|
+ depth++;
|
||||||
|
eventHandler.OnMapStart(mark, "?", NullAnchor, EmitterStyle::Default);
|
||||||
|
HandleMap(eventHandler);
|
||||||
|
eventHandler.OnMapEnd();
|
||||||
|
+ depth--;
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -94,32 +99,42 @@ void SingleDocParser::HandleNode(EventHa
|
||||||
|
m_scanner.pop();
|
||||||
|
return;
|
||||||
|
case Token::FLOW_SEQ_START:
|
||||||
|
+ depth++;
|
||||||
|
eventHandler.OnSequenceStart(mark, tag, anchor, EmitterStyle::Flow);
|
||||||
|
HandleSequence(eventHandler);
|
||||||
|
eventHandler.OnSequenceEnd();
|
||||||
|
+ depth--;
|
||||||
|
return;
|
||||||
|
case Token::BLOCK_SEQ_START:
|
||||||
|
+ depth++;
|
||||||
|
eventHandler.OnSequenceStart(mark, tag, anchor, EmitterStyle::Block);
|
||||||
|
HandleSequence(eventHandler);
|
||||||
|
eventHandler.OnSequenceEnd();
|
||||||
|
+ depth--;
|
||||||
|
return;
|
||||||
|
case Token::FLOW_MAP_START:
|
||||||
|
+ depth++;
|
||||||
|
eventHandler.OnMapStart(mark, tag, anchor, EmitterStyle::Flow);
|
||||||
|
HandleMap(eventHandler);
|
||||||
|
eventHandler.OnMapEnd();
|
||||||
|
+ depth--;
|
||||||
|
return;
|
||||||
|
case Token::BLOCK_MAP_START:
|
||||||
|
+ depth++;
|
||||||
|
eventHandler.OnMapStart(mark, tag, anchor, EmitterStyle::Block);
|
||||||
|
HandleMap(eventHandler);
|
||||||
|
eventHandler.OnMapEnd();
|
||||||
|
+ depth--;
|
||||||
|
return;
|
||||||
|
case Token::KEY:
|
||||||
|
// compact maps can only go in a flow sequence
|
||||||
|
if (m_pCollectionStack->GetCurCollectionType() ==
|
||||||
|
CollectionType::FlowSeq) {
|
||||||
|
+ depth++;
|
||||||
|
eventHandler.OnMapStart(mark, tag, anchor, EmitterStyle::Flow);
|
||||||
|
HandleMap(eventHandler);
|
||||||
|
eventHandler.OnMapEnd();
|
||||||
|
+ depth--;
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
Index: yaml-cpp-yaml-cpp-0.6.1/src/singledocparser.h
|
||||||
|
===================================================================
|
||||||
|
--- yaml-cpp-yaml-cpp-0.6.1.orig/src/singledocparser.h
|
||||||
|
+++ yaml-cpp-yaml-cpp-0.6.1/src/singledocparser.h
|
||||||
|
@@ -51,6 +51,8 @@ class SingleDocParser : private noncopya
|
||||||
|
anchor_t LookupAnchor(const Mark& mark, const std::string& name) const;
|
||||||
|
|
||||||
|
private:
|
||||||
|
+ int depth = 0;
|
||||||
|
+ int depth_limit = 2048;
|
||||||
|
Scanner& m_scanner;
|
||||||
|
const Directives& m_directives;
|
||||||
|
std::unique_ptr<CollectionStack> m_pCollectionStack;
|
||||||
@@ -1,3 +1,10 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Feb 14 16:01:53 UTC 2018 - pmonrealgonzalez@suse.com
|
||||||
|
|
||||||
|
- Security fix: [bsc#1032144, CVE-2017-5950]
|
||||||
|
* Stack overflow in SingleDocParser::HandleNode() function
|
||||||
|
* Added patch yaml-cpp-CVE-2017-5950.patch
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Feb 2 16:56:09 UTC 2018 - tchvatal@suse.com
|
Fri Feb 2 16:56:09 UTC 2018 - tchvatal@suse.com
|
||||||
|
|
||||||
|
|||||||
@@ -28,6 +28,8 @@ Source: https://github.com/jbeder/yaml-cpp/archive/%{name}-%{version}.ta
|
|||||||
# PATCH-FIX-UPSTREAM: do not override opts for linker as distro provides
|
# PATCH-FIX-UPSTREAM: do not override opts for linker as distro provides
|
||||||
# correct ones
|
# correct ones
|
||||||
Patch0: yaml-cpp-fix-pie.patch
|
Patch0: yaml-cpp-fix-pie.patch
|
||||||
|
# PATCH-FIX-UPSTREAM bsc#1032144 CVE-2017-5950 Stack overflow in SingleDocParser::HandleNode()
|
||||||
|
Patch1: yaml-cpp-CVE-2017-5950.patch
|
||||||
BuildRequires: cmake
|
BuildRequires: cmake
|
||||||
BuildRequires: pkgconfig
|
BuildRequires: pkgconfig
|
||||||
BuildRequires: sed
|
BuildRequires: sed
|
||||||
@@ -60,6 +62,7 @@ Development files for %{name} library.
|
|||||||
%prep
|
%prep
|
||||||
%setup -q -n %{name}-%{name}-%{version}
|
%setup -q -n %{name}-%{name}-%{version}
|
||||||
%patch0 -p1
|
%patch0 -p1
|
||||||
|
%patch1 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
export CC=gcc
|
export CC=gcc
|
||||||
|
|||||||
Reference in New Issue
Block a user