From d76aa0d2a8e5838ef321ae5d92183da8381af55ca476faf7875bc3b475737fa9 Mon Sep 17 00:00:00 2001 From: Petr Uzel Date: Tue, 7 Oct 2014 07:46:42 +0000 Subject: [PATCH 1/2] - Fix endless loop in javascript parser (bnc#899486, CVE-2014-7204) OBS-URL: https://build.opensuse.org/package/show/devel:tools/ctags?expand=0&rev=22 --- CVE-2014-7204.patch | 100 ++++++++++++++++++++++++++++++++++++++++++++ ctags.changes | 6 +++ ctags.spec | 4 +- 3 files changed, 109 insertions(+), 1 deletion(-) create mode 100644 CVE-2014-7204.patch diff --git a/CVE-2014-7204.patch b/CVE-2014-7204.patch new file mode 100644 index 0000000..2e7e212 --- /dev/null +++ b/CVE-2014-7204.patch @@ -0,0 +1,100 @@ +From e23093345c6f63358d979f2c87c57ef4050ba864 Mon Sep 17 00:00:00 2001 +From: dfishburn +Date: Wed, 24 Oct 2012 01:13:13 +0000 +Subject: [PATCH] Changed the javascript parser to set the tag's scope rather + than including it in the tag name. + +Patch from Colomban. + + + +git-svn-id: svn://svn.code.sf.net/p/ctags/code/trunk@791 c5d04d22-be80-434c-894e-aa346cc9e8e8 +Signed-off-by: Petr Uzel +--- + jscript.c | 54 +++++++++++++++++++++++++++++++++++++++++++++++++++--- + 1 file changed, 51 insertions(+), 3 deletions(-) + +Index: ctags-5.8/jscript.c +=================================================================== +--- ctags-5.8.orig/jscript.c ++++ ctags-5.8/jscript.c +@@ -215,6 +215,7 @@ static void deleteToken (tokenInfo *cons + * Tag generation functions + */ + ++/* + static void makeConstTag (tokenInfo *const token, const jsKind kind) + { + if (JsKinds [kind].enabled && ! token->ignoreTag ) +@@ -238,12 +239,13 @@ static void makeJsTag (tokenInfo *const + + if (JsKinds [kind].enabled && ! token->ignoreTag ) + { +- /* ++ * + * If a scope has been added to the token, change the token + * string to include the scope when making the tag. +- */ ++ * + if ( vStringLength(token->scope) > 0 ) + { ++ * + fulltag = vStringNew (); + vStringCopy(fulltag, token->scope); + vStringCatS (fulltag, "."); +@@ -251,8 +253,54 @@ static void makeJsTag (tokenInfo *const + vStringTerminate(fulltag); + vStringCopy(token->string, fulltag); + vStringDelete (fulltag); ++ * ++ jsKind parent_kind = JSTAG_CLASS; ++ ++ * ++ * if we're creating a function (and not a method), ++ * guess we're inside another function ++ * ++ if (kind == JSTAG_FUNCTION) ++ parent_kind = JSTAG_FUNCTION; ++ ++ e.extensionFields.scope[0] = JsKinds [parent_kind].name; ++ e.extensionFields.scope[1] = vStringValue (token->scope); + } +- makeConstTag (token, kind); ++ * makeConstTag (token, kind); * ++ makeTagEntry (&e); ++ } ++} ++*/ ++ ++static void makeJsTag (tokenInfo *const token, const jsKind kind) ++{ ++ if (JsKinds [kind].enabled && ! token->ignoreTag ) ++ { ++ const char *const name = vStringValue (token->string); ++ tagEntryInfo e; ++ initTagEntry (&e, name); ++ ++ e.lineNumber = token->lineNumber; ++ e.filePosition = token->filePosition; ++ e.kindName = JsKinds [kind].name; ++ e.kind = JsKinds [kind].letter; ++ ++ if ( vStringLength(token->scope) > 0 ) ++ { ++ jsKind parent_kind = JSTAG_CLASS; ++ ++ /* ++ * If we're creating a function (and not a method), ++ * guess we're inside another function ++ */ ++ if (kind == JSTAG_FUNCTION) ++ parent_kind = JSTAG_FUNCTION; ++ ++ e.extensionFields.scope[0] = JsKinds [parent_kind].name; ++ e.extensionFields.scope[1] = vStringValue (token->scope); ++ } ++ ++ makeTagEntry (&e); + } + } + diff --git a/ctags.changes b/ctags.changes index 3927543..f678968 100644 --- a/ctags.changes +++ b/ctags.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Oct 7 05:45:51 UTC 2014 - puzel@suse.com + +- Fix endless loop in javascript parser + (bnc#899486, CVE-2014-7204) + ------------------------------------------------------------------- Sat Apr 27 10:12:43 UTC 2013 - schwab@linux-m68k.org diff --git a/ctags.spec b/ctags.spec index ad1b1d1..2a4cedc 100644 --- a/ctags.spec +++ b/ctags.spec @@ -1,7 +1,7 @@ # # spec file for package ctags # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -30,6 +30,7 @@ Patch1: ctags-5.7.diff Source2: ctags-ycp-parser.diff Patch3: ctags-date-time.patch Patch4: go-tags.patch +Patch5: CVE-2014-7204.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: update-alternatives PreReq: update-alternatives @@ -45,6 +46,7 @@ Emacs, and several other editors. #%#patch2 %patch3 -p1 %patch4 -p1 +%patch5 -p1 %build ./configure CFLAGS="%{optflags} -Wall" \ From 4af4fa389968a19cdcdc65831d5e02c43cf4f8058895f61209816bbfd02dca6a Mon Sep 17 00:00:00 2001 From: Martin Pluskal Date: Tue, 26 May 2015 09:03:58 +0000 Subject: [PATCH 2/2] Accepting request 308709 from home:jkeil:branches:devel:tools - Added CVE-2014-7204.patch OBS-URL: https://build.opensuse.org/request/show/308709 OBS-URL: https://build.opensuse.org/package/show/devel:tools/ctags?expand=0&rev=23 --- ctags.changes | 1 + ctags.spec | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/ctags.changes b/ctags.changes index f678968..37dab2e 100644 --- a/ctags.changes +++ b/ctags.changes @@ -3,6 +3,7 @@ Tue Oct 7 05:45:51 UTC 2014 - puzel@suse.com - Fix endless loop in javascript parser (bnc#899486, CVE-2014-7204) +- Added CVE-2014-7204.patch ------------------------------------------------------------------- Sat Apr 27 10:12:43 UTC 2013 - schwab@linux-m68k.org diff --git a/ctags.spec b/ctags.spec index 2a4cedc..0b4ce40 100644 --- a/ctags.spec +++ b/ctags.spec @@ -1,7 +1,7 @@ # # spec file for package ctags # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed