From: Salvatore Bonaccorso Date: Thu, 13 Feb 2014 06:51:58 +0000 (+0100) Subject: Imported Debian patch 0.1.4-3.1 X-Git-Tag: debian/0.1.4-3.1^0 X-Git-Url: http://andersk.mit.edu/gitweb/libyaml.git/commitdiff_plain/8c29bde433b241416faf2a3bc9c902a3ad1c02d9 Imported Debian patch 0.1.4-3.1 --- diff --git a/debian/changelog b/debian/changelog index 9d59a4a..89e244d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,14 @@ +libyaml (0.1.4-3.1) unstable; urgency=medium + + * Non-maintainer upload. + * Drop libyaml-indent-column-overflow-v2.patch patch. + This patch causes additional regressions on simple YAML files. + * Add libyaml-guard-against-overflows-in-indent-and-flow_level.patch patch. + Add upstream's patch to guard against overflows in indent and + flow_level. (Closes: #738587) + + -- Salvatore Bonaccorso Thu, 13 Feb 2014 07:51:58 +0100 + libyaml (0.1.4-3) unstable; urgency=high * Fix CVE-2013-6393: heap-based buffer overflow when parsing YAML tags. diff --git a/debian/patches/libyaml-guard-against-overflows-in-indent-and-flow_level.patch b/debian/patches/libyaml-guard-against-overflows-in-indent-and-flow_level.patch new file mode 100644 index 0000000..80849ab --- /dev/null +++ b/debian/patches/libyaml-guard-against-overflows-in-indent-and-flow_level.patch @@ -0,0 +1,86 @@ +Description: Guard against overflows in indent and flow_level +Origin: upstream, https://bitbucket.org/xi/libyaml/commits/f859ed1eb757a3562b98a28a8ce69274bfd4b3f2, + https://bitbucket.org/xi/libyaml/commits/af3599437a87162554787c52d8b16eab553f537b +Last-Update: 2014-02-10 +Applied-Upstream: 0.1.5 + +--- a/src/scanner.c ++++ b/src/scanner.c +@@ -615,11 +615,11 @@ + */ + + static int +-yaml_parser_roll_indent(yaml_parser_t *parser, int column, +- int number, yaml_token_type_t type, yaml_mark_t mark); ++yaml_parser_roll_indent(yaml_parser_t *parser, ptrdiff_t column, ++ ptrdiff_t number, yaml_token_type_t type, yaml_mark_t mark); + + static int +-yaml_parser_unroll_indent(yaml_parser_t *parser, int column); ++yaml_parser_unroll_indent(yaml_parser_t *parser, ptrdiff_t column); + + /* + * Token fetchers. +@@ -1103,7 +1103,7 @@ + */ + + int required = (!parser->flow_level +- && parser->indent == (int)parser->mark.column); ++ && parser->indent == (ptrdiff_t)parser->mark.column); + + /* + * A simple key is required only when it is the first token in the current +@@ -1176,6 +1176,11 @@ + + /* Increase the flow level. */ + ++ if (parser->flow_level == INT_MAX) { ++ parser->error = YAML_MEMORY_ERROR; ++ return 0; ++ } ++ + parser->flow_level++; + + return 1; +@@ -1206,8 +1211,8 @@ + */ + + static int +-yaml_parser_roll_indent(yaml_parser_t *parser, int column, +- int number, yaml_token_type_t type, yaml_mark_t mark) ++yaml_parser_roll_indent(yaml_parser_t *parser, ptrdiff_t column, ++ ptrdiff_t number, yaml_token_type_t type, yaml_mark_t mark) + { + yaml_token_t token; + +@@ -1226,6 +1231,11 @@ + if (!PUSH(parser, parser->indents, parser->indent)) + return 0; + ++ if (column > INT_MAX) { ++ parser->error = YAML_MEMORY_ERROR; ++ return 0; ++ } ++ + parser->indent = column; + + /* Create a token and insert it into the queue. */ +@@ -1254,7 +1264,7 @@ + + + static int +-yaml_parser_unroll_indent(yaml_parser_t *parser, int column) ++yaml_parser_unroll_indent(yaml_parser_t *parser, ptrdiff_t column) + { + yaml_token_t token; + +--- a/src/yaml_private.h ++++ b/src/yaml_private.h +@@ -7,6 +7,7 @@ + + #include + #include ++#include + + /* + * Memory management. diff --git a/debian/patches/series b/debian/patches/series index 620d9b4..7729c4e 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,3 +1,3 @@ libyaml-string-overflow.patch libyaml-node-id-hardening.patch -libyaml-indent-column-overflow-v2.patch +libyaml-guard-against-overflows-in-indent-and-flow_level.patch