Google Git
Sign in
android-kvm / buildroot / 46b07c8a87f354527d4173d873b6674d99e4fbab^! / .
commit46b07c8a87f354527d4173d873b6674d99e4fbab[log] [tgz]
authorBaruch Siach <baruch@tkos.co.il>Fri Sep 15 07:40:20 2017 +0300
committerPeter Korsgaard <peter@korsgaard.com>Sun Sep 24 21:36:09 2017 +0200
tree6b32755d6c939dd7a597aa1fb2e782f4c5d58fd3
parentbde9621d0f0c5d88f316ea0df9e125f73c88f2bb [diff]
libidn: add fix for CVE-2017-14062

Add upstream patch fixing CVE-2017-14062:

Integer overflow in the decode_digit function in puny_decode.c in
Libidn2 before 2.0.4 allows remote attackers to cause a denial of
service or possibly have unspecified other impact.

This issue also affects libidn.

Unfortunately, the patch also triggers reconf of the documentation
subdirectory, since lib/punycode.c is listed in GDOC_SRC that is defined
in doc/Makefile.am. Add autoreconf to handle that.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 49cb795f7965328ce7a57cbc3736b0fc03919fe7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

diff --git a/package/libidn/0001-lib-punycode.c-decode_digit-Fix-integer-overflow.patch b/package/libidn/0001-lib-punycode.c-decode_digit-Fix-integer-overflow.patch
new file mode 100644
index 0000000..8a8ca47
--- /dev/null
+++ b/package/libidn/0001-lib-punycode.c-decode_digit-Fix-integer-overflow.patch

@@ -0,0 +1,36 @@
+From e9e81b8063b095b02cf104bb992fa9bf9515b9d8 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
+Date: Fri, 1 Sep 2017 10:04:48 +0200
+Subject: [PATCH] lib/punycode.c (decode_digit): Fix integer overflow
+
+This fix is a backport from libidn2 and addresses
+CVE-2017-14062.
+
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+---
+Upstream status: commit e9e81b8063b095
+
+ lib/punycode.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/lib/punycode.c b/lib/punycode.c
+index 86819a7deb85..49250a13e2cc 100644
+--- a/lib/punycode.c
++++ b/lib/punycode.c
+@@ -88,10 +88,10 @@ enum
+ /* point (for use in representing integers) in the range 0 to */
+ /* base-1, or base if cp does not represent a value.          */
+ 
+-static punycode_uint
+-decode_digit (punycode_uint cp)
++static unsigned
++decode_digit (int cp)
+ {
+-  return cp - 48 < 10 ? cp - 22 : cp - 65 < 26 ? cp - 65 :
++  return (unsigned) cp - 48 < 10 ? cp - 22 : cp - 65 < 26 ? cp - 65 :
+     cp - 97 < 26 ? cp - 97 : base;
+ }
+ 
+-- 
+2.14.1
+

diff --git a/package/libidn/libidn.mk b/package/libidn/libidn.mk
index 99c9e2c..80fc827 100644
--- a/package/libidn/libidn.mk
+++ b/package/libidn/libidn.mk

@@ -12,6 +12,8 @@
 LIBIDN_DEPENDENCIES = host-pkgconf $(if $(BR2_NEEDS_GETTEXT_IF_LOCALE),gettext) $(if $(BR2_PACKAGE_LIBICONV),libiconv)
 LIBIDN_LICENSE = GPLv2+, GPLv3+, LGPLv3+
 LIBIDN_LICENSE_FILES = COPYINGv2 COPYINGv3 COPYING.LESSERv3
+# lib/punycode.c patch triggers reconf in doc/
+LIBIDN_AUTORECONF = YES
 
 define LIBIDN_REMOVE_BINARY
 	rm -f $(TARGET_DIR)/usr/bin/idn