Sophie

Sophie

distrib > Mageia > 4 > x86_64 > by-pkgid > e243dc644f7972a3f4343ac05540db93 > files > 2

perl-YAML-LibYAML-0.410.0-2.3.mga4.src.rpm

Description: CVE-2014-2525: Heap overflow when parsing YAML tags
  The heap overflow is caused by not properly expanding a string before
  writing to it in function yaml_parser_scan_uri_escapes in scanner.c. 
Origin: upstream
Last-Update: 2014-03-23

--- a/LibYAML/scanner.c
+++ b/LibYAML/scanner.c
@@ -2629,6 +2629,9 @@
         /* Check if it is a URI-escape sequence. */
 
         if (CHECK(parser->buffer, '%')) {
+            if (!STRING_EXTEND(parser, string))
+                goto error;
+
             if (!yaml_parser_scan_uri_escapes(parser,
                         directive, start_mark, &string)) goto error;
         }
--- a/LibYAML/yaml_private.h
+++ b/LibYAML/yaml_private.h
@@ -133,9 +133,12 @@
      (string).start = (string).pointer = (string).end = 0)
 
 #define STRING_EXTEND(context,string)                                           \
-    (((string).pointer+5 < (string).end)                                        \
+    ((((string).pointer+5 < (string).end)                                       \
         || yaml_string_extend(&(string).start,                                  \
-            &(string).pointer, &(string).end))
+            &(string).pointer, &(string).end)) ?                                \
+         1 :                                                                    \
+        ((context)->error = YAML_MEMORY_ERROR,                                  \
+         0))
 
 #define CLEAR(context,string)                                                   \
     ((string).pointer = (string).start,                                         \

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional