mirror of
https://github.com/void-linux/void-packages.git
synced 2025-06-09 08:33:51 +02:00
file: patch for CVE-2014-3710 via upstream github.
This commit is contained in:
Juan RP
parent
f02f05c740
commit
a6b43f9f9f
2 changed files with 21 additions and 1 deletions
20
srcpkgs/file/patches/CVE-2014-3710.patch
Normal file
20
srcpkgs/file/patches/CVE-2014-3710.patch
Normal file
|
|
@ -0,0 +1,20 @@
|
||||||
|
Fix note bounds reading, Francisco Alonso / Red Hat
|
||||||
|
|
||||||
|
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3710
|
||||||
|
|
||||||
|
--- src/readelf.c
|
||||||
|
+++ src/readelf.c
|
||||||
|
@@ -477,6 +477,13 @@ donote(struct magic_set *ms, void *vbuf, size_t offset, size_t size,
|
||||||
|
uint32_t namesz, descsz;
|
||||||
|
unsigned char *nbuf = CAST(unsigned char *, vbuf);
|
||||||
|
|
||||||
|
+ if (xnh_sizeof + offset > size) {
|
||||||
|
+ /*
|
||||||
|
+ * We're out of note headers.
|
||||||
|
+ */
|
||||||
|
+ return xnh_sizeof + offset;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
(void)memcpy(xnh_addr, &nbuf[offset], xnh_sizeof);
|
||||||
|
offset += xnh_sizeof;
|
||||||
|
|
||||||
|
|
@ -1,7 +1,7 @@
|
||||||
# Template file for 'file'
|
# Template file for 'file'
|
||||||
pkgname=file
|
pkgname=file
|
||||||
version=5.20
|
version=5.20
|
||||||
revision=1
|
revision=2
|
||||||
bootstrap=yes
|
bootstrap=yes
|
||||||
build_style=gnu-configure
|
build_style=gnu-configure
|
||||||
configure_args="--enable-static"
|
configure_args="--enable-static"
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue