aboutsummaryrefslogtreecommitdiff
path: root/package/libyaml/libyaml-0002-node-id-hardening.patch
diff options
context:
space:
mode:
Diffstat (limited to 'package/libyaml/libyaml-0002-node-id-hardening.patch')
-rw-r--r--package/libyaml/libyaml-0002-node-id-hardening.patch35
1 files changed, 0 insertions, 35 deletions
diff --git a/package/libyaml/libyaml-0002-node-id-hardening.patch b/package/libyaml/libyaml-0002-node-id-hardening.patch
deleted file mode 100644
index 53b8aa81ee..0000000000
--- a/package/libyaml/libyaml-0002-node-id-hardening.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-Description: CVE-2013-6393: yaml_stack_extend: guard against integer overflow
- This is a hardening patch also from Florian Weimer
- <fweimer@redhat.com>. It is not required to fix this CVE however it
- improves the robustness of the code against future issues by avoiding
- large node ID's in a central place.
-Origin: https://bugzilla.redhat.com/show_bug.cgi?id=1033990
-Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1033990
-Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737076
-Last-Update: 2014-01-29
----
-# HG changeset patch
-# User Florian Weimer <fweimer@redhat.com>
-# Date 1389274355 -3600
-# Thu Jan 09 14:32:35 2014 +0100
-# Node ID 034d7a91581ac930e5958683f1a06f41e96d24a2
-# Parent a54d7af707f25dc298a7be60fd152001d2b3035b
-yaml_stack_extend: guard against integer overflow
-
-diff --git a/src/api.c b/src/api.c
---- a/src/api.c
-+++ b/src/api.c
-@@ -117,7 +117,12 @@
- YAML_DECLARE(int)
- yaml_stack_extend(void **start, void **top, void **end)
- {
-- void *new_start = yaml_realloc(*start, ((char *)*end - (char *)*start)*2);
-+ void *new_start;
-+
-+ if ((char *)*end - (char *)*start >= INT_MAX / 2)
-+ return 0;
-+
-+ new_start = yaml_realloc(*start, ((char *)*end - (char *)*start)*2);
-
- if (!new_start) return 0;
-