rpms / libyaml

Clone
Source Code
GIT

Blame SOURCES/libyaml-CVE-2014-9130.patch

c4 c5 c5-plus c6 c6-plus c7 c7-beta c8 c8-beta c8s c9 c9-beta
  1.   b8ac8aee0736ec009381c8b2e8d8840a625b264d
  2.   SOURCES
  3.   libyaml-CVE-2014-9130.patch
Blob History Raw
b8ac8a 
From e6aa721cc0e5a48f408c52355559fd36780ba32a Mon Sep 17 00:00:00 2001
b8ac8a 
From: =?UTF-8?q?Ingy=20d=C3=B6t=20Net?= <ingy@ingy.net>
b8ac8a 
Date: Fri, 28 Nov 2014 09:21:49 -0800
b8ac8a 
Subject: [PATCH] Fix for https://bitbucket.org/xi/libyaml/issue/10/
b8ac8a
b8ac8a 
https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure
b8ac8a
b8ac8a 
Commenting out the assert makes the scanner do the right thing and
b8ac8a 
results in just a simple parse failure.
b8ac8a 
---
b8ac8a 
 src/scanner.c | 4 +++-
b8ac8a 
 1 file changed, 3 insertions(+), 1 deletion(-)
b8ac8a
b8ac8a 
diff --git a/src/scanner.c b/src/scanner.c
b8ac8a 
index 88d4fa5..c5f3d2f 100644
b8ac8a 
--- a/src/scanner.c
b8ac8a 
+++ b/src/scanner.c
b8ac8a 
@@ -1110,7 +1110,9 @@ yaml_parser_save_simple_key(yaml_parser_t *parser)
b8ac8a 
      * line.  Therefore it is always allowed.  But we add a check anyway.
b8ac8a 
      */
b8ac8a
b8ac8a 
-    assert(parser->simple_key_allowed || !required);    /* Impossible. */
b8ac8a 
+    /* XXX This caused:
b8ac8a 
+     * https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure
b8ac8a 
+    assert(parser->simple_key_allowed || !required); */    /* Impossible. */
b8ac8a
b8ac8a 
     /*
b8ac8a 
      * If the current position may start a simple key, save it.

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation