libuv: fix CVE-2020-8252

Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Andrej Kozemcak <andrej.kozemcak@siemens.com> 2021-02-04 10:16:35 +0100
committer: Armin Kuster <akuster808@gmail.com> 2021-02-04 22:39:02 -0800
commit: b1de50b2fcbe43cf10508cece48f229e18009cd0 (patch)
tree: 756d93939d479814b82cb36d41d2a79a63d11202
parent: 9d6e064bb0384a3731e235769d5c78be08d5de42 (diff)
download: meta-openembedded-b1de50b2fcbe43cf10508cece48f229e18009cd0.tar.gz
2 files changed, 43 insertions, 1 deletions
diff --git a/meta-oe/recipes-connectivity/libuv/libuv/CVE-2020-8252.patch b/meta-oe/recipes-connectivity/libuv/libuv/CVE-2020-8252.patch
new file mode 100644
index 0000000000..dd99b44873
--- /dev/null
+++ b/meta-oe/recipes-connectivity/libuv/libuv/CVE-2020-8252.patch
@@ -0,0 +1,41 @@
+From 0e6e8620496dff0eb285589ef1e37a7f407f3ddd Mon Sep 17 00:00:00 2001
+From: Ben Noordhuis <info@bnoordhuis.nl>
+Date: Mon, 24 Aug 2020 11:42:27 +0200
+Subject: [PATCH] unix: don't use _POSIX_PATH_MAX
+Libuv was using _POSIX_PATH_MAX wrong. Bug introduced in commit b56d279b
+("unix: do not require PATH_MAX to be defined") from September 2018.
+_POSIX_PATH_MAX is the minimum max path size guaranteed by POSIX, not
+the actual max path size of the system libuv runs on. _POSIX_PATH_MAX
+is always 256, the real max is often much bigger.
+This commit fixes buffer overruns when processing very long paths in
+uv_fs_readlink() and uv_fs_realpath() because libuv was not allocating
+enough memory to store the result.
+Fixes: https://github.com/libuv/libuv/issues/2965
+PR-URL: https://github.com/libuv/libuv/pull/2966
+Upstream-Status: Backport [https://github.com/libuv/libuv/commit/0e6e8620496dff0eb285589ef1e37a7f407f3ddd]
+CVE: CVE-2020-8252
+Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
+---
+ src/unix/internal.h | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+diff --git a/src/unix/internal.h b/src/unix/internal.h
+index 30711673e0..9d3c2297f8 100644
+--- a/src/unix/internal.h
+++ b/src/unix/internal.h
+@@ -62,9 +62,7 @@
+ # include <AvailabilityMacros.h>
+ #endif
+ 
+-#if defined(_POSIX_PATH_MAX)
+-# define UV__PATH_MAX _POSIX_PATH_MAX
+-#elif defined(PATH_MAX)
+#if defined(PATH_MAX)
+ # define UV__PATH_MAX PATH_MAX
+ #else
+ # define UV__PATH_MAX 8192
diff --git a/meta-oe/recipes-connectivity/libuv/libuv_1.36.0.bb b/meta-oe/recipes-connectivity/libuv/libuv_1.36.0.bb
index deeaa2b15c..7577207318 100644
--- a/meta-oe/recipes-connectivity/libuv/libuv_1.36.0.bb
+++ b/meta-oe/recipes-connectivity/libuv/libuv_1.36.0.bb
@@ -5,7 +5,8 @@ LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=a68902a430e32200263d182d44924d47"
 SRCREV = "533b738838ad8407032e14b6772b29ef9af63cfa"
-SRC_URI = "git://github.com/libuv/libuv;branch=v1.x"
+SRC_URI = "git://github.com/libuv/libuv;branch=v1.x \
+           file://CVE-2020-8252.patch"
 S = "${WORKDIR}/git"
author	Andrej Kozemcak <andrej.kozemcak@siemens.com>	2021-02-04 10:16:35 +0100
committer	Armin Kuster <akuster808@gmail.com>	2021-02-04 22:39:02 -0800
commit	b1de50b2fcbe43cf10508cece48f229e18009cd0 (patch)
tree	756d93939d479814b82cb36d41d2a79a63d11202
parent	9d6e064bb0384a3731e235769d5c78be08d5de42 (diff)
download	meta-openembedded-b1de50b2fcbe43cf10508cece48f229e18009cd0.tar.gz

diff --git a/meta-oe/recipes-connectivity/libuv/libuv/CVE-2020-8252.patch b/meta-oe/recipes-connectivity/libuv/libuv/CVE-2020-8252.patch new file mode 100644 index 0000000000..dd99b44873 --- /dev/null +++ b/meta-oe/recipes-connectivity/libuv/libuv/CVE-2020-8252.patch
@@ -0,0 +1,41 @@
		1	From 0e6e8620496dff0eb285589ef1e37a7f407f3ddd Mon Sep 17 00:00:00 2001
		2	From: Ben Noordhuis <info@bnoordhuis.nl>
		3	Date: Mon, 24 Aug 2020 11:42:27 +0200
		4	Subject: [PATCH] unix: don't use _POSIX_PATH_MAX
		5
		6	Libuv was using _POSIX_PATH_MAX wrong. Bug introduced in commit b56d279b
		7	("unix: do not require PATH_MAX to be defined") from September 2018.
		8
		9	_POSIX_PATH_MAX is the minimum max path size guaranteed by POSIX, not
		10	the actual max path size of the system libuv runs on. _POSIX_PATH_MAX
		11	is always 256, the real max is often much bigger.
		12
		13	This commit fixes buffer overruns when processing very long paths in
		14	uv_fs_readlink() and uv_fs_realpath() because libuv was not allocating
		15	enough memory to store the result.
		16
		17	Fixes: https://github.com/libuv/libuv/issues/2965
		18	PR-URL: https://github.com/libuv/libuv/pull/2966
		19
		20	Upstream-Status: Backport [https://github.com/libuv/libuv/commit/0e6e8620496dff0eb285589ef1e37a7f407f3ddd]
		21	CVE: CVE-2020-8252
		22	Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
		23	---
		24	src/unix/internal.h \| 4 +---
		25	1 file changed, 1 insertion(+), 3 deletions(-)
		26
		27	diff --git a/src/unix/internal.h b/src/unix/internal.h
		28	index 30711673e0..9d3c2297f8 100644
		29	--- a/src/unix/internal.h
		30	+++ b/src/unix/internal.h
		31	@@ -62,9 +62,7 @@
		32	# include <AvailabilityMacros.h>
		33	#endif
		34
		35	-#if defined(_POSIX_PATH_MAX)
		36	-# define UV__PATH_MAX _POSIX_PATH_MAX
		37	-#elif defined(PATH_MAX)
		38	+#if defined(PATH_MAX)
		39	# define UV__PATH_MAX PATH_MAX
		40	#else
		41	# define UV__PATH_MAX 8192


diff --git a/meta-oe/recipes-connectivity/libuv/libuv_1.36.0.bb b/meta-oe/recipes-connectivity/libuv/libuv_1.36.0.bb index deeaa2b15c..7577207318 100644 --- a/meta-oe/recipes-connectivity/libuv/libuv_1.36.0.bb +++ b/meta-oe/recipes-connectivity/libuv/libuv_1.36.0.bb
@@ -5,7 +5,8 @@ LICENSE = "MIT"
5	LIC_FILES_CHKSUM = "file://LICENSE;md5=a68902a430e32200263d182d44924d47"	5	LIC_FILES_CHKSUM = "file://LICENSE;md5=a68902a430e32200263d182d44924d47"
6		6
7	SRCREV = "533b738838ad8407032e14b6772b29ef9af63cfa"	7	SRCREV = "533b738838ad8407032e14b6772b29ef9af63cfa"
8	SRC_URI = "git://github.com/libuv/libuv;branch=v1.x"	8	SRC_URI = "git://github.com/libuv/libuv;branch=v1.x \
		9	file://CVE-2020-8252.patch"
9		10
10	S = "${WORKDIR}/git"	11	S = "${WORKDIR}/git"
11		12