2 files changed, 49 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/synergy/synergy/CVE-2020-15117.patch b/meta-oe/recipes-support/synergy/synergy/CVE-2020-15117.patch
new file mode 100644
index 0000000000..4ad2a45275
--- /dev/null
+++ b/meta-oe/recipes-support/synergy/synergy/CVE-2020-15117.patch
@@ -0,0 +1,48 @@
+From 79efdb7c617b809e1a2daf17441d7a30f7046aa5 Mon Sep 17 00:00:00 2001
+From: Jnewbon <48688400+Jnewbon@users.noreply.github.com>
+Date: Tue, 14 Jul 2020 13:14:40 +0100
+Subject: [PATCH] Merge pull request from GHSA-chfm-333q-gfpp
+Attempts to fis DoS to servers with less then 4GB memory
+CVE: CVE-2020-15117
+Upstream-Status: Backport [https://github.com/deskflow/deskflow/commit/0a97c2be0da2d0df25cb86dfd642429e7a8bea39]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ src/lib/synergy/ProtocolUtil.cpp | 13 ++++++++++++-
+ 1 file changed, 12 insertions(+), 1 deletion(-)
+diff --git a/src/lib/synergy/ProtocolUtil.cpp b/src/lib/synergy/ProtocolUtil.cpp
+index d9f5dc324..7d2c37ff8 100644
+--- a/src/lib/synergy/ProtocolUtil.cpp
+++ b/src/lib/synergy/ProtocolUtil.cpp
+@@ -61,6 +61,9 @@ ProtocolUtil::readf(synergy::IStream* stream, const char* fmt, ...)
+     catch (XIO&) {
+         result = false;
+     }
+    catch (std::bad_alloc & exception) {
+        result = false;
+    }
+     va_end(args);
+     return result;
+ }
+@@ -216,7 +219,15 @@ ProtocolUtil::vreadf(synergy::IStream* stream, const char* fmt, va_list args)
+                 // allocate a buffer to read the data
+                 UInt8* sBuffer = buffer;
+                 if (!useFixed) {
+-                    sBuffer = new UInt8[len];
+                    try{
+                        sBuffer = new UInt8[len];
+                    }
+                    catch (std::bad_alloc & exception) {
+                        // Added try catch due to GHSA-chfm-333q-gfpp
+                        LOG((CLOG_ERR "ALLOC: Unable to allocate memory %d bytes", len));
+                        LOG((CLOG_DEBUG "bad_alloc detected: Do you have enough free memory?"));
+                        throw exception;
+                    }
+                 }
+ 
+                 // read the data
+-- 
+2.30.2
diff --git a/meta-oe/recipes-support/synergy/synergy_git.bb b/meta-oe/recipes-support/synergy/synergy_git.bb
index f2e7a91618..97891a6c86 100644
--- a/meta-oe/recipes-support/synergy/synergy_git.bb
+++ b/meta-oe/recipes-support/synergy/synergy_git.bb
@@ -10,6 +10,7 @@ DEPENDS = "virtual/libx11 libxtst libxinerama curl openssl"
 REQUIRED_DISTRO_FEATURES = "x11"
 SRC_URI = "git://github.com/symless/synergy-core;protocol=https;nobranch=1"
+SRC_URI += "file://CVE-2020-15117.patch"
 # Version 1.10.1-stable
 SRCREV ?= "1b4c076127687aceac931d269e898beaac1cad9f"

diff --git a/meta-oe/recipes-support/synergy/synergy/CVE-2020-15117.patch b/meta-oe/recipes-support/synergy/synergy/CVE-2020-15117.patch new file mode 100644 index 0000000000..4ad2a45275 --- /dev/null +++ b/meta-oe/recipes-support/synergy/synergy/CVE-2020-15117.patch
@@ -0,0 +1,48 @@
		1	From 79efdb7c617b809e1a2daf17441d7a30f7046aa5 Mon Sep 17 00:00:00 2001
		2	From: Jnewbon <48688400+Jnewbon@users.noreply.github.com>
		3	Date: Tue, 14 Jul 2020 13:14:40 +0100
		4	Subject: [PATCH] Merge pull request from GHSA-chfm-333q-gfpp
		5
		6	Attempts to fis DoS to servers with less then 4GB memory
		7
		8	CVE: CVE-2020-15117
		9	Upstream-Status: Backport [https://github.com/deskflow/deskflow/commit/0a97c2be0da2d0df25cb86dfd642429e7a8bea39]
		10	Signed-off-by: Peter Marko <peter.marko@siemens.com>
		11	---
		12	src/lib/synergy/ProtocolUtil.cpp \| 13 ++++++++++++-
		13	1 file changed, 12 insertions(+), 1 deletion(-)
		14
		15	diff --git a/src/lib/synergy/ProtocolUtil.cpp b/src/lib/synergy/ProtocolUtil.cpp
		16	index d9f5dc324..7d2c37ff8 100644
		17	--- a/src/lib/synergy/ProtocolUtil.cpp
		18	+++ b/src/lib/synergy/ProtocolUtil.cpp
		19	@@ -61,6 +61,9 @@ ProtocolUtil::readf(synergy::IStream* stream, const char* fmt, ...)
		20	catch (XIO&) {
		21	result = false;
		22	}
		23	+ catch (std::bad_alloc & exception) {
		24	+ result = false;
		25	+ }
		26	va_end(args);
		27	return result;
		28	}
		29	@@ -216,7 +219,15 @@ ProtocolUtil::vreadf(synergy::IStream* stream, const char* fmt, va_list args)
		30	// allocate a buffer to read the data
		31	UInt8* sBuffer = buffer;
		32	if (!useFixed) {
		33	- sBuffer = new UInt8[len];
		34	+ try{
		35	+ sBuffer = new UInt8[len];
		36	+ }
		37	+ catch (std::bad_alloc & exception) {
		38	+ // Added try catch due to GHSA-chfm-333q-gfpp
		39	+ LOG((CLOG_ERR "ALLOC: Unable to allocate memory %d bytes", len));
		40	+ LOG((CLOG_DEBUG "bad_alloc detected: Do you have enough free memory?"));
		41	+ throw exception;
		42	+ }
		43	}
		44
		45	// read the data
		46	--
		47	2.30.2
		48


diff --git a/meta-oe/recipes-support/synergy/synergy_git.bb b/meta-oe/recipes-support/synergy/synergy_git.bb index f2e7a91618..97891a6c86 100644 --- a/meta-oe/recipes-support/synergy/synergy_git.bb +++ b/meta-oe/recipes-support/synergy/synergy_git.bb
@@ -10,6 +10,7 @@ DEPENDS = "virtual/libx11 libxtst libxinerama curl openssl"
10	REQUIRED_DISTRO_FEATURES = "x11"	10	REQUIRED_DISTRO_FEATURES = "x11"
11		11
12	SRC_URI = "git://github.com/symless/synergy-core;protocol=https;nobranch=1"	12	SRC_URI = "git://github.com/symless/synergy-core;protocol=https;nobranch=1"
		13	SRC_URI += "file://CVE-2020-15117.patch"
13		14
14	# Version 1.10.1-stable	15	# Version 1.10.1-stable
15	SRCREV ?= "1b4c076127687aceac931d269e898beaac1cad9f"	16	SRCREV ?= "1b4c076127687aceac931d269e898beaac1cad9f"