nspr: remove nspr-CVE-2014-1545.patch
It is a backport patch, and verified that the patch is in the source. (From OE-Core rev: a7e723bd78e280ae48e6de725b2881b35ae21f5c) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
parent
31e6dda52d
commit
2e31add771
|
@ -1,67 +0,0 @@
|
|||
Fix for CVE-2014-1545
|
||||
|
||||
Upstream-Status: Backport
|
||||
|
||||
Backported from nspr-4.10.6.tar.gz.
|
||||
---
|
||||
--- a/pr/src/io/prprf.c
|
||||
+++ b/pr/src/io/prprf.c
|
||||
@@ -50,6 +50,10 @@
|
||||
#include "prlog.h"
|
||||
#include "prmem.h"
|
||||
|
||||
+#ifdef _MSC_VER
|
||||
+#define snprintf _snprintf
|
||||
+#endif
|
||||
+
|
||||
/*
|
||||
** WARNING: This code may *NOT* call PR_LOG (because PR_LOG calls it)
|
||||
*/
|
||||
@@ -330,7 +334,7 @@
|
||||
** Convert a double precision floating point number into its printable
|
||||
** form.
|
||||
**
|
||||
-** XXX stop using sprintf to convert floating point
|
||||
+** XXX stop using snprintf to convert floating point
|
||||
*/
|
||||
static int cvt_f(SprintfState *ss, double d, const char *fmt0, const char *fmt1)
|
||||
{
|
||||
@@ -338,15 +342,14 @@
|
||||
char fout[300];
|
||||
int amount = fmt1 - fmt0;
|
||||
|
||||
- PR_ASSERT((amount > 0) && (amount < sizeof(fin)));
|
||||
- if (amount >= sizeof(fin)) {
|
||||
- /* Totally bogus % command to sprintf. Just ignore it */
|
||||
+ if (amount <= 0 || amount >= sizeof(fin)) {
|
||||
+ /* Totally bogus % command to snprintf. Just ignore it */
|
||||
return 0;
|
||||
}
|
||||
memcpy(fin, fmt0, amount);
|
||||
fin[amount] = 0;
|
||||
|
||||
- /* Convert floating point using the native sprintf code */
|
||||
+ /* Convert floating point using the native snprintf code */
|
||||
#ifdef DEBUG
|
||||
{
|
||||
const char *p = fin;
|
||||
@@ -356,14 +359,11 @@
|
||||
}
|
||||
}
|
||||
#endif
|
||||
- sprintf(fout, fin, d);
|
||||
-
|
||||
- /*
|
||||
- ** This assert will catch overflow's of fout, when building with
|
||||
- ** debugging on. At least this way we can track down the evil piece
|
||||
- ** of calling code and fix it!
|
||||
- */
|
||||
- PR_ASSERT(strlen(fout) < sizeof(fout));
|
||||
+ memset(fout, 0, sizeof(fout));
|
||||
+ snprintf(fout, sizeof(fout), fin, d);
|
||||
+ /* Explicitly null-terminate fout because on Windows snprintf doesn't
|
||||
+ * append a null-terminator if the buffer is too small. */
|
||||
+ fout[sizeof(fout) - 1] = '\0';
|
||||
|
||||
return (*ss->stuff)(ss, fout, strlen(fout));
|
||||
}
|
Loading…
Reference in New Issue