diff options
author | Andrej Valek <andrej.valek@siemens.com> | 2016-12-12 12:46:21 +0100 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2017-02-24 19:33:29 +0000 |
commit | 56f6f5585de70819fa493d0d803f60799d02fa5c (patch) | |
tree | f889e0db9878364d675f5260e15deac8d34295dc /meta-multimedia/recipes-connectivity/libupnp/libupnp_1.6.19.bb | |
parent | b53fe10e0275dc8ec41a8acd27032d0cf1f43122 (diff) | |
download | meta-openembedded-contrib-56f6f5585de70819fa493d0d803f60799d02fa5c.tar.gz |
libupnp: Fix out-of-bound access in create_url_list() (CVE-2016-8863)
If there is an invalid URL in URLS->buf after a valid one, uri_parse is
called with out pointing after the allocated memory. As uri_parse writes
to *out before returning an error the loop in create_url_list must be
stopped early to prevent an out-of-bound access
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
(cherry picked from commit b4659368a01a5b4209d9e1e571bb569ef4a06195)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta-multimedia/recipes-connectivity/libupnp/libupnp_1.6.19.bb')
-rw-r--r-- | meta-multimedia/recipes-connectivity/libupnp/libupnp_1.6.19.bb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta-multimedia/recipes-connectivity/libupnp/libupnp_1.6.19.bb b/meta-multimedia/recipes-connectivity/libupnp/libupnp_1.6.19.bb index 133a8ebd53..71fc70dd19 100644 --- a/meta-multimedia/recipes-connectivity/libupnp/libupnp_1.6.19.bb +++ b/meta-multimedia/recipes-connectivity/libupnp/libupnp_1.6.19.bb @@ -11,6 +11,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=b3190d5244e08e78e4c8ee78544f4863" SRC_URI = "${SOURCEFORGE_MIRROR}/pupnp/${BP}.tar.bz2 \ file://avoid-redefining-strnlen-and-strndup.patch \ file://sepbuildfix.patch \ + file://CVE-2016-8863.patch \ " SRC_URI[md5sum] = "ee16e5d33a3ea7506f38d71facc057dd" |