[chicken] first attempt at fixing CVE-2014-3776
Ricky Elrod
codeblock at fedoraproject.org
Tue May 20 20:48:38 UTC 2014
commit 292277363e8b8d5671aaedee6f92bb306e555ff0
Author: Ricky Elrod <ricky at elrod.me>
Date: Tue May 20 16:48:35 2014 -0400
first attempt at fixing CVE-2014-3776
chicken.spec | 7 ++++++-
cve-2014-3776.patch | 23 +++++++++++++++++++++++
2 files changed, 29 insertions(+), 1 deletions(-)
---
diff --git a/chicken.spec b/chicken.spec
index 472712b..15b3d0f 100644
--- a/chicken.spec
+++ b/chicken.spec
@@ -2,7 +2,7 @@
Name: chicken
Version: 4.8.0.6
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: A practical and portable Scheme system
Group: Development/Languages
@@ -10,6 +10,7 @@ License: BSD
URL: http://call-cc.org
Source0: http://code.call-cc.org/releases/4.8.0/%{name}-%{version}.tar.gz
Patch0: make_cflags_work.patch
+Patch0: cve-2014-3776.patch
BuildRequires: chrpath
Requires: chicken-libs%{?_isa} = %{version}-%{release}
@@ -42,6 +43,7 @@ Scheme language standard, and includes many enhancements and extensions.
%prep
%setup -q -n %{name}-%{version}
%patch0 -p1
+%patch1 -p1
%build
%if %{bootstrap} == 0
@@ -116,6 +118,9 @@ chrpath --delete %{buildroot}/%{_bindir}/*
%{_libdir}/libchicken.so*
%changelog
+* Tue May 20 2014 Ricky Elrod <codeblock at fedoraproject.org> - 4.8.0.6-2
+- Patch for CVE-2014-3776.
+
* Thu Apr 24 2014 Ricky Elrod <codeblock at fedoraproject.org> - 4.8.0.6-1
- Upstream 4.8.0.6.
diff --git a/cve-2014-3776.patch b/cve-2014-3776.patch
new file mode 100644
index 0000000..ad372dc
--- /dev/null
+++ b/cve-2014-3776.patch
@@ -0,0 +1,23 @@
+diff --git a/srfi-4.scm b/srfi-4.scm
+index 07ef84b..b1fea14 100644
+--- a/srfi-4.scm
++++ b/srfi-4.scm
+@@ -653,12 +653,12 @@ EOF
+ (##sys#check-input-port port #t 'read-u8vector!)
+ (##sys#check-exact start 'read-u8vector!)
+ (##sys#check-structure dest 'u8vector 'read-u8vector!)
+- (let ((dest (##sys#slot dest 1)))
+- (when n
+- (##sys#check-exact n 'read-u8vector!)
+- (when (fx> (fx+ start n) (##sys#size dest))
+- (set! n (fx- (##sys#size dest) start))))
+- (##sys#read-string! n dest port start) ) )
++ (when n (##sys#check-exact n 'read-u8vector!))
++ (let* ((dest (##sys#slot dest 1))
++ (size (##sys#size dest)))
++ (unless (and n (fx<= (fx+ start n) size))
++ (set! n (fx- size start)))
++ (##sys#read-string! n dest port start)))
+
+ (define read-u8vector
+ (let ()
More information about the scm-commits
mailing list