[chicken] first attempt at fixing CVE-2014-3776

Ricky Elrod codeblock at fedoraproject.org
Tue May 20 20:48:38 UTC 2014 

commit 292277363e8b8d5671aaedee6f92bb306e555ff0
Author: Ricky Elrod <ricky at elrod.me>
Date:   Tue May 20 16:48:35 2014 -0400

    first attempt at fixing CVE-2014-3776

 chicken.spec        |    7 ++++++-
 cve-2014-3776.patch |   23 +++++++++++++++++++++++
 2 files changed, 29 insertions(+), 1 deletions(-)
---
diff --git a/chicken.spec b/chicken.spec
index 472712b..15b3d0f 100644
--- a/chicken.spec
+++ b/chicken.spec
@@ -2,7 +2,7 @@
 
 Name:           chicken
 Version:        4.8.0.6
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        A practical and portable Scheme system
 
 Group:          Development/Languages
@@ -10,6 +10,7 @@ License:        BSD
 URL:            http://call-cc.org
 Source0:        http://code.call-cc.org/releases/4.8.0/%{name}-%{version}.tar.gz
 Patch0:         make_cflags_work.patch
+Patch0:         cve-2014-3776.patch
 BuildRequires:  chrpath
 Requires:       chicken-libs%{?_isa} = %{version}-%{release}
 
@@ -42,6 +43,7 @@ Scheme language standard, and includes many enhancements and extensions.
 %prep
 %setup -q -n %{name}-%{version}
 %patch0 -p1
+%patch1 -p1
 
 %build
 %if %{bootstrap} == 0
@@ -116,6 +118,9 @@ chrpath --delete %{buildroot}/%{_bindir}/*
 %{_libdir}/libchicken.so*
 
 %changelog
+* Tue May 20 2014 Ricky Elrod <codeblock at fedoraproject.org> - 4.8.0.6-2
+- Patch for CVE-2014-3776.
+
 * Thu Apr 24 2014 Ricky Elrod <codeblock at fedoraproject.org> - 4.8.0.6-1
 - Upstream 4.8.0.6.
 
diff --git a/cve-2014-3776.patch b/cve-2014-3776.patch
new file mode 100644
index 0000000..ad372dc
--- /dev/null
+++ b/cve-2014-3776.patch
@@ -0,0 +1,23 @@
+diff --git a/srfi-4.scm b/srfi-4.scm
+index 07ef84b..b1fea14 100644
+--- a/srfi-4.scm
++++ b/srfi-4.scm
+@@ -653,12 +653,12 @@ EOF
+   (##sys#check-input-port port #t 'read-u8vector!)
+   (##sys#check-exact start 'read-u8vector!)
+   (##sys#check-structure dest 'u8vector 'read-u8vector!)
+-  (let ((dest (##sys#slot dest 1)))
+-    (when n
+-      (##sys#check-exact n 'read-u8vector!)
+-      (when (fx> (fx+ start n) (##sys#size dest))
+-	(set! n (fx- (##sys#size dest) start))))
+-    (##sys#read-string! n dest port start) ) )
++  (when n (##sys#check-exact n 'read-u8vector!))
++  (let* ((dest (##sys#slot dest 1))
++	 (size (##sys#size dest)))
++    (unless (and n (fx<= (fx+ start n) size))
++      (set! n (fx- size start)))
++    (##sys#read-string! n dest port start)))
+ 
+ (define read-u8vector
+   (let ()

More information about the scm-commits mailing list