Commit 3ae2f86c authored by Gustavo Zacarias's avatar Gustavo Zacarias Committed by Peter Korsgaard
Browse files

grep: add patch to fix CVE-2015-1345 

Fixes CVE-2015-1345 - heap buffer overrun.
See https://bugzilla.redhat.com/show_bug.cgi?id=1183651


Patch upstream.

Signed-off-by: default avatarGustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: default avatarPeter Korsgaard <peter@korsgaard.com>
parent ddfce044

package/grep/0001-fix-CVE-2015-1345.patch

0 → 100644
+20 −0
Original line number Diff line number Diff line 
Simplified patch from upstream to avoid autoreconf. Source:

http://git.savannah.gnu.org/cgit/grep.git/commit/?id=83a95bd8c8561875b948cadd417c653dbe7ef2e2



Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>

---

diff --git a/src/kwset.c b/src/kwset.c

index 4003c8d..376f7c3 100644

--- a/src/kwset.c

+++ b/src/kwset.c

@@ -643,6 +643,8 @@ bmexec_trans (kwset_t kwset, char const *text, size_t size)

                     if (! tp)

                       return -1;

                     tp++;

+                    if (ep <= tp)

+                      break;

                   }

               }

           }

--

cgit v0.9.0.2