summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJohannes Huber <johu@gentoo.org>2020-03-20 12:35:37 +0100
committerJohannes Huber <johu@gentoo.org>2020-03-20 12:36:48 +0100
commitf506b95e837aebf001b41ed1bcd19bda82d3ee47 (patch)
tree6556767a476024f61bfdef77fef34ae862a0e685 /dev-cpp/yaml-cpp/files/yaml-cpp-0.6.3-CVE-2017-11692.patch
parentdev-python/decorator: s390 stable wrt bug #713454 (diff)
downloadgentoo-f506b95e837aebf001b41ed1bcd19bda82d3ee47.tar.gz
gentoo-f506b95e837aebf001b41ed1bcd19bda82d3ee47.tar.bz2
gentoo-f506b95e837aebf001b41ed1bcd19bda82d3ee47.zip
dev-cpp/yaml-cpp: Fix CVE-2017-11692
Bug: https://bugs.gentoo.org/626662 Thanks-to: sam_c (Security Padawan) <sam@cmpct.info> Package-Manager: Portage-2.3.94, Repoman-2.3.21 Signed-off-by: Johannes Huber <johu@gentoo.org>
Diffstat (limited to 'dev-cpp/yaml-cpp/files/yaml-cpp-0.6.3-CVE-2017-11692.patch')
-rw-r--r--dev-cpp/yaml-cpp/files/yaml-cpp-0.6.3-CVE-2017-11692.patch44
1 files changed, 44 insertions, 0 deletions
diff --git a/dev-cpp/yaml-cpp/files/yaml-cpp-0.6.3-CVE-2017-11692.patch b/dev-cpp/yaml-cpp/files/yaml-cpp-0.6.3-CVE-2017-11692.patch
new file mode 100644
index 000000000000..fd7a7198c1c6
--- /dev/null
+++ b/dev-cpp/yaml-cpp/files/yaml-cpp-0.6.3-CVE-2017-11692.patch
@@ -0,0 +1,44 @@
+From c9460110e072df84b7dee3eb651f2ec5df75fb18 Mon Sep 17 00:00:00 2001
+From: Jesse Beder <jbeder@gmail.com>
+Date: Mon, 20 Jan 2020 18:05:15 -0600
+Subject: [PATCH] Fix reading empty token stack with a node with properties but
+ no scalar.
+
+E.g. `!2`.
+---
+ src/singledocparser.cpp | 6 ++++++
+ test/integration/load_node_test.cpp | 5 +++++
+ 2 files changed, 11 insertions(+)
+
+diff --git a/src/singledocparser.cpp b/src/singledocparser.cpp
+index 52544dd6..47e9e047 100644
+--- a/src/singledocparser.cpp
++++ b/src/singledocparser.cpp
+@@ -79,6 +79,12 @@ void SingleDocParser::HandleNode(EventHandler& eventHandler) {
+ if (!anchor_name.empty())
+ eventHandler.OnAnchor(mark, anchor_name);
+
++ // after parsing properties, an empty node is again a possibility
++ if (m_scanner.empty()) {
++ eventHandler.OnNull(mark, anchor);
++ return;
++ }
++
+ const Token& token = m_scanner.peek();
+
+ if (token.type == Token::PLAIN_SCALAR && IsNullString(token.value)) {
+diff --git a/test/integration/load_node_test.cpp b/test/integration/load_node_test.cpp
+index 4f4f28e8..0e0dd6bc 100644
+--- a/test/integration/load_node_test.cpp
++++ b/test/integration/load_node_test.cpp
+@@ -257,5 +257,10 @@ TEST(NodeTest, LoadTagWithParenthesis) {
+ EXPECT_EQ(node.as<std::string>(), "foo");
+ }
+
++TEST(NodeTest, LoadTagWithNullScalar) {
++ Node node = Load("!2");
++ EXPECT_TRUE(node.IsNull());
++}
++
+ } // namespace
+ } // namespace YAML