grep: Fix CVE-2015-1345 heap buffer overrun

Signed-off-by: Julen Landa Alustiza <julen@zokormazo.info>
author: Julen Landa Alustiza <julen@zokormazo.info> 2015-02-17 12:50:51 +0100
committer: Julen Landa Alustiza <julen@zokormazo.info> 2015-02-17 12:50:51 +0100
commit: e0edca76dabb25ed158ab95aa45b065d23663aa6 (patch)
tree: 6b71ff28319a2b13a31b2d2f7db41b0022af9a1e /utils/grep
parent: 404a4362ac9e0d70216275fd800b51adb1fc6544 (diff)
2 files changed, 16 insertions, 1 deletions
diff --git a/utils/grep/Makefile b/utils/grep/Makefile
index 42a4ef64f..c4703bc56 100644
--- a/utils/grep/Makefile
+++ b/utils/grep/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=grep
 PKG_VERSION:=2.21
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=@GNU/grep
diff --git a/utils/grep/patches/0001-grep-F-fix-a-heap-buffer-read-overrun.patch b/utils/grep/patches/0001-grep-F-fix-a-heap-buffer-read-overrun.patch
new file mode 100644
index 000000000..df70359a6
--- /dev/null
+++ b/utils/grep/patches/0001-grep-F-fix-a-heap-buffer-read-overrun.patch
@@ -0,0 +1,15 @@
+diff --git a/src/kwset.c b/src/kwset.c
+index 4003c8d..376f7c3 100644
+--- a/src/kwset.c
++++ b/src/kwset.c
+@@ -643,6 +643,8 @@ bmexec_trans (kwset_t kwset, char const *text, size_t size)
+                     if (! tp)
+                       return -1;
+                     tp++;
++                    if (ep <= tp)
++                      break;
+                   }
+               }
+           }
+--
+cgit v0.9.0.2
author	Julen Landa Alustiza <julen@zokormazo.info>	2015-02-17 12:50:51 +0100
committer	Julen Landa Alustiza <julen@zokormazo.info>	2015-02-17 12:50:51 +0100
commit	e0edca76dabb25ed158ab95aa45b065d23663aa6 (patch)
tree	6b71ff28319a2b13a31b2d2f7db41b0022af9a1e /utils/grep
parent	404a4362ac9e0d70216275fd800b51adb1fc6544 (diff)