File: CVE-2014-9130.patch

package info (click to toggle)
libyaml-libyaml-perl 0.38-3%2Bdeb7u3
  • links: PTS, VCS
  • area: main
  • in suites: wheezy
  • size: 1,640 kB
  • sloc: ansic: 8,213; perl: 4,808; makefile: 465
file content (26 lines) | stat: -rw-r--r-- 960 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
 
Description: Remove invalid simple key assertion
 CVE-2014-9130: denial-of-service/application crash with untrusted
 yaml input.
Origin: upstream, https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2
Bug: https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure
Bug-Debian: https://bugs.debian.org/771365
Forwarded: no
Author: Salvatore Bonaccorso <carnil@debian.org>
Last-Update: 2014-11-29

--- a/LibYAML/scanner.c
+++ b/LibYAML/scanner.c
@@ -1106,13 +1106,6 @@ yaml_parser_save_simple_key(yaml_parser_
             && parser->indent == (ptrdiff_t)parser->mark.column);
 
     /*
-     * A simple key is required only when it is the first token in the current
-     * line.  Therefore it is always allowed.  But we add a check anyway.
-     */
-
-    assert(parser->simple_key_allowed || !required);    /* Impossible. */
-
-    /*
      * If the current position may start a simple key, save it.
      */