Bug#742605: endless loop + disk usage bomb on minified js file

Colin Watson Fri, 03 Oct 2014 04:21:57 -0700

(CCed back to bug)

On Thu, Oct 02, 2014 at 09:26:20PM +0200, Stefano Zacchiroli wrote:
> On Sat, Sep 27, 2014 at 04:13:36PM +0100, Colin Watson wrote:
> > I'd like to issue security updates for #742605, as above.  As far as I
> > can tell this does not yet have a CVE identifier assigned.  Please could
> > you assign one?
> 
> Hi Colin,
>   You probably noticed it already (or maybe you did it request it
> yourself "upstream"), but just in case there is now one:
> 
>   https://security-tracker.debian.org/tracker/CVE-2014-7204


Right, I requested that one.

team@security, is the attached patch (and .dsc and .debian.tar.gz) fine
with you?  I wouldn't ordinarily leave a commented-out function in place
in my own code, but I thought it best to stick to backporting a single
upstream commit where possible rather than tidying it up further.

If this is OK then I can upload, and also make a similar change to
squeeze-lts.

Thanks,

-- 
Colin Watson                                       [cjwat...@debian.org]

diff -Nru exuberant-ctags-5.9~svn20110310/debian/changelog 
exuberant-ctags-5.9~svn20110310/debian/changelog
--- exuberant-ctags-5.9~svn20110310/debian/changelog    2012-04-14 
13:42:15.000000000 +0100
+++ exuberant-ctags-5.9~svn20110310/debian/changelog    2014-10-03 
11:59:08.000000000 +0100
@@ -1,3 +1,11 @@
+exuberant-ctags (1:5.9~svn20110310-4+deb7u1) wheezy-security; urgency=high
+
+  * Backport from upstream:
+    - CVE-2014-7204: Changed the javascript parser to set the tag's scope
+      rather than including it in the tag name (closes: #742605).
+
+ -- Colin Watson <cjwat...@debian.org>  Fri, 03 Oct 2014 11:58:34 +0100
+
 exuberant-ctags (1:5.9~svn20110310-4) unstable; urgency=low
 
   * Simplify alternatives handling.  update-alternatives doesn't need so
diff -Nru 
exuberant-ctags-5.9~svn20110310/debian/patches/jscript-set-tag-scope.patch 
exuberant-ctags-5.9~svn20110310/debian/patches/jscript-set-tag-scope.patch
--- exuberant-ctags-5.9~svn20110310/debian/patches/jscript-set-tag-scope.patch  
1970-01-01 01:00:00.000000000 +0100
+++ exuberant-ctags-5.9~svn20110310/debian/patches/jscript-set-tag-scope.patch  
2014-10-02 04:46:06.000000000 +0100
@@ -0,0 +1,91 @@
+Description: Changed the javascript parser to set the tag's scope rather than 
including it in the tag name.
+ Patch from Colomban.
+Author: David Fishburn
+Origin: upstream, http://sourceforge.net/p/ctags/code/791/
+Bug-Debian: https://bugs.debian.org/742605
+Last-Update: 2014-09-27
+
+Index: b/jscript.c
+===================================================================
+--- a/jscript.c
++++ b/jscript.c
+@@ -215,6 +215,7 @@
+  *     Tag generation functions
+  */
+ 
++/*
+ static void makeConstTag (tokenInfo *const token, const jsKind kind)
+ {
+       if (JsKinds [kind].enabled && ! token->ignoreTag )
+@@ -238,12 +239,13 @@
+ 
+       if (JsKinds [kind].enabled && ! token->ignoreTag )
+       {
+-              /*
++              *
+                * If a scope has been added to the token, change the token
+                * string to include the scope when making the tag.
+-               */
++               *
+               if ( vStringLength(token->scope) > 0 )
+               {
++                      *
+                       fulltag = vStringNew ();
+                       vStringCopy(fulltag, token->scope);
+                       vStringCatS (fulltag, ".");
+@@ -251,8 +253,54 @@
+                       vStringTerminate(fulltag);
+                       vStringCopy(token->string, fulltag);
+                       vStringDelete (fulltag);
++                      *
++                      jsKind parent_kind = JSTAG_CLASS;
++ 
++                      * 
++                       * if we're creating a function (and not a method),
++                       * guess we're inside another function 
++                       *
++                      if (kind == JSTAG_FUNCTION)
++                              parent_kind = JSTAG_FUNCTION;
++ 
++                      e.extensionFields.scope[0] = JsKinds [parent_kind].name;
++                      e.extensionFields.scope[1] = vStringValue 
(token->scope);
+               }
+-              makeConstTag (token, kind);
++              * makeConstTag (token, kind); *
++              makeTagEntry (&e);
++      }
++}
++*/
++
++static void makeJsTag (tokenInfo *const token, const jsKind kind)
++{
++      if (JsKinds [kind].enabled && ! token->ignoreTag )
++      {
++              const char *const name = vStringValue (token->string);
++              tagEntryInfo e;
++              initTagEntry (&e, name);
++
++              e.lineNumber   = token->lineNumber;
++              e.filePosition = token->filePosition;
++              e.kindName         = JsKinds [kind].name;
++              e.kind             = JsKinds [kind].letter;
++
++              if ( vStringLength(token->scope) > 0 )
++              {
++                      jsKind parent_kind = JSTAG_CLASS;
++
++                      /* 
++                       * If we're creating a function (and not a method),
++                       * guess we're inside another function 
++                       */
++                      if (kind == JSTAG_FUNCTION)
++                              parent_kind = JSTAG_FUNCTION;
++
++                      e.extensionFields.scope[0] = JsKinds [parent_kind].name;
++                      e.extensionFields.scope[1] = vStringValue 
(token->scope);
++              }
++
++              makeTagEntry (&e);
+       }
+ }
+ 
diff -Nru exuberant-ctags-5.9~svn20110310/debian/patches/series 
exuberant-ctags-5.9~svn20110310/debian/patches/series
--- exuberant-ctags-5.9~svn20110310/debian/patches/series       2011-07-20 
14:20:03.000000000 +0100
+++ exuberant-ctags-5.9~svn20110310/debian/patches/series       2014-10-03 
11:55:11.000000000 +0100
@@ -2,3 +2,4 @@
 python-disable-imports.patch
 vim-command-loop.patch
 go.patch
+jscript-set-tag-scope.patch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 3.0 (quilt)
Source: exuberant-ctags
Binary: exuberant-ctags
Architecture: any
Version: 1:5.9~svn20110310-4+deb7u1
Maintainer: Colin Watson <cjwat...@debian.org>
Standards-Version: 3.8.4
Build-Depends: dpkg (>= 1.16.1~), debhelper (>= 9)
Package-List: 
 exuberant-ctags deb editors optional
Checksums-Sha1: 
 8d2a9214b26e2b9046f9264ade2f2a528eaf6e23 497076 
exuberant-ctags_5.9~svn20110310.orig.tar.gz
 a5290970f72c6fb518a5c2c09d3f55e93132f25e 12083 
exuberant-ctags_5.9~svn20110310-4+deb7u1.debian.tar.gz
Checksums-Sha256: 
 7348e21502454a1331c58d5eec5c18a546395acd5628599a7a55dc77b48ffd2f 497076 
exuberant-ctags_5.9~svn20110310.orig.tar.gz
 cb18c59623e44e8a4a3079c29633b4b81d0e6b8d47db70edb8756c00e3300676 12083 
exuberant-ctags_5.9~svn20110310-4+deb7u1.debian.tar.gz
Files: 
 d029eb7f61bf18e70fee603019ae829e 497076 
exuberant-ctags_5.9~svn20110310.orig.tar.gz
 2f67a115fd0c4ef8b9875050eac88cd0 12083 
exuberant-ctags_5.9~svn20110310-4+deb7u1.debian.tar.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Colin Watson <cjwat...@debian.org> -- Debian developer

iQIVAwUBVC6E1zk1h9l9hlALAQimOBAAhgY0JfYt+zQWPJUPuMIy+0HQzuejBoGZ
sjwDTqNcTQhr07cC4ZF3g7sccCq1try2FbVVyRcRrAb95Open5p6xo1CPsVQ2w7S
wCh1iuthqesgvnqUcdFCdBzrTi00a5JSm7FnqEclvrVoNexeTlWisZNX0LHBYpuB
D3iy2R0CEgn3rRCIZG31TkSqwu7zvBMx+lVZbTuYbW8cVWg4k13br15uea1ywoZb
BQQDVQgcJVdZWmHORInzLmkrCfBFz1mbv3Jti9t2IQdQuSUbTd4/qVUngaOf1NVb
Ow6BF/k/CIlTWU0AMZziyfzRLydrOI/ziFL7pmGfjge5i64/yLUvx870OdHAV03Z
/wKEe1py4KEJ8iqNtvAbD/m/Wei1xkTrWPNcdQ1tG9a26gbcvmv0xa/LjXshPIJe
7QDzauHTrKqRL33rJs5iy2RoHwlwLLAvGR8qLE0t68auqsQrVIO3JjUnS4SM5LCI
bJ7CJFdkW+D/YBjCCo4yUiaawll4WvNhITEO0nP4rRYeyVndhtFe9N6mpzE9lYde
b8EON7QAh6Z36p92MzRoLz0DiD4BrqIDQ1ZaFIVa67M32icZVrYUVe3LowRTM8ii
FQSlzMZcTfTev6p9VD2Y/a5Q9y274ieEdN9d+7lzWjsmHTpjHBkY/xwB/XS00qPF
dECd8gROS0k=
=eVFA
-----END PGP SIGNATURE-----

exuberant-ctags_5.9~svn20110310-4+deb7u1.debian.tar.gz
Description: Binary data

Bug#742605: endless loop + disk usage bomb on minified js file

Reply via email to