synergy: patch CVE-2020-15117

Pick commit based on [1]. Note that the pick is node from deskflow, which is open-source successor of synergy. If anyone uses thie recipe, it should be switched. [1] https://github.com/deskflow/deskflow/security/advisories/GHSA-chfm-333q-gfpp Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2026-04-02 02:49:12 +00:00 · 2024-12-24 13:44:17 +01:00 · 2024-12-24 13:44:17 +01:00 · db283053d0
commit db283053d0
parent 95b8d055db
2 changed files with 49 additions and 0 deletions
--- a/meta-oe/recipes-support/synergy/synergy/CVE-2020-15117.patch
+++ b/meta-oe/recipes-support/synergy/synergy/CVE-2020-15117.patch
@ -0,0 +1,48 @@
+From 79efdb7c617b809e1a2daf17441d7a30f7046aa5 Mon Sep 17 00:00:00 2001
+From: Jnewbon <48688400+Jnewbon@users.noreply.github.com>
+Date: Tue, 14 Jul 2020 13:14:40 +0100
+Subject: [PATCH] Merge pull request from GHSA-chfm-333q-gfpp
+
+Attempts to fis DoS to servers with less then 4GB memory
+
+CVE: CVE-2020-15117
+Upstream-Status: Backport [https://github.com/deskflow/deskflow/commit/0a97c2be0da2d0df25cb86dfd642429e7a8bea39]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ src/lib/synergy/ProtocolUtil.cpp | 13 ++++++++++++-
+ 1 file changed, 12 insertions(+), 1 deletion(-)
+
+diff --git a/src/lib/synergy/ProtocolUtil.cpp b/src/lib/synergy/ProtocolUtil.cpp
+index d9f5dc324..7d2c37ff8 100644
+--- a/src/lib/synergy/ProtocolUtil.cpp
+++ b/src/lib/synergy/ProtocolUtil.cpp
+@@ -61,6 +61,9 @@ ProtocolUtil::readf(synergy::IStream* stream, const char* fmt, ...)
+     catch (XIO&) {
+         result = false;
+     }
+    catch (std::bad_alloc & exception) {
+        result = false;
+    }
+     va_end(args);
+     return result;
+ }
+@@ -216,7 +219,15 @@ ProtocolUtil::vreadf(synergy::IStream* stream, const char* fmt, va_list args)
+                 // allocate a buffer to read the data
+                 UInt8* sBuffer = buffer;
+                 if (!useFixed) {
+-                    sBuffer = new UInt8[len];
+                    try{
+                        sBuffer = new UInt8[len];
+                    }
+                    catch (std::bad_alloc & exception) {
+                        // Added try catch due to GHSA-chfm-333q-gfpp
+                        LOG((CLOG_ERR "ALLOC: Unable to allocate memory %d bytes", len));
+                        LOG((CLOG_DEBUG "bad_alloc detected: Do you have enough free memory?"));
+                        throw exception;
+                    }
+                 }
+ 
+                 // read the data
+-- 
+2.30.2
+
--- a/meta-oe/recipes-support/synergy/synergy_git.bb
+++ b/meta-oe/recipes-support/synergy/synergy_git.bb
@ -10,6 +10,7 @@ DEPENDS = "virtual/libx11 libxtst libxinerama curl openssl"
 REQUIRED_DISTRO_FEATURES = "x11"

 SRC_URI = "git://github.com/symless/synergy-core;protocol=https;nobranch=1"
+SRC_URI += "file://CVE-2020-15117.patch"

 # Version 1.10.1-stable
 SRCREV ?= "1b4c076127687aceac931d269e898beaac1cad9f"