osc copypac from project:Base:System package:glibc revision:448
OBS-URL: https://build.opensuse.org/package/show/Base:System/glibc?expand=0&rev=450
This commit is contained in:
Git OBS Bridge
parent
fdc6f8a4db
commit
486cd1541f
@ -1,68 +0,0 @@
|
||||
From f88759ea9bd3c8d8fef28f123ba9767cb0e421a3 Mon Sep 17 00:00:00 2001
|
||||
From: Joseph Myers <joseph@codesourcery.com>
|
||||
Date: Wed, 21 Dec 2016 23:44:01 +0000
|
||||
Subject: [PATCH] Fix nss_nisplus build with mainline GCC (bug 20978).
|
||||
|
||||
glibc build with current mainline GCC fails because
|
||||
nis/nss_nisplus/nisplus-alias.c contains code
|
||||
|
||||
if (name != NULL)
|
||||
{
|
||||
*errnop = EINVAL;
|
||||
return NSS_STATUS_UNAVAIL;
|
||||
}
|
||||
|
||||
char buf[strlen (name) + 9 + tablename_len];
|
||||
|
||||
producing an error about strlen being called on a pointer that is
|
||||
always NULL (and a subsequent use of that pointer with a %s format in
|
||||
snprintf).
|
||||
|
||||
As Andreas noted, the bogus conditional comes from a 1997 change:
|
||||
|
||||
- if (name == NULL || strlen(name) > 8)
|
||||
- return NSS_STATUS_NOTFOUND;
|
||||
- else
|
||||
+ if (name != NULL || strlen(name) <= 8)
|
||||
|
||||
So the intention is clearly to return an error for NULL name.
|
||||
|
||||
This patch duly inverts the sense of the conditional. It fixes the
|
||||
build with GCC mainline, and passes usual glibc testsuite testing for
|
||||
x86_64. However, I have not tried any actual substantive nisplus
|
||||
testing, do not have an environment for such testing, and do not know
|
||||
whether it is possible that strlen (name) or tablename_len might be
|
||||
large so that the VLA for buf is actually a security issue. However,
|
||||
if it is a security issue, there are plenty of other similar instances
|
||||
in the nisplus code (that haven't been hidden by a bogus comparison
|
||||
with NULL) - and nis_table.c:__create_ib_request uses strdupa on the
|
||||
string passed to nis_list, so a local fix in the caller wouldn't
|
||||
suffice anyway (see bug 20987). (Calls to strdupa and other such
|
||||
macros that use alloca must be considered equally questionable
|
||||
regarding stack overflow issues as direct calls to alloca and VLA
|
||||
declarations.)
|
||||
|
||||
[BZ #20978]
|
||||
* nis/nss_nisplus/nisplus-alias.c (_nss_nisplus_getaliasbyname_r):
|
||||
Compare name == NULL, not name != NULL.
|
||||
---
|
||||
ChangeLog | 4 ++++
|
||||
nis/nss_nisplus/nisplus-alias.c | 2 +-
|
||||
2 files changed, 5 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/nis/nss_nisplus/nisplus-alias.c b/nis/nss_nisplus/nisplus-alias.c
|
||||
index 7f698b4e6d..cb5acce01d 100644
|
||||
--- a/nis/nss_nisplus/nisplus-alias.c
|
||||
+++ b/nis/nss_nisplus/nisplus-alias.c
|
||||
@@ -291,7 +291,7 @@ _nss_nisplus_getaliasbyname_r (const char *name, struct aliasent *alias,
|
||||
return status;
|
||||
}
|
||||
|
||||
- if (name != NULL)
|
||||
+ if (name == NULL)
|
||||
{
|
||||
*errnop = EINVAL;
|
||||
return NSS_STATUS_UNAVAIL;
|
||||
--
|
||||
2.11.0
|
||||
|
||||
@ -1,102 +0,0 @@
|
||||
From 5874510faaf3cbd0bb112aaacab9f225002beed1 Mon Sep 17 00:00:00 2001
|
||||
From: Joseph Myers <joseph@codesourcery.com>
|
||||
Date: Tue, 8 Nov 2016 23:44:51 +0000
|
||||
Subject: [PATCH] Fix rpcgen buffer overrun (bug 20790).
|
||||
|
||||
Building with GCC 7 produces an error building rpcgen:
|
||||
|
||||
rpc_parse.c: In function 'get_prog_declaration':
|
||||
rpc_parse.c:543:25: error: may write a terminating nul past the end of the destination [-Werror=format-length=]
|
||||
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
|
||||
~~~~^
|
||||
rpc_parse.c:543:5: note: format output between 5 and 14 bytes into a destination of size 10
|
||||
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
|
||||
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
That buffer overrun is for the case where the .x file declares a
|
||||
program with a million arguments. The strcpy two lines above can
|
||||
generate a buffer overrun much more simply for a long argument name.
|
||||
|
||||
The limit on length of line read by rpcgen (MAXLINESIZE == 1024)
|
||||
provides a bound on the buffer size needed, so this patch just changes
|
||||
the buffer size to MAXLINESIZE to avoid both possible buffer
|
||||
overruns. A testcase is added that rpcgen does not crash with a
|
||||
500-character argument name, where it previously crashed.
|
||||
|
||||
It would not at all surprise me if there are many other ways of
|
||||
crashing rpcgen with either valid or invalid input; fuzz testing would
|
||||
likely find various such bugs, though I don't think they are that
|
||||
important to fix (rpcgen is not that likely to be used with untrusted
|
||||
.x files as input). (As well as fuzz-findable bugs there are probably
|
||||
also issues when various int variables get overflowed on very large
|
||||
input.) The test infrastructure for rpcgen-not-crashing tests would
|
||||
need extending if tests are to be added for cases where rpcgen should
|
||||
produce an error, as opposed to cases where it should succeed.
|
||||
|
||||
Tested for x86_64 and x86.
|
||||
|
||||
[BZ #20790]
|
||||
* sunrpc/rpc_parse.c (get_prog_declaration): Increase buffer size
|
||||
to MAXLINESIZE.
|
||||
* sunrpc/bug20790.x: New file.
|
||||
* sunrpc/Makefile [$(run-built-tests) = yes] (rpcgen-tests): New
|
||||
variable.
|
||||
[$(run-built-tests) = yes] (tests-special): Add $(rpcgen-tests).
|
||||
[$(run-built-tests) = yes] ($(rpcgen-tests)): New rule.
|
||||
---
|
||||
ChangeLog | 9 +++++++++
|
||||
sunrpc/Makefile | 11 +++++++++++
|
||||
sunrpc/bug20790.x | 1 +
|
||||
sunrpc/rpc_parse.c | 2 +-
|
||||
4 files changed, 22 insertions(+), 1 deletion(-)
|
||||
create mode 100644 sunrpc/bug20790.x
|
||||
|
||||
diff --git a/sunrpc/Makefile b/sunrpc/Makefile
|
||||
index 789ef423e5..99e5c3ccf8 100644
|
||||
--- a/sunrpc/Makefile
|
||||
+++ b/sunrpc/Makefile
|
||||
@@ -103,6 +103,11 @@ ifeq ($(have-thread-library),yes)
|
||||
xtests += thrsvc
|
||||
endif
|
||||
|
||||
+ifeq ($(run-built-tests),yes)
|
||||
+rpcgen-tests := $(objpfx)bug20790.out
|
||||
+tests-special += $(rpcgen-tests)
|
||||
+endif
|
||||
+
|
||||
headers += $(rpcsvc:%.x=rpcsvc/%.h)
|
||||
extra-libs := librpcsvc
|
||||
extra-libs-others := librpcsvc # Make it in `others' pass, not `lib' pass.
|
||||
@@ -225,3 +230,9 @@ endif
|
||||
endif
|
||||
|
||||
$(objpfx)thrsvc: $(common-objpfx)linkobj/libc.so $(shared-thread-library)
|
||||
+
|
||||
+ifeq ($(run-built-tests),yes)
|
||||
+$(rpcgen-tests): $(objpfx)%.out: %.x $(objpfx)rpcgen
|
||||
+ $(built-program-cmd) -c $< -o $@; \
|
||||
+ $(evaluate-test)
|
||||
+endif
|
||||
diff --git a/sunrpc/bug20790.x b/sunrpc/bug20790.x
|
||||
new file mode 100644
|
||||
index 0000000000..a00c9b3830
|
||||
--- /dev/null
|
||||
+++ b/sunrpc/bug20790.x
|
||||
@@ -0,0 +1 @@
|
||||
+program TPROG { version TVERS { int FUNC(int aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa) = 1; } = 1; } = 1;
|
||||
diff --git a/sunrpc/rpc_parse.c b/sunrpc/rpc_parse.c
|
||||
index 1a1df6d8c2..505a6554cf 100644
|
||||
--- a/sunrpc/rpc_parse.c
|
||||
+++ b/sunrpc/rpc_parse.c
|
||||
@@ -521,7 +521,7 @@ static void
|
||||
get_prog_declaration (declaration * dec, defkind dkind, int num /* arg number */ )
|
||||
{
|
||||
token tok;
|
||||
- char name[10]; /* argument name */
|
||||
+ char name[MAXLINESIZE]; /* argument name */
|
||||
|
||||
if (dkind == DEF_PROGRAM)
|
||||
{
|
||||
--
|
||||
2.11.0
|
||||
|
||||
@ -1,40 +0,0 @@
|
||||
From e223d1fe72e820d96f43831412ab267a1ace04d0 Mon Sep 17 00:00:00 2001
|
||||
From: steve ellcey-CA Eng-Software
|
||||
<sellcey@sellcey-thinkpad.caveonetworks.com>
|
||||
Date: Fri, 14 Oct 2016 12:53:27 -0700
|
||||
Subject: [PATCH] Fix warnings from latest GCC.
|
||||
|
||||
* sysdeps/ieee754/dbl-64/e_pow.c (checkint) Make conditions explicitly
|
||||
boolean.
|
||||
---
|
||||
ChangeLog | 5 +++++
|
||||
sysdeps/ieee754/dbl-64/e_pow.c | 8 ++++----
|
||||
2 files changed, 9 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/sysdeps/ieee754/dbl-64/e_pow.c b/sysdeps/ieee754/dbl-64/e_pow.c
|
||||
index 663fa39..bd758b5 100644
|
||||
--- a/sysdeps/ieee754/dbl-64/e_pow.c
|
||||
+++ b/sysdeps/ieee754/dbl-64/e_pow.c
|
||||
@@ -466,15 +466,15 @@ checkint (double x)
|
||||
return (n & 1) ? -1 : 1; /* odd or even */
|
||||
if (k > 20)
|
||||
{
|
||||
- if (n << (k - 20))
|
||||
+ if (n << (k - 20) != 0)
|
||||
return 0; /* if not integer */
|
||||
- return (n << (k - 21)) ? -1 : 1;
|
||||
+ return (n << (k - 21) != 0) ? -1 : 1;
|
||||
}
|
||||
if (n)
|
||||
return 0; /*if not integer */
|
||||
if (k == 20)
|
||||
return (m & 1) ? -1 : 1;
|
||||
- if (m << (k + 12))
|
||||
+ if (m << (k + 12) != 0)
|
||||
return 0;
|
||||
- return (m << (k + 11)) ? -1 : 1;
|
||||
+ return (m << (k + 11) != 0) ? -1 : 1;
|
||||
}
|
||||
--
|
||||
2.10.2
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package glibc-testsuite
|
||||
#
|
||||
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package glibc-utils
|
||||
#
|
||||
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
|
||||
@ -1,14 +1,3 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Dec 23 08:57:59 UTC 2016 - mliska@suse.cz
|
||||
|
||||
- Add gcc7-Fix-rpcgen-buffer-overrun-bug-20790.patch and
|
||||
gcc7-Fix-nss_nisplus-build-with-mainline-GCC-bug-20978.patch patches.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Nov 28 13:55:27 UTC 2016 - mliska@suse.cz
|
||||
|
||||
- Add gcc7-fix-warnings.patch patch to handle new GCC 7 warning.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Oct 13 08:24:22 UTC 2016 - schwab@suse.de
|
||||
|
||||
|
||||
11
glibc.spec
11
glibc.spec
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package glibc
|
||||
#
|
||||
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@ -220,12 +220,6 @@ Patch18: glibc-cpusetsize.diff
|
||||
Patch19: nscd-server-user.patch
|
||||
# PATCH-FEATURE-SLE powerpc: enable TLE only if GLIBC_ELISION_ENABLE=yes is defined
|
||||
Patch21: powerpc-elision-enable-envvar.patch
|
||||
# PATCH-FIX-OPENSUSE -- Fix GCC7 warnings
|
||||
Patch22: gcc7-fix-warnings.patch
|
||||
# PATCH-FIX-OPENSUSE -- Fix bug 20790
|
||||
Patch23: gcc7-Fix-rpcgen-buffer-overrun-bug-20790.patch
|
||||
# PATCH-FIX-OPENSUSE -- Fix bug 20978
|
||||
Patch24: gcc7-Fix-nss_nisplus-build-with-mainline-GCC-bug-20978.patch
|
||||
|
||||
### Locale related patches
|
||||
# PATCH-FIX-OPENSUSE Add additional locales
|
||||
@ -466,9 +460,6 @@ rm nscd/s-stamp
|
||||
%patch18 -p1
|
||||
%patch19 -p1
|
||||
%patch21 -p1
|
||||
%patch22 -p1
|
||||
%patch23 -p1
|
||||
%patch24 -p1
|
||||
|
||||
%patch100 -p1
|
||||
%patch102 -p1
|
||||
|
||||
Loading…
Reference in New Issue
Block a user