diff --git a/coreutils-date-avoid-crash-in-TZ-parsing.patch b/coreutils-date-avoid-crash-in-TZ-parsing.patch new file mode 100644 index 0000000..0438684 --- /dev/null +++ b/coreutils-date-avoid-crash-in-TZ-parsing.patch @@ -0,0 +1,154 @@ +Port upstream fix for date(1), to be removed with v8.23: + + date could crash or go into an infinite loop when parsing a malformed TZ="". + [bug introduced with the --date='TZ="" ..' parsing feature in coreutils-5.3.0] + +This patch consists of 2 upstream commits: + + http://git.sv.gnu.org/cgit/gnulib.git/commit/?id=a10acfb1d2 + http://git.sv.gnu.org/cgit/coreutils.git/commit/?id=a4faa6a0a3 + +While the former commit in gnulib actually fixes the issue (and adds a test +there), the latter commit in upstream coreutils pulls in that change from +gnulib and adds a test for the previously crashing date(1) command. + +----------------------------------------------- +commit a10acfb1d2118f9a180181d3fed5399dbbe1df3c +Author: Pádraig Brady
+Date: Tue Feb 25 10:58:48 2014 +0000 + + parse-datetime: fix crash or infloop in TZ="" parsing + + This was reported in http://bugs.gnu.org/16872 + from the coreutils command: date -d 'TZ="""' + + The infinite loop for this case was present since the + initial TZ="" parsing support in commit de95bdc2 29-10-2004. + This was changed to a crash or heap corruption depending + on the platform with commit 2e3e4195 18-01-2010. + + * lib/parse-datetime.y (parse_datetime): Break out of the + TZ="" parsing loop once the second significant " is found. + Also skip over any subsequent whitespace to be consistent + with the non TZ= case. + * tests/test-parse-datetime.c: Add test cases for TZ="" parsing. + +Omit the NEWS entry from the original patch. + +----------------------------------------------- +commit a4faa6a0a3ae93c01d036d830ae7a21b74913baf +Author: Pádraig Brady
+Date: Thu Feb 27 23:43:34 2014 +0000 + + date: fix crash or infinite loop when parsing a malformed TZ="" + + * gnulib: Update to incorporate the fix. + This is the only change in this gnulib update. + * tests/misc/date.pl: Add a test for this case. + + Fixes http://bugs.gnu.org/16872 + +Omit the NEWS entry from the original patch. +--- + gnulib-tests/test-parse-datetime.c | 16 ++++++++++++++++ + lib/parse-datetime.c | 7 +++++-- + lib/parse-datetime.y | 7 +++++-- + tests/misc/date.pl | 7 +++++++ + 4 files changed, 33 insertions(+), 4 deletions(-) + +Index: lib/parse-datetime.y +=================================================================== +--- lib/parse-datetime.y.orig ++++ lib/parse-datetime.y +@@ -1303,8 +1303,6 @@ parse_datetime (struct timespec *result, + char tz1buf[TZBUFSIZE]; + bool large_tz = TZBUFSIZE < tzsize; + bool setenv_ok; +- /* Free tz0, in case this is the 2nd or subsequent time through. */ +- free (tz0); + tz0 = get_tz (tz0buf); + z = tz1 = large_tz ? xmalloc (tzsize) : tz1buf; + for (s = tzbase; *s != '"'; s++) +@@ -1316,7 +1314,12 @@ parse_datetime (struct timespec *result, + if (!setenv_ok) + goto fail; + tz_was_altered = true; ++ + p = s + 1; ++ while (c = *p, c_isspace (c)) ++ p++; ++ ++ break; + } + } + +Index: lib/parse-datetime.c +=================================================================== +--- lib/parse-datetime.c.orig ++++ lib/parse-datetime.c +@@ -3207,8 +3207,6 @@ parse_datetime (struct timespec *result, + char tz1buf[TZBUFSIZE]; + bool large_tz = TZBUFSIZE < tzsize; + bool setenv_ok; +- /* Free tz0, in case this is the 2nd or subsequent time through. */ +- free (tz0); + tz0 = get_tz (tz0buf); + z = tz1 = large_tz ? xmalloc (tzsize) : tz1buf; + for (s = tzbase; *s != '"'; s++) +@@ -3220,7 +3218,12 @@ parse_datetime (struct timespec *result, + if (!setenv_ok) + goto fail; + tz_was_altered = true; ++ + p = s + 1; ++ while (c = *p, c_isspace (c)) ++ p++; ++ ++ break; + } + } + +Index: tests/misc/date.pl +=================================================================== +--- tests/misc/date.pl.orig ++++ tests/misc/date.pl +@@ -287,6 +287,13 @@ my @Tests = + {ERR => "date: invalid date '\\260'\n"}, + {EXIT => 1}, + ], ++ ++ # From coreutils-5.3.0 to 8.22 inclusive ++ # this would either infinite loop or crash ++ ['invalid-TZ-crash', "-d 'TZ=\"\"\"'", ++ {ERR => "date: invalid date 'TZ=\"\"\"'\n"}, ++ {EXIT => 1}, ++ ], + ); + + # Repeat the cross-dst test, using Jan 1, 2005 and every interval from 1..364. +Index: gnulib-tests/test-parse-datetime.c +=================================================================== +--- gnulib-tests/test-parse-datetime.c.orig ++++ gnulib-tests/test-parse-datetime.c +@@ -419,5 +419,21 @@ main (int argc _GL_UNUSED, char **argv) + starting with a high-bit-set byte would be treated like "0". */ + ASSERT ( ! parse_datetime (&result, "\xb0", &now)); + ++ /* Exercise TZ="" parsing code. */ ++ /* These two would infloop or segfault before Feb 2014. */ ++ ASSERT ( ! parse_datetime (&result, "TZ=\"\"\"", &now)); ++ ASSERT ( ! parse_datetime (&result, "TZ=\"\" \"", &now)); ++ /* Exercise invalid patterns. */ ++ ASSERT ( ! parse_datetime (&result, "TZ=\"", &now)); ++ ASSERT ( ! parse_datetime (&result, "TZ=\"\\\"", &now)); ++ ASSERT ( ! parse_datetime (&result, "TZ=\"\\n", &now)); ++ ASSERT ( ! parse_datetime (&result, "TZ=\"\\n\"", &now)); ++ /* Exercise valid patterns. */ ++ ASSERT ( parse_datetime (&result, "TZ=\"\"", &now)); ++ ASSERT ( parse_datetime (&result, "TZ=\"\" ", &now)); ++ ASSERT ( parse_datetime (&result, " TZ=\"\"", &now)); ++ ASSERT ( parse_datetime (&result, "TZ=\"\\\\\"", &now)); ++ ASSERT ( parse_datetime (&result, "TZ=\"\\\"\"", &now)); ++ + return 0; + } diff --git a/coreutils-testsuite.changes b/coreutils-testsuite.changes index 01234b0..7bd4e9c 100644 --- a/coreutils-testsuite.changes +++ b/coreutils-testsuite.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Sun Mar 16 19:28:34 UTC 2014 - mail@bernhard-voelker.de + +- Add upstream patch (gnu#16872): + * coreutils-date-avoid-crash-in-TZ-parsing.patch: Add patch for + date: fix crash or infinite loop when parsing a malformed TZ="". + ------------------------------------------------------------------- Sun Mar 16 16:00:15 UTC 2014 - mail@bernhard-voelker.de diff --git a/coreutils-testsuite.spec b/coreutils-testsuite.spec index 645b932..de83382 100644 --- a/coreutils-testsuite.spec +++ b/coreutils-testsuite.spec @@ -135,6 +135,9 @@ Patch304: coreutils-test-avoid-FP-when-no-ACL-support.patch # ln: with -sr, don't segfault for a TARGET of '' Patch305: coreutils-ln-avoid-segfault-for-empty-target.patch +# Upstream patch for date(1), to be removed with v8.23: +Patch306: coreutils-date-avoid-crash-in-TZ-parsing.patch + # ================================================ %description These are the GNU core utilities. This package is the union of @@ -177,6 +180,7 @@ the GNU fileutils, sh-utils, and textutils packages. %patch303 %patch304 %patch305 +%patch306 #???## We need to statically link to gmp, otherwise we have a build loop #???#sed -i s,'$(LIB_GMP)',%%{_libdir}/libgmp.a,g Makefile.in diff --git a/coreutils.changes b/coreutils.changes index 01234b0..7bd4e9c 100644 --- a/coreutils.changes +++ b/coreutils.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Sun Mar 16 19:28:34 UTC 2014 - mail@bernhard-voelker.de + +- Add upstream patch (gnu#16872): + * coreutils-date-avoid-crash-in-TZ-parsing.patch: Add patch for + date: fix crash or infinite loop when parsing a malformed TZ="". + ------------------------------------------------------------------- Sun Mar 16 16:00:15 UTC 2014 - mail@bernhard-voelker.de diff --git a/coreutils.spec b/coreutils.spec index c71d19a..d6476d6 100644 --- a/coreutils.spec +++ b/coreutils.spec @@ -135,6 +135,9 @@ Patch304: coreutils-test-avoid-FP-when-no-ACL-support.patch # ln: with -sr, don't segfault for a TARGET of '' Patch305: coreutils-ln-avoid-segfault-for-empty-target.patch +# Upstream patch for date(1), to be removed with v8.23: +Patch306: coreutils-date-avoid-crash-in-TZ-parsing.patch + # ================================================ %description These are the GNU core utilities. This package is the union of @@ -177,6 +180,7 @@ the GNU fileutils, sh-utils, and textutils packages. %patch303 %patch304 %patch305 +%patch306 #???## We need to statically link to gmp, otherwise we have a build loop #???#sed -i s,'$(LIB_GMP)',%%{_libdir}/libgmp.a,g Makefile.in