rpm/glibc
SHA256
1
0
Fork 0
forked from pool/glibc
Code Pull Requests Activity
29d670314e
glibc/iconv-ibm-sentinel-check.patch
Andreas Schwab 29d670314e Accepting request 247223 from home:Andreas_Schwab:Factory 
- iconv-ibm-sentinel-check.patch: Fix crashes on invalid input in IBM
  gconv modules (CVE-2014-6040, bnc#894553, BZ #17325)

OBS-URL: https://build.opensuse.org/request/show/247223
OBS-URL: https://build.opensuse.org/package/show/Base:System/glibc?expand=0&rev=385
2014-09-02 12:59:22 +00:00

163 lines
6.1 KiB
Diff
Raw Blame History

2014-08-29 Florian Weimer <fweimer@redhat.com>
[BZ #17325]
* iconvdata/ibm1364.c (BODY): Fix check for sentinel.
* iconvdata/ibm932.c (BODY): Replace invalid sentinel check with
assert.
* iconvdata/ibm933.c (BODY): Fix check for sentinel.
* iconvdata/ibm935.c (BODY): Likewise.
* iconvdata/ibm937.c (BODY): Likewise.
* iconvdata/ibm939.c (BODY): Likewise.
* iconvdata/ibm943.c (BODY): Replace invalid sentinel check with
assert.
* iconvdata/Makefile (iconv-test.out): Pass module list to test
script.
* iconvdata/run-iconv-test.sh: New test loop for checking for
decoder crashers.
Index: glibc-2.19/iconvdata/Makefile
===================================================================
--- glibc-2.19.orig/iconvdata/Makefile
+++ glibc-2.19/iconvdata/Makefile
@@ -302,6 +302,7 @@ $(objpfx)bug-iconv10.out: $(objpfx)gconv
$(objpfx)iconv-test.out: run-iconv-test.sh $(objpfx)gconv-modules \
$(addprefix $(objpfx),$(modules.so)) \
$(common-objdir)/iconv/iconv_prog TESTS
+ iconv_modules="$(modules)" \
$(SHELL) $< $(common-objdir) '$(test-wrapper)' > $@
$(objpfx)tst-tables.out: tst-tables.sh $(objpfx)gconv-modules \
Index: glibc-2.19/iconvdata/ibm1364.c
===================================================================
--- glibc-2.19.orig/iconvdata/ibm1364.c
+++ glibc-2.19/iconvdata/ibm1364.c
@@ -220,7 +220,8 @@ enum
++rp2; \
\
uint32_t res; \
- if (__builtin_expect (ch < rp2->start, 0) \
+ if (__builtin_expect (rp2->start == 0xffff, 0) \
+ || __builtin_expect (ch < rp2->start, 0) \
|| (res = DB_TO_UCS4[ch + rp2->idx], \
__builtin_expect (res, L'\1') == L'\0' && ch != '\0')) \
{ \
Index: glibc-2.19/iconvdata/ibm932.c
===================================================================
--- glibc-2.19.orig/iconvdata/ibm932.c
+++ glibc-2.19/iconvdata/ibm932.c
@@ -73,11 +73,12 @@
} \
\
ch = (ch * 0x100) + inptr[1]; \
+ /* ch was less than 0xfd. */ \
+ assert (ch < 0xfd00); \
while (ch > rp2->end) \
++rp2; \
\
- if (__builtin_expect (rp2 == NULL, 0) \
- || __builtin_expect (ch < rp2->start, 0) \
+ if (__builtin_expect (ch < rp2->start, 0) \
|| (res = __ibm932db_to_ucs4[ch + rp2->idx], \
__builtin_expect (res, '\1') == 0 && ch !=0)) \
{ \
Index: glibc-2.19/iconvdata/ibm933.c
===================================================================
--- glibc-2.19.orig/iconvdata/ibm933.c
+++ glibc-2.19/iconvdata/ibm933.c
@@ -161,7 +161,7 @@ enum
while (ch > rp2->end) \
++rp2; \
\
- if (__builtin_expect (rp2 == NULL, 0) \
+ if (__builtin_expect (rp2->start == 0xffff, 0) \
|| __builtin_expect (ch < rp2->start, 0) \
|| (res = __ibm933db_to_ucs4[ch + rp2->idx], \
__builtin_expect (res, L'\1') == L'\0' && ch != '\0')) \
Index: glibc-2.19/iconvdata/ibm935.c
===================================================================
--- glibc-2.19.orig/iconvdata/ibm935.c
+++ glibc-2.19/iconvdata/ibm935.c
@@ -161,7 +161,7 @@ enum
while (ch > rp2->end) \
++rp2; \
\
- if (__builtin_expect (rp2 == NULL, 0) \
+ if (__builtin_expect (rp2->start == 0xffff, 0) \
|| __builtin_expect (ch < rp2->start, 0) \
|| (res = __ibm935db_to_ucs4[ch + rp2->idx], \
__builtin_expect (res, L'\1') == L'\0' && ch != '\0')) \
Index: glibc-2.19/iconvdata/ibm937.c
===================================================================
--- glibc-2.19.orig/iconvdata/ibm937.c
+++ glibc-2.19/iconvdata/ibm937.c
@@ -161,7 +161,7 @@ enum
while (ch > rp2->end) \
++rp2; \
\
- if (__builtin_expect (rp2 == NULL, 0) \
+ if (__builtin_expect (rp2->start == 0xffff, 0) \
|| __builtin_expect (ch < rp2->start, 0) \
|| (res = __ibm937db_to_ucs4[ch + rp2->idx], \
__builtin_expect (res, L'\1') == L'\0' && ch != '\0')) \
Index: glibc-2.19/iconvdata/ibm939.c
===================================================================
--- glibc-2.19.orig/iconvdata/ibm939.c
+++ glibc-2.19/iconvdata/ibm939.c
@@ -161,7 +161,7 @@ enum
while (ch > rp2->end) \
++rp2; \
\
- if (__builtin_expect (rp2 == NULL, 0) \
+ if (__builtin_expect (rp2->start == 0xffff, 0) \
|| __builtin_expect (ch < rp2->start, 0) \
|| (res = __ibm939db_to_ucs4[ch + rp2->idx], \
__builtin_expect (res, L'\1') == L'\0' && ch != '\0')) \
Index: glibc-2.19/iconvdata/ibm943.c
===================================================================
--- glibc-2.19.orig/iconvdata/ibm943.c
+++ glibc-2.19/iconvdata/ibm943.c
@@ -74,11 +74,12 @@
} \
\
ch = (ch * 0x100) + inptr[1]; \
+ /* ch was less than 0xfd. */ \
+ assert (ch < 0xfd00); \
while (ch > rp2->end) \
++rp2; \
\
- if (__builtin_expect (rp2 == NULL, 0) \
- || __builtin_expect (ch < rp2->start, 0) \
+ if (__builtin_expect (ch < rp2->start, 0) \
|| (res = __ibm943db_to_ucs4[ch + rp2->idx], \
__builtin_expect (res, '\1') == 0 && ch !=0)) \
{ \
Index: glibc-2.19/iconvdata/run-iconv-test.sh
===================================================================
--- glibc-2.19.orig/iconvdata/run-iconv-test.sh
+++ glibc-2.19/iconvdata/run-iconv-test.sh
@@ -188,6 +188,24 @@ while read utf8 from filename; do
done < TESTS2
+# Check for crashes in decoders.
+printf '\016\377\377\377\377\377\377\377' > $temp1
+for from in $iconv_modules ; do
+ echo $ac_n "test decoder $from $ac_c"
+ PROG=`eval echo $ICONV`
+ if $PROG < $temp1 >/dev/null 2>&1 ; then
+ : # fall through
+ else
+ status=$?
+ if test $status -gt 1 ; then
+ echo "/FAILED"
+ failed=1
+ continue
+ fi
+ fi
+ echo "OK"
+done
+
exit $failed
# Local Variables:
# mode:shell-script
View Git Blame Copy Permalink