]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/blob - src/patches/glibc/glibc-rh1139571.patch
projects / people / pmueller / ipfire-2.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge remote-tracking branch 'mfischer/slang' into next
[people/pmueller/ipfire-2.x.git] / src / patches / glibc / glibc-rh1139571.patch
1 commit 41488498b6d9440ee66ab033808cce8323bba7ac
2 Author: Florian Weimer <fweimer@redhat.com>
3 Date: Wed Sep 3 19:45:43 2014 +0200
4
5 CVE-2014-6040: Crashes on invalid input in IBM gconv modules [BZ #17325]
6
7 These changes are based on the fix for BZ #14134 in commit
8 6e230d11837f3ae7b375ea69d7905f0d18eb79e5.
9
10 diff --git a/iconvdata/Makefile b/iconvdata/Makefile
11 index 0a410a1..b6327d6 100644
12 --- a/iconvdata/Makefile
13 +++ b/iconvdata/Makefile
14 @@ -297,6 +297,7 @@ $(objpfx)tst-iconv7.out: $(objpfx)gconv-modules \
15 $(objpfx)iconv-test.out: run-iconv-test.sh $(objpfx)gconv-modules \
16 $(addprefix $(objpfx),$(modules.so)) \
17 $(common-objdir)/iconv/iconv_prog TESTS
18 + iconv_modules="$(modules)" \
19 $(SHELL) -e $< $(common-objdir) > $@
20
21 $(objpfx)tst-tables.out: tst-tables.sh $(objpfx)gconv-modules \
22 diff --git a/iconvdata/ibm1364.c b/iconvdata/ibm1364.c
23 index 0b5484f..cf80993 100644
24 --- a/iconvdata/ibm1364.c
25 +++ b/iconvdata/ibm1364.c
26 @@ -221,7 +221,8 @@ enum
27 ++rp2; \
28 \
29 uint32_t res; \
30 - if (__builtin_expect (ch < rp2->start, 0) \
31 + if (__builtin_expect (rp2->start == 0xffff, 0) \
32 + || __builtin_expect (ch < rp2->start, 0) \
33 || (res = DB_TO_UCS4[ch + rp2->idx], \
34 __builtin_expect (res, L'\1') == L'\0' && ch != '\0')) \
35 { \
36 diff --git a/iconvdata/ibm932.c b/iconvdata/ibm932.c
37 index f5dca59..aa69d65 100644
38 --- a/iconvdata/ibm932.c
39 +++ b/iconvdata/ibm932.c
40 @@ -74,11 +74,12 @@
41 } \
42 \
43 ch = (ch * 0x100) + inptr[1]; \
44 + /* ch was less than 0xfd. */ \
45 + assert (ch < 0xfd00); \
46 while (ch > rp2->end) \
47 ++rp2; \
48 \
49 - if (__builtin_expect (rp2 == NULL, 0) \
50 - || __builtin_expect (ch < rp2->start, 0) \
51 + if (__builtin_expect (ch < rp2->start, 0) \
52 || (res = __ibm932db_to_ucs4[ch + rp2->idx], \
53 __builtin_expect (res, '\1') == 0 && ch !=0)) \
54 { \
55 diff --git a/iconvdata/ibm933.c b/iconvdata/ibm933.c
56 index f46dfb5..461fb5e 100644
57 --- a/iconvdata/ibm933.c
58 +++ b/iconvdata/ibm933.c
59 @@ -162,7 +162,7 @@ enum
60 while (ch > rp2->end) \
61 ++rp2; \
62 \
63 - if (__builtin_expect (rp2 == NULL, 0) \
64 + if (__builtin_expect (rp2->start == 0xffff, 0) \
65 || __builtin_expect (ch < rp2->start, 0) \
66 || (res = __ibm933db_to_ucs4[ch + rp2->idx], \
67 __builtin_expect (res, L'\1') == L'\0' && ch != '\0')) \
68 diff --git a/iconvdata/ibm935.c b/iconvdata/ibm935.c
69 index a8e4e6c..132d816 100644
70 --- a/iconvdata/ibm935.c
71 +++ b/iconvdata/ibm935.c
72 @@ -162,7 +162,7 @@ enum
73 while (ch > rp2->end) \
74 ++rp2; \
75 \
76 - if (__builtin_expect (rp2 == NULL, 0) \
77 + if (__builtin_expect (rp2->start == 0xffff, 0) \
78 || __builtin_expect (ch < rp2->start, 0) \
79 || (res = __ibm935db_to_ucs4[ch + rp2->idx], \
80 __builtin_expect (res, L'\1') == L'\0' && ch != '\0')) \
81 diff --git a/iconvdata/ibm937.c b/iconvdata/ibm937.c
82 index 239be61..69b154d 100644
83 --- a/iconvdata/ibm937.c
84 +++ b/iconvdata/ibm937.c
85 @@ -162,7 +162,7 @@ enum
86 while (ch > rp2->end) \
87 ++rp2; \
88 \
89 - if (__builtin_expect (rp2 == NULL, 0) \
90 + if (__builtin_expect (rp2->start == 0xffff, 0) \
91 || __builtin_expect (ch < rp2->start, 0) \
92 || (res = __ibm937db_to_ucs4[ch + rp2->idx], \
93 __builtin_expect (res, L'\1') == L'\0' && ch != '\0')) \
94 diff --git a/iconvdata/ibm939.c b/iconvdata/ibm939.c
95 index 5d0db36..9936e2c 100644
96 --- a/iconvdata/ibm939.c
97 +++ b/iconvdata/ibm939.c
98 @@ -162,7 +162,7 @@ enum
99 while (ch > rp2->end) \
100 ++rp2; \
101 \
102 - if (__builtin_expect (rp2 == NULL, 0) \
103 + if (__builtin_expect (rp2->start == 0xffff, 0) \
104 || __builtin_expect (ch < rp2->start, 0) \
105 || (res = __ibm939db_to_ucs4[ch + rp2->idx], \
106 __builtin_expect (res, L'\1') == L'\0' && ch != '\0')) \
107 diff --git a/iconvdata/ibm943.c b/iconvdata/ibm943.c
108 index be0c14f..c5d5742 100644
109 --- a/iconvdata/ibm943.c
110 +++ b/iconvdata/ibm943.c
111 @@ -75,11 +75,12 @@
112 } \
113 \
114 ch = (ch * 0x100) + inptr[1]; \
115 + /* ch was less than 0xfd. */ \
116 + assert (ch < 0xfd00); \
117 while (ch > rp2->end) \
118 ++rp2; \
119 \
120 - if (__builtin_expect (rp2 == NULL, 0) \
121 - || __builtin_expect (ch < rp2->start, 0) \
122 + if (__builtin_expect (ch < rp2->start, 0) \
123 || (res = __ibm943db_to_ucs4[ch + rp2->idx], \
124 __builtin_expect (res, '\1') == 0 && ch !=0)) \
125 { \
126 diff --git a/iconvdata/run-iconv-test.sh b/iconvdata/run-iconv-test.sh
127 index c98c929..5dfb69f 100755
128 --- a/iconvdata/run-iconv-test.sh
129 +++ b/iconvdata/run-iconv-test.sh
130 @@ -184,6 +184,24 @@ while read utf8 from filename; do
131
132 done < TESTS2
133
134 +# Check for crashes in decoders.
135 +printf '\016\377\377\377\377\377\377\377' > $temp1
136 +for from in $iconv_modules ; do
137 + echo $ac_n "test decoder $from $ac_c"
138 + PROG=`eval echo $ICONV`
139 + if $PROG < $temp1 >/dev/null 2>&1 ; then
140 + : # fall through
141 + else
142 + status=$?
143 + if test $status -gt 1 ; then
144 + echo "/FAILED"
145 + failed=1
146 + continue
147 + fi
148 + fi
149 + echo "OK"
150 +done
151 +
152 exit $failed
153 # Local Variables:
154 # mode:shell-script
Peter's tree of IPFire 2.x