+++ /dev/null
-From 8763c305c29d0abb7e2be4695212b42917d054b2 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?P=C3=A1draig=20Brady?= <P@draigBrady.com>
-Date: Tue, 20 May 2025 16:03:44 +0100
-Subject: [PATCH] sort: fix buffer under-read (CWE-127)
-
-* src/sort.c (begfield): Check pointer adjustment
-to avoid Out-of-range pointer offset (CWE-823).
-(limfield): Likewise.
-* tests/sort/sort-field-limit.sh: Add a new test,
-which triggers with ASAN or Valgrind.
-* tests/local.mk: Reference the new test.
-* NEWS: Mention bug fix introduced in v7.2 (2009).
-Fixes https://bugs.gnu.org/78507
-
-CVE: CVE-2025-5278
-
-Upstream-Status: Backport [https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633]
-
-Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
----
- src/sort.c | 12 ++++++++++--
- tests/local.mk | 1 +
- tests/sort/sort-field-limit.sh | 35 ++++++++++++++++++++++++++++++++++
- 3 files changed, 46 insertions(+), 2 deletions(-)
- create mode 100755 tests/sort/sort-field-limit.sh
-
-diff --git a/src/sort.c b/src/sort.c
-index b10183b6f..7af1a2512 100644
---- a/src/sort.c
-+++ b/src/sort.c
-@@ -1644,7 +1644,11 @@ begfield (struct line const *line, struct keyfield const *key)
- ++ptr;
-
- /* Advance PTR by SCHAR (if possible), but no further than LIM. */
-- ptr = MIN (lim, ptr + schar);
-+ size_t remaining_bytes = lim - ptr;
-+ if (schar < remaining_bytes)
-+ ptr += schar;
-+ else
-+ ptr = lim;
-
- return ptr;
- }
-@@ -1746,7 +1750,11 @@ limfield (struct line const *line, struct keyfield const *key)
- ++ptr;
-
- /* Advance PTR by ECHAR (if possible), but no further than LIM. */
-- ptr = MIN (lim, ptr + echar);
-+ size_t remaining_bytes = lim - ptr;
-+ if (echar < remaining_bytes)
-+ ptr += echar;
-+ else
-+ ptr = lim;
- }
-
- return ptr;
-diff --git a/tests/local.mk b/tests/local.mk
-index 4da6756ac..642d225fa 100644
---- a/tests/local.mk
-+++ b/tests/local.mk
-@@ -388,6 +388,7 @@ all_tests = \
- tests/sort/sort-debug-keys.sh \
- tests/sort/sort-debug-warn.sh \
- tests/sort/sort-discrim.sh \
-+ tests/sort/sort-field-limit.sh \
- tests/sort/sort-files0-from.pl \
- tests/sort/sort-float.sh \
- tests/sort/sort-h-thousands-sep.sh \
-diff --git a/tests/sort/sort-field-limit.sh b/tests/sort/sort-field-limit.sh
-new file mode 100755
-index 000000000..52d8e1d17
---- /dev/null
-+++ b/tests/sort/sort-field-limit.sh
-@@ -0,0 +1,35 @@
-+#!/bin/sh
-+# From 7.2-9.7, this would trigger an out of bounds mem read
-+
-+# Copyright (C) 2025 Free Software Foundation, Inc.
-+
-+# This program is free software: you can redistribute it and/or modify
-+# it under the terms of the GNU General Public License as published by
-+# the Free Software Foundation, either version 3 of the License, or
-+# (at your option) any later version.
-+
-+# This program is distributed in the hope that it will be useful,
-+# but WITHOUT ANY WARRANTY; without even the implied warranty of
-+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+# GNU General Public License for more details.
-+
-+# You should have received a copy of the GNU General Public License
-+# along with this program. If not, see <https://www.gnu.org/licenses/>.
-+
-+. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src
-+print_ver_ sort
-+getlimits_
-+
-+# This issue triggers with valgrind or ASAN
-+valgrind --error-exitcode=1 sort --version 2>/dev/null &&
-+ VALGRIND='valgrind --error-exitcode=1'
-+
-+{ printf '%s\n' aa bb; } > in || framework_failure_
-+
-+_POSIX2_VERSION=200809 $VALGRIND sort +0.${SIZE_MAX}R in > out || fail=1
-+compare in out || fail=1
-+
-+_POSIX2_VERSION=200809 $VALGRIND sort +1 -1.${SIZE_MAX}R in > out || fail=1
-+compare in out || fail=1
-+
-+Exit $fail
---
-2.34.1
-
SRC_URI = "${GNU_MIRROR}/coreutils/${BP}.tar.xz \
file://remove-usr-local-lib-from-m4.patch \
- file://0001-sort-fix-buffer-under-read-CWE-127.patch \
file://run-ptest \
"
-SRC_URI[sha256sum] = "e8bb26ad0293f9b5a1fc43fb42ba970e312c66ce92c1b0b16713d7500db251bf"
+SRC_URI[sha256sum] = "19bcb6ca867183c57d77155eae946c5eced88183143b45ca51ad7d26c628ca75"
# http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=v8.27-101-gf5d7c0842
#
PACKAGECONFIG[selinux] = "--with-selinux,--without-selinux,libselinux"
PACKAGECONFIG[openssl] = "--with-openssl=yes,--with-openssl=no,openssl"
+selinux_progs = "${@'chcon runcon' if 'selinux' in d.getVar('PACKAGECONFIG') else ''}"
+
# [ base32 base64 df mktemp nice printenv get a special treatment and are not included in this
-bindir_progs = "arch basename chcon cksum comm csplit cut dir dircolors dirname du \
+bindir_progs = "arch basename cksum comm csplit cut dir dircolors dirname du \
env expand expr factor fmt fold groups head hostid id install \
join link logname md5sum mkfifo nl nohup nproc od paste pathchk \
- pinky pr printf ptx readlink realpath runcon seq sha1sum sha224sum sha256sum \
+ pinky pr printf ptx readlink realpath seq sha1sum sha224sum sha256sum \
sha384sum sha512sum shred shuf sort split sum tac tail tee test timeout \
- tr truncate tsort tty unexpand uniq unlink uptime users vdir wc who whoami yes"
+ tr truncate tsort tty unexpand uniq unlink uptime users vdir wc who whoami yes \
+ ${selinux_progs}"
base_bindir_progs = "cat chgrp chmod chown cp date dd echo false hostname kill ln ls mkdir \
mknod mv pwd rm rmdir sleep stty sync touch true uname stat"
projects / thirdparty / openembedded / openembedded-core-contrib.git / commitdiff
