]> git.ipfire.org Git - thirdparty/glibc.git/commit
iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE...
authorCharles Fol <folcharles@gmail.com>
Thu, 28 Mar 2024 15:25:38 +0000 (12:25 -0300)
committerAdhemerval Zanella <adhemerval.zanella@linaro.org>
Wed, 17 Apr 2024 17:04:21 +0000 (14:04 -0300)
commita8b0561db4b9847ebfbfec20075697d5492a363c
tree8dc72742172971a820f58a6adeb0eb9118d4147c
parentc15fbfdc0ebff8c05713c2f1e7387ce38acc3a37
iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961)

ISO-2022-CN-EXT uses escape sequences to indicate character set changes
(as specified by RFC 1922).  While the SOdesignation has the expected
bounds checks, neither SS2designation nor SS3designation have its;
allowing a write overflow of 1, 2, or 3 bytes with fixed values:
'$+I', '$+J', '$+K', '$+L', '$+M', or '$*H'.

Checked on aarch64-linux-gnu.

Co-authored-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
(cherry picked from commit f9dc609e06b1136bb0408be9605ce7973a767ada)
iconvdata/Makefile
iconvdata/iso-2022-cn-ext.c
iconvdata/tst-iconv-iso-2022-cn-ext.c [new file with mode: 0644]