r3237 - in glibc-package/branches/glibc-2.9/debian: . patches patches/any

To: debian-glibc@lists.debian.org
Subject: r3237 - in glibc-package/branches/glibc-2.9/debian: . patches patches/any
From: aurel32@alioth.debian.org
Date: Tue, 13 Jan 2009 11:38:37 +0000
Message-id: <[🔎] E1LMhbR-0003b2-96@alioth.debian.org>

Author: aurel32
Date: 2009-01-13 11:38:36 +0000 (Tue, 13 Jan 2009)
New Revision: 3237

Added:
   glibc-package/branches/glibc-2.9/debian/patches/any/local-nss-overflow.diff
Modified:
   glibc-package/branches/glibc-2.9/debian/changelog
   glibc-package/branches/glibc-2.9/debian/patches/series
Log:
  * patches/any/local-nss-overflow.diff: new patch to ignore uids greater
    than UINT_MAX.  Closes: #483645.



Modified: glibc-package/branches/glibc-2.9/debian/changelog
===================================================================
--- glibc-package/branches/glibc-2.9/debian/changelog	2009-01-12 01:20:09 UTC (rev 3236)
+++ glibc-package/branches/glibc-2.9/debian/changelog	2009-01-13 11:38:36 UTC (rev 3237)
@@ -51,10 +51,9 @@
     Closes: bug#510083.
   * Remove manpage that will be provided by manpages-dev.  Closes: bug#506515,
     bug#505784.
-  * patches/hppa/submitted-tsd.diff: new patch from Arthur Loiret to fix build
-    on hppa.  Closes: bug#511430.
   * debian/copyright: update.  Closes: bug#506881.
 
+
   [ Clint Adams ]
   * patches/any/cvs-bz697-posix-regexec.diff: regex fix from Paolo Bonzini.
   * patches/any/cvs-bz9697-posix-regcomp.diff: regex fix from Paolo Bonzini,
@@ -62,7 +61,7 @@
   * patches/localedata/submitted-bz9725-locale-sv_SE.diff: fix from David
     Weinehall for incorrect sv_SE date format.  closes: #489960.
   * patches/any/cvs-bz9706-nss_nss-files_files-parse.diff: unify NSS
-    behavior between 32-bit and 64-bit platforms.  closes: #483645.
+    behavior between 32-bit and 64-bit platforms.  addresses: #483645.
   * localedata/submitted-bz9730-locale-sv_FI.diff: make sv_FI time format
     conform to that of fi_FI.  closes: #489946.
   * Rename patches/localedata/el_CY_euro.diff to
@@ -70,8 +69,14 @@
   * Rename patches/localedata/dz_BT-collation.diff to
     patches/localedata/submitted-bz9732-dz_BT-collation.diff.
 
- -- Clint Adams <schizo@debian.org>  Fri, 09 Jan 2009 12:38:28 -0500
+  [ Arthur Loiret ]
+  * patches/any/local-nss-overflow.diff: new patch to ignore uids greater
+    than UINT_MAX.  Closes: #483645.
+  * patches/hppa/submitted-tsd.diff: new patch from to fix build on hppa.
+    Closes: bug#511430.
 
+ -- Aurelien Jarno <aurel32@debian.org>  Tue, 13 Jan 2009 12:31:58 +0100
+
 glibc (2.8+20080809-3) experimental; urgency=low
 
   [ Aurelien Jarno ]

Added: glibc-package/branches/glibc-2.9/debian/patches/any/local-nss-overflow.diff
===================================================================
--- glibc-package/branches/glibc-2.9/debian/patches/any/local-nss-overflow.diff	                        (rev 0)
+++ glibc-package/branches/glibc-2.9/debian/patches/any/local-nss-overflow.diff	2009-01-13 11:38:36 UTC (rev 3237)
@@ -0,0 +1,43 @@
+2009-01-12  Arthur Loiret  <aloiret@debian.org>
+
+	nss/nss_files/files-parse.c (INT_FIELD): Convert field to uintmax_t
+	and check for 32-bit overflow.
+	(INT_FIELD_MAYBE_NULL): Likewise.
+
+---
+ nss/nss_files/files-parse.c |   14 ++++++++++++--
+ 1 files changed, 12 insertions(+), 2 deletions(-)
+
+--- a/nss/nss_files/files-parse.c
++++ b/nss/nss_files/files-parse.c
+@@ -144,7 +144,12 @@
+ # define INT_FIELD(variable, terminator_p, swallow, base, convert)	      \
+   {									      \
+     char *endp;								      \
+-    variable = convert (strtou32 (line, &endp, base));			      \
++    unsigned long long tmp;						      \
++    /* Prevent from 32-bit overflow.  */				      \
++    tmp = __strtoull_internal (line, &endp, base, 0);			      \
++    if (tmp > UINT_MAX)						      \
++      return 0;								      \
++    variable = convert ((unsigned long int)tmp);			      \
+     if (endp == line)							      \
+       return 0;								      \
+     else if (terminator_p (*endp))					      \
+@@ -159,10 +164,15 @@
+ # define INT_FIELD_MAYBE_NULL(variable, terminator_p, swallow, base, convert, default)	      \
+   {									      \
+     char *endp;								      \
++    unsigned long long tmp;						      \
+     if (*line == '\0')							      \
+       /* We expect some more input, so don't allow the string to end here. */ \
+       return 0;								      \
+-    variable = convert (strtou32 (line, &endp, base));			      \
++    /* Prevent from 32-bit overflow.  */				      \
++    tmp = __strtoull_internal (line, &endp, base, 0);		      \
++    if (tmp > UINT_MAX))						      \
++      return 0;								      \
++    variable = convert ((unsigned long int)tmp);			      \
+     if (endp == line)							      \
+       variable = default;						      \
+     if (terminator_p (*endp))						      \

Modified: glibc-package/branches/glibc-2.9/debian/patches/series
===================================================================
--- glibc-package/branches/glibc-2.9/debian/patches/series	2009-01-12 01:20:09 UTC (rev 3236)
+++ glibc-package/branches/glibc-2.9/debian/patches/series	2009-01-13 11:38:36 UTC (rev 3237)
@@ -167,3 +167,4 @@
 any/cvs-bz697-posix-regexec.diff
 any/cvs-bz9697-posix-regcomp.diff
 any/cvs-bz9706-nss_nss-files_files-parse.diff
+any/local-nss-overflow.diff

Reply to:

Prev by Date: Processed: tagging 511430
Next by Date: Bug#511620: putty-tools: psftp segfaults trying to open a remote server
Previous by thread: Bug#511620: putty-tools: psftp segfaults trying to open a remote server
Next by thread: gconv-modules overwritten
Index(es):
- Date
- Thread