r4650 - in glibc-package/branches/glibc-branch-squeeze/debian: . patches patches/any
Author: aurel32
Date: 2011-05-11 17:51:55 +0000 (Wed, 11 May 2011)
New Revision: 4650
Added:
glibc-package/branches/glibc-branch-squeeze/debian/patches/any/cvs-fnmatch.diff
Modified:
glibc-package/branches/glibc-branch-squeeze/debian/changelog
glibc-package/branches/glibc-branch-squeeze/debian/patches/series
Log:
* Add patches/any/cvs-fnmatch.diff to fix an integer overflow in
fnmatch(). Closes: #626370.
Modified: glibc-package/branches/glibc-branch-squeeze/debian/changelog
===================================================================
--- glibc-package/branches/glibc-branch-squeeze/debian/changelog 2011-05-11 13:38:08 UTC (rev 4649)
+++ glibc-package/branches/glibc-branch-squeeze/debian/changelog 2011-05-11 17:51:55 UTC (rev 4650)
@@ -2,6 +2,8 @@
* Add patches/any/cvs-string-restrict.diff to fix wrong memmove/bcopy
optimization with gcc-4.6. Closes: #619963.
+ * Add patches/any/cvs-fnmatch.diff to fix an integer overflow in
+ fnmatch(). Closes: #626370.
-- Aurelien Jarno <aurel32@debian.org> Mon, 02 May 2011 06:32:12 +0200
Added: glibc-package/branches/glibc-branch-squeeze/debian/patches/any/cvs-fnmatch.diff
===================================================================
--- glibc-package/branches/glibc-branch-squeeze/debian/patches/any/cvs-fnmatch.diff (rev 0)
+++ glibc-package/branches/glibc-branch-squeeze/debian/patches/any/cvs-fnmatch.diff 2011-05-11 17:51:55 UTC (rev 4650)
@@ -0,0 +1,33 @@
+2011-03-18 Ulrich Drepper <drepper@gmail.com>
+
+ * posix/fnmatch.c (fnmatch): Check size of pattern in wide
+ character representation.
+ Partly based on a patch by Tomas Hoger <thoger@redhat.com>.
+
+--- a/posix/fnmatch.c
++++ b/posix/fnmatch.c
+@@ -375,6 +375,11 @@ fnmatch (pattern, string, flags)
+ XXX Do we have to set `errno' to something which mbsrtows hasn't
+ already done? */
+ return -1;
++ if (__builtin_expect (n >= (size_t) -1 / sizeof (wchar_t), 0))
++ {
++ __set_errno (ENOMEM);
++ return -2;
++ }
+ wpattern_malloc = wpattern
+ = (wchar_t *) malloc ((n + 1) * sizeof (wchar_t));
+ assert (mbsinit (&ps));
+@@ -419,6 +424,12 @@ fnmatch (pattern, string, flags)
+ XXX Do we have to set `errno' to something which mbsrtows hasn't
+ already done? */
+ goto free_return;
++ if (__builtin_expect (n >= (size_t) -1 / sizeof (wchar_t), 0))
++ {
++ free (wpattern_malloc);
++ __set_errno (ENOMEM);
++ return -2;
++ }
+
+ wstring_malloc = wstring
+ = (wchar_t *) malloc ((n + 1) * sizeof (wchar_t));
Modified: glibc-package/branches/glibc-branch-squeeze/debian/patches/series
===================================================================
--- glibc-package/branches/glibc-branch-squeeze/debian/patches/series 2011-05-11 13:38:08 UTC (rev 4649)
+++ glibc-package/branches/glibc-branch-squeeze/debian/patches/series 2011-05-11 17:51:55 UTC (rev 4650)
@@ -270,3 +270,4 @@
any/cvs-dont-expand-dst-twice.diff
any/cvs-ignore-origin-privileged.diff
any/cvs-string-restrict.diff
+any/cvs-fnmatch.diff
Reply to: