r6305 - in glibc-package/trunk/debian: . patches patches/any
Author: aurel32
Date: 2014-10-22 09:12:25 +0000 (Wed, 22 Oct 2014)
New Revision: 6305
Added:
glibc-package/trunk/debian/patches/any/cvs-CVE-2014-6040.diff
Modified:
glibc-package/trunk/debian/changelog
glibc-package/trunk/debian/patches/series
Log:
patches/any/cvs-CVE-2014-6040.diff: new patch from upstream to fix crashes
on invalid input in IBM gconv modules (CVE-2014-6040).
Modified: glibc-package/trunk/debian/changelog
===================================================================
--- glibc-package/trunk/debian/changelog 2014-10-21 19:29:26 UTC (rev 6304)
+++ glibc-package/trunk/debian/changelog 2014-10-22 09:12:25 UTC (rev 6305)
@@ -30,6 +30,8 @@
* Update German manpages translations, by Helge Kreutzmann. Closes: #717979.
* kfreebsd/local-fbtl.diff: update to revision 5651 (from glibc-bsd).
Workarounds a kfreebsd 9.0 to 10.1 ABI break. Closes: #740509.
+ * patches/any/cvs-CVE-2014-6040.diff: new patch from upstream to fix crashes
+ on invalid input in IBM gconv modules (CVE-2014-6040).
[ Helmut Grohne ]
* debian/patches/any/local-bootstrap-headers.diff: Update to handle
Added: glibc-package/trunk/debian/patches/any/cvs-CVE-2014-6040.diff
===================================================================
--- glibc-package/trunk/debian/patches/any/cvs-CVE-2014-6040.diff (rev 0)
+++ glibc-package/trunk/debian/patches/any/cvs-CVE-2014-6040.diff 2014-10-22 09:12:25 UTC (rev 6305)
@@ -0,0 +1,117 @@
+2014-09-03 Florian Weimer <fweimer@redhat.com>
+
+ [BZ #17325]
+ * iconvdata/ibm1364.c (BODY): Fix check for sentinel.
+ * iconvdata/ibm932.c (BODY): Replace invalid sentinel check with
+ assert.
+ * iconvdata/ibm933.c (BODY): Fix check for sentinel.
+ * iconvdata/ibm935.c (BODY): Likewise.
+ * iconvdata/ibm937.c (BODY): Likewise.
+ * iconvdata/ibm939.c (BODY): Likewise.
+ * iconvdata/ibm943.c (BODY): Replace invalid sentinel check with
+ assert.
+
+diff --git a/iconvdata/ibm1364.c b/iconvdata/ibm1364.c
+index 0b5484f..cf80993 100644
+--- a/iconvdata/ibm1364.c
++++ b/iconvdata/ibm1364.c
+@@ -221,7 +221,8 @@ enum
+ ++rp2; \
+ \
+ uint32_t res; \
+- if (__builtin_expect (ch < rp2->start, 0) \
++ if (__builtin_expect (rp2->start == 0xffff, 0) \
++ || __builtin_expect (ch < rp2->start, 0) \
+ || (res = DB_TO_UCS4[ch + rp2->idx], \
+ __builtin_expect (res, L'\1') == L'\0' && ch != '\0')) \
+ { \
+diff --git a/iconvdata/ibm932.c b/iconvdata/ibm932.c
+index f5dca59..aa69d65 100644
+--- a/iconvdata/ibm932.c
++++ b/iconvdata/ibm932.c
+@@ -74,11 +74,12 @@
+ } \
+ \
+ ch = (ch * 0x100) + inptr[1]; \
++ /* ch was less than 0xfd. */ \
++ assert (ch < 0xfd00); \
+ while (ch > rp2->end) \
+ ++rp2; \
+ \
+- if (__builtin_expect (rp2 == NULL, 0) \
+- || __builtin_expect (ch < rp2->start, 0) \
++ if (__builtin_expect (ch < rp2->start, 0) \
+ || (res = __ibm932db_to_ucs4[ch + rp2->idx], \
+ __builtin_expect (res, '\1') == 0 && ch !=0)) \
+ { \
+diff --git a/iconvdata/ibm933.c b/iconvdata/ibm933.c
+index f46dfb5..461fb5e 100644
+--- a/iconvdata/ibm933.c
++++ b/iconvdata/ibm933.c
+@@ -162,7 +162,7 @@ enum
+ while (ch > rp2->end) \
+ ++rp2; \
+ \
+- if (__builtin_expect (rp2 == NULL, 0) \
++ if (__builtin_expect (rp2->start == 0xffff, 0) \
+ || __builtin_expect (ch < rp2->start, 0) \
+ || (res = __ibm933db_to_ucs4[ch + rp2->idx], \
+ __builtin_expect (res, L'\1') == L'\0' && ch != '\0')) \
+diff --git a/iconvdata/ibm935.c b/iconvdata/ibm935.c
+index a8e4e6c..132d816 100644
+--- a/iconvdata/ibm935.c
++++ b/iconvdata/ibm935.c
+@@ -162,7 +162,7 @@ enum
+ while (ch > rp2->end) \
+ ++rp2; \
+ \
+- if (__builtin_expect (rp2 == NULL, 0) \
++ if (__builtin_expect (rp2->start == 0xffff, 0) \
+ || __builtin_expect (ch < rp2->start, 0) \
+ || (res = __ibm935db_to_ucs4[ch + rp2->idx], \
+ __builtin_expect (res, L'\1') == L'\0' && ch != '\0')) \
+diff --git a/iconvdata/ibm937.c b/iconvdata/ibm937.c
+index 239be61..69b154d 100644
+--- a/iconvdata/ibm937.c
++++ b/iconvdata/ibm937.c
+@@ -162,7 +162,7 @@ enum
+ while (ch > rp2->end) \
+ ++rp2; \
+ \
+- if (__builtin_expect (rp2 == NULL, 0) \
++ if (__builtin_expect (rp2->start == 0xffff, 0) \
+ || __builtin_expect (ch < rp2->start, 0) \
+ || (res = __ibm937db_to_ucs4[ch + rp2->idx], \
+ __builtin_expect (res, L'\1') == L'\0' && ch != '\0')) \
+diff --git a/iconvdata/ibm939.c b/iconvdata/ibm939.c
+index 5d0db36..9936e2c 100644
+--- a/iconvdata/ibm939.c
++++ b/iconvdata/ibm939.c
+@@ -162,7 +162,7 @@ enum
+ while (ch > rp2->end) \
+ ++rp2; \
+ \
+- if (__builtin_expect (rp2 == NULL, 0) \
++ if (__builtin_expect (rp2->start == 0xffff, 0) \
+ || __builtin_expect (ch < rp2->start, 0) \
+ || (res = __ibm939db_to_ucs4[ch + rp2->idx], \
+ __builtin_expect (res, L'\1') == L'\0' && ch != '\0')) \
+diff --git a/iconvdata/ibm943.c b/iconvdata/ibm943.c
+index be0c14f..c5d5742 100644
+--- a/iconvdata/ibm943.c
++++ b/iconvdata/ibm943.c
+@@ -75,11 +75,12 @@
+ } \
+ \
+ ch = (ch * 0x100) + inptr[1]; \
++ /* ch was less than 0xfd. */ \
++ assert (ch < 0xfd00); \
+ while (ch > rp2->end) \
+ ++rp2; \
+ \
+- if (__builtin_expect (rp2 == NULL, 0) \
+- || __builtin_expect (ch < rp2->start, 0) \
++ if (__builtin_expect (ch < rp2->start, 0) \
+ || (res = __ibm943db_to_ucs4[ch + rp2->idx], \
+ __builtin_expect (res, '\1') == 0 && ch !=0)) \
+ { \
Modified: glibc-package/trunk/debian/patches/series
===================================================================
--- glibc-package/trunk/debian/patches/series 2014-10-21 19:29:26 UTC (rev 6304)
+++ glibc-package/trunk/debian/patches/series 2014-10-22 09:12:25 UTC (rev 6305)
@@ -266,3 +266,4 @@
any/cvs-setlocale-alloca.diff
any/cvs-CVE-2014-0475.diff
any/cvs-CVE-2014-5119.diff
+any/cvs-CVE-2014-6040.diff
Reply to: