Update glibc to 2.35 to fix CVE-2022-23218 and CVE-2022-23219 (#2724)
* update glibc to 2.35 * update manifests * add patch * patch cleanup * apply glibc fhs patch in temp toolchain * update libxcrypt glibcversion * fix changelog typo
This commit is contained in:
Родитель
cf8471fe4e
Коммит
18a1c779a1
|
@ -1,249 +0,0 @@
|
||||||
From e72b84cec44852dd76365cb7e1bf691b56a8adfc Mon Sep 17 00:00:00 2001
|
|
||||||
From: Alexey Makhalov <amakhalov@vmware.com>
|
|
||||||
Date: Tue, 29 Aug 2017 21:10:08 +0000
|
|
||||||
Subject: [PATCH 2/2] malloc arena fix
|
|
||||||
|
|
||||||
---
|
|
||||||
elf/dl-tunables.list | 5 ++++
|
|
||||||
malloc/arena.c | 64 ++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
||||||
malloc/malloc.c | 31 +++++++++++++++++++++++++
|
|
||||||
malloc/malloc.h | 1 +
|
|
||||||
4 files changed, 101 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/elf/dl-tunables.list b/elf/dl-tunables.list
|
|
||||||
index c188c6a..15a1a14 100644
|
|
||||||
--- a/elf/dl-tunables.list
|
|
||||||
+++ b/elf/dl-tunables.list
|
|
||||||
@@ -76,6 +76,11 @@ glibc {
|
|
||||||
minval: 1
|
|
||||||
security_level: SXID_IGNORE
|
|
||||||
}
|
|
||||||
+ arena_stickiness {
|
|
||||||
+ type: SIZE_T
|
|
||||||
+ env_alias: MALLOC_ARENA_STICKINESS
|
|
||||||
+ security_level: SXID_IGNORE
|
|
||||||
+ }
|
|
||||||
tcache_max {
|
|
||||||
type: SIZE_T
|
|
||||||
}
|
|
||||||
diff --git a/malloc/arena.c b/malloc/arena.c
|
|
||||||
index dc14fae..f0edf2b 100644
|
|
||||||
--- a/malloc/arena.c
|
|
||||||
+++ b/malloc/arena.c
|
|
||||||
@@ -63,6 +63,12 @@ typedef struct _heap_info
|
|
||||||
char pad[-6 * SIZE_SZ & MALLOC_ALIGN_MASK];
|
|
||||||
} heap_info;
|
|
||||||
|
|
||||||
+typedef struct _arena_tracker
|
|
||||||
+{
|
|
||||||
+ mstate arena; /* Arena most recently tracked for growth. */
|
|
||||||
+ size_t growth; /* Current size in bytes. */
|
|
||||||
+} arena_tracker;
|
|
||||||
+
|
|
||||||
/* Get a compile-time error if the heap_info padding is not correct
|
|
||||||
to make alignment work as expected in sYSMALLOc. */
|
|
||||||
extern int sanity_check_heap_info_alignment[(sizeof (heap_info)
|
|
||||||
@@ -73,6 +79,8 @@ extern int sanity_check_heap_info_alignment[(sizeof (heap_info)
|
|
||||||
|
|
||||||
static __thread mstate thread_arena attribute_tls_model_ie;
|
|
||||||
|
|
||||||
+static __thread arena_tracker thread_arena_tracker attribute_tls_model_ie;
|
|
||||||
+
|
|
||||||
/* Arena free list. free_list_lock synchronizes access to the
|
|
||||||
free_list variable below, and the next_free and attached_threads
|
|
||||||
members of struct malloc_state objects. No other locks must be
|
|
||||||
@@ -236,6 +244,7 @@ TUNABLE_CALLBACK_FNDECL (set_perturb_byte, int32_t)
|
|
||||||
TUNABLE_CALLBACK_FNDECL (set_trim_threshold, size_t)
|
|
||||||
TUNABLE_CALLBACK_FNDECL (set_arena_max, size_t)
|
|
||||||
TUNABLE_CALLBACK_FNDECL (set_arena_test, size_t)
|
|
||||||
+TUNABLE_CALLBACK_FNDECL (set_arena_stickiness, size_t)
|
|
||||||
#if USE_TCACHE
|
|
||||||
TUNABLE_CALLBACK_FNDECL (set_tcache_max, size_t)
|
|
||||||
TUNABLE_CALLBACK_FNDECL (set_tcache_count, size_t)
|
|
||||||
@@ -327,6 +336,7 @@ ptmalloc_init (void)
|
|
||||||
TUNABLE_GET (mmap_max, int32_t, TUNABLE_CALLBACK (set_mmaps_max));
|
|
||||||
TUNABLE_GET (arena_max, size_t, TUNABLE_CALLBACK (set_arena_max));
|
|
||||||
TUNABLE_GET (arena_test, size_t, TUNABLE_CALLBACK (set_arena_test));
|
|
||||||
+ TUNABLE_GET (arena_stickiness, size_t, TUNABLE_CALLBACK (set_arena_stickiness));
|
|
||||||
# if USE_TCACHE
|
|
||||||
TUNABLE_GET (tcache_max, size_t, TUNABLE_CALLBACK (set_tcache_max));
|
|
||||||
TUNABLE_GET (tcache_count, size_t, TUNABLE_CALLBACK (set_tcache_count));
|
|
||||||
@@ -392,6 +402,13 @@ ptmalloc_init (void)
|
|
||||||
__libc_mallopt (M_MMAP_THRESHOLD, atoi (&envline[16]));
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
+ case 16:
|
|
||||||
+ if (!__builtin_expect (__libc_enable_secure, 0))
|
|
||||||
+ {
|
|
||||||
+ if (memcmp (envline, "ARENA_STICKINESS", 16) == 0)
|
|
||||||
+ __libc_mallopt (M_ARENA_STICKINESS, atoi (&envline[17]));
|
|
||||||
+ }
|
|
||||||
+ break;
|
|
||||||
default:
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
@@ -974,6 +991,51 @@ arena_get_retry (mstate ar_ptr, size_t bytes)
|
|
||||||
return ar_ptr;
|
|
||||||
}
|
|
||||||
|
|
||||||
+static void
|
|
||||||
+arena_stickiness_track_alloc (void *victim)
|
|
||||||
+{
|
|
||||||
+ if (!victim || chunk_is_mmapped (mem2chunk (victim)))
|
|
||||||
+ return;
|
|
||||||
+
|
|
||||||
+ if (thread_arena_tracker.arena != arena_for_chunk (mem2chunk (victim))) {
|
|
||||||
+ thread_arena_tracker.growth = 0;
|
|
||||||
+ thread_arena_tracker.arena = arena_for_chunk (mem2chunk (victim));
|
|
||||||
+ } else {
|
|
||||||
+ thread_arena_tracker.growth += chunksize (mem2chunk (victim));
|
|
||||||
+ if (thread_arena_tracker.growth >= mp_.arena_stickiness) {
|
|
||||||
+ /* Swtich thread to the next arena */
|
|
||||||
+ mstate replaced_arena = thread_arena;
|
|
||||||
+ mstate next_to_use = replaced_arena->next;
|
|
||||||
+
|
|
||||||
+ __libc_lock_lock (free_list_lock);
|
|
||||||
+ detach_arena (replaced_arena);
|
|
||||||
+#if 0
|
|
||||||
+ /* If this was the last attached thread for this arena, put the
|
|
||||||
+ arena on the free list. */
|
|
||||||
+ if (replaced_arena->attached_threads == 0)
|
|
||||||
+ {
|
|
||||||
+ replaced_arena->next_free = free_list;
|
|
||||||
+ free_list = replaced_arena;
|
|
||||||
+ }
|
|
||||||
+#endif
|
|
||||||
+ if (next_to_use->attached_threads == 0)
|
|
||||||
+ remove_from_free_list (next_to_use);
|
|
||||||
+ ++next_to_use->attached_threads;
|
|
||||||
+
|
|
||||||
+ __libc_lock_unlock (free_list_lock);
|
|
||||||
+ thread_arena = next_to_use;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+/* chunk must be valid and not mmaped. */
|
|
||||||
+static void
|
|
||||||
+arena_stickiness_track_free (mchunkptr chunk)
|
|
||||||
+{
|
|
||||||
+ if (thread_arena_tracker.arena == arena_for_chunk (chunk))
|
|
||||||
+ thread_arena_tracker.growth -= chunksize (chunk);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
void
|
|
||||||
__malloc_arena_thread_freeres (void)
|
|
||||||
{
|
|
||||||
diff --git a/malloc/malloc.c b/malloc/malloc.c
|
|
||||||
index 54e406b..29787a5 100644
|
|
||||||
--- a/malloc/malloc.c
|
|
||||||
+++ b/malloc/malloc.c
|
|
||||||
@@ -1723,6 +1723,7 @@ struct malloc_par
|
|
||||||
INTERNAL_SIZE_T mmap_threshold;
|
|
||||||
INTERNAL_SIZE_T arena_test;
|
|
||||||
INTERNAL_SIZE_T arena_max;
|
|
||||||
+ INTERNAL_SIZE_T arena_stickiness;
|
|
||||||
|
|
||||||
/* Memory map support */
|
|
||||||
int n_mmaps;
|
|
||||||
@@ -1787,6 +1788,7 @@ static struct malloc_par mp_ =
|
|
||||||
.mmap_threshold = DEFAULT_MMAP_THRESHOLD,
|
|
||||||
.trim_threshold = DEFAULT_TRIM_THRESHOLD,
|
|
||||||
#define NARENAS_FROM_NCORES(n) ((n) * (sizeof (long) == 4 ? 2 : 8))
|
|
||||||
+ .arena_stickiness = 0,
|
|
||||||
.arena_test = NARENAS_FROM_NCORES (1)
|
|
||||||
#if USE_TCACHE
|
|
||||||
,
|
|
||||||
@@ -3083,6 +3085,10 @@ __libc_malloc (size_t bytes)
|
|
||||||
|
|
||||||
assert (!victim || chunk_is_mmapped (mem2chunk (victim)) ||
|
|
||||||
ar_ptr == arena_for_chunk (mem2chunk (victim)));
|
|
||||||
+
|
|
||||||
+ if (mp_.arena_stickiness > 0)
|
|
||||||
+ arena_stickiness_track_alloc (victim);
|
|
||||||
+
|
|
||||||
return victim;
|
|
||||||
}
|
|
||||||
libc_hidden_def (__libc_malloc)
|
|
||||||
@@ -3126,6 +3132,9 @@ __libc_free (void *mem)
|
|
||||||
|
|
||||||
MAYBE_INIT_TCACHE ();
|
|
||||||
|
|
||||||
+ if (mp_.arena_stickiness > 0)
|
|
||||||
+ arena_stickiness_track_free (p);
|
|
||||||
+
|
|
||||||
ar_ptr = arena_for_chunk (p);
|
|
||||||
_int_free (ar_ptr, p, 0);
|
|
||||||
}
|
|
||||||
@@ -3226,6 +3235,8 @@ __libc_realloc (void *oldmem, size_t bytes)
|
|
||||||
return newp;
|
|
||||||
}
|
|
||||||
|
|
||||||
+ if (mp_.arena_stickiness > 0)
|
|
||||||
+ arena_stickiness_track_free (oldp);
|
|
||||||
__libc_lock_lock (ar_ptr->mutex);
|
|
||||||
|
|
||||||
newp = _int_realloc (ar_ptr, oldp, oldsize, nb);
|
|
||||||
@@ -3234,6 +3245,9 @@ __libc_realloc (void *oldmem, size_t bytes)
|
|
||||||
assert (!newp || chunk_is_mmapped (mem2chunk (newp)) ||
|
|
||||||
ar_ptr == arena_for_chunk (mem2chunk (newp)));
|
|
||||||
|
|
||||||
+ if (mp_.arena_stickiness > 0)
|
|
||||||
+ arena_stickiness_track_alloc (newp);
|
|
||||||
+
|
|
||||||
if (newp == NULL)
|
|
||||||
{
|
|
||||||
/* Try harder to allocate memory in other arenas. */
|
|
||||||
@@ -3452,6 +3466,9 @@ __libc_calloc (size_t n, size_t elem_size)
|
|
||||||
return mem;
|
|
||||||
}
|
|
||||||
|
|
||||||
+ if (mp_.arena_stickiness > 0)
|
|
||||||
+ arena_stickiness_track_alloc (mem);
|
|
||||||
+
|
|
||||||
csz = chunksize (p);
|
|
||||||
|
|
||||||
#if MORECORE_CLEARS
|
|
||||||
@@ -5145,6 +5162,15 @@ do_set_arena_max (size_t value)
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
+static inline int
|
|
||||||
+__always_inline
|
|
||||||
+do_set_arena_stickiness (size_t value)
|
|
||||||
+{
|
|
||||||
+ LIBC_PROBE (memory_mallopt_arena_stickiness, 2, value, mp_.arena_stickiness);
|
|
||||||
+ mp_.arena_stickiness = value;
|
|
||||||
+ return 1;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
#if USE_TCACHE
|
|
||||||
static inline int
|
|
||||||
__always_inline
|
|
||||||
@@ -5237,6 +5263,11 @@ __libc_mallopt (int param_number, int value)
|
|
||||||
if (value > 0)
|
|
||||||
do_set_arena_max (value);
|
|
||||||
break;
|
|
||||||
+
|
|
||||||
+ case M_ARENA_STICKINESS:
|
|
||||||
+ if (value > 0)
|
|
||||||
+ do_set_arena_stickiness (value);
|
|
||||||
+ break;
|
|
||||||
}
|
|
||||||
__libc_lock_unlock (av->mutex);
|
|
||||||
return res;
|
|
||||||
diff --git a/malloc/malloc.h b/malloc/malloc.h
|
|
||||||
index 339ab64..31bdb44 100644
|
|
||||||
--- a/malloc/malloc.h
|
|
||||||
+++ b/malloc/malloc.h
|
|
||||||
@@ -121,6 +121,7 @@ extern struct mallinfo mallinfo (void) __THROW;
|
|
||||||
#define M_PERTURB -6
|
|
||||||
#define M_ARENA_TEST -7
|
|
||||||
#define M_ARENA_MAX -8
|
|
||||||
+#define M_ARENA_STICKINESS -9
|
|
||||||
|
|
||||||
/* General SVID/XPG interface to tunable parameters. */
|
|
||||||
extern int mallopt (int __param, int __val) __THROW;
|
|
||||||
--
|
|
||||||
2.9.3
|
|
||||||
|
|
|
@ -1,728 +0,0 @@
|
||||||
From 108bc4049f8ae82710aec26a92ffdb4b439c83fd Mon Sep 17 00:00:00 2001
|
|
||||||
From: Florian Weimer <fweimer@redhat.com>
|
|
||||||
Date: Mon, 21 Jan 2019 21:26:03 +0100
|
|
||||||
Subject: [PATCH] CVE-2016-10739: getaddrinfo: Fully parse IPv4 address strings
|
|
||||||
[BZ #20018]
|
|
||||||
|
|
||||||
The IPv4 address parser in the getaddrinfo function is changed so that
|
|
||||||
it does not ignore trailing whitespace and all characters after it.
|
|
||||||
For backwards compatibility, the getaddrinfo function still recognizes
|
|
||||||
legacy name syntax, such as 192.000.002.010 interpreted as 192.0.2.8
|
|
||||||
(octal).
|
|
||||||
|
|
||||||
This commit does not change the behavior of inet_addr and inet_aton.
|
|
||||||
gethostbyname already had additional sanity checks (but is switched
|
|
||||||
over to the new __inet_aton_exact function for completeness as well).
|
|
||||||
|
|
||||||
To avoid sending the problematic query names over DNS, commit
|
|
||||||
6ca53a2453598804a2559a548a08424fca96434a ("resolv: Do not send queries
|
|
||||||
for non-host-names in nss_dns [BZ #24112]") is needed.
|
|
||||||
|
|
||||||
This patch has been modified to apply to 2.28 release.
|
|
||||||
---
|
|
||||||
include/arpa/inet.h | 6 +-
|
|
||||||
nscd/gai.c | 1 -
|
|
||||||
nscd/gethstbynm3_r.c | 2 -
|
|
||||||
nss/digits_dots.c | 3 +-
|
|
||||||
resolv/Makefile | 7 ++
|
|
||||||
resolv/Versions | 1 +
|
|
||||||
resolv/inet_addr.c | 62 ++++++++++-----
|
|
||||||
resolv/res_init.c | 17 ++--
|
|
||||||
resolv/tst-aton.c | 35 +++++++--
|
|
||||||
resolv/tst-inet_aton_exact.c | 47 +++++++++++
|
|
||||||
resolv/tst-resolv-nondecimal.c | 139 +++++++++++++++++++++++++++++++++
|
|
||||||
resolv/tst-resolv-trailing.c | 136 ++++++++++++++++++++++++++++++++
|
|
||||||
sysdeps/posix/getaddrinfo.c | 2 +-
|
|
||||||
15 files changed, 455 insertions(+), 40 deletions(-)
|
|
||||||
create mode 100644 resolv/tst-inet_aton_exact.c
|
|
||||||
create mode 100644 resolv/tst-resolv-nondecimal.c
|
|
||||||
create mode 100644 resolv/tst-resolv-trailing.c
|
|
||||||
|
|
||||||
diff --git a/include/arpa/inet.h b/include/arpa/inet.h
|
|
||||||
index c3f28f2baa..19aec74275 100644
|
|
||||||
--- a/include/arpa/inet.h
|
|
||||||
+++ b/include/arpa/inet.h
|
|
||||||
@@ -1,10 +1,10 @@
|
|
||||||
#include <inet/arpa/inet.h>
|
|
||||||
|
|
||||||
#ifndef _ISOMAC
|
|
||||||
-extern int __inet_aton (const char *__cp, struct in_addr *__inp);
|
|
||||||
-libc_hidden_proto (__inet_aton)
|
|
||||||
+/* Variant of inet_aton which rejects trailing garbage. */
|
|
||||||
+extern int __inet_aton_exact (const char *__cp, struct in_addr *__inp);
|
|
||||||
+libc_hidden_proto (__inet_aton_exact)
|
|
||||||
|
|
||||||
-libc_hidden_proto (inet_aton)
|
|
||||||
libc_hidden_proto (inet_ntop)
|
|
||||||
libc_hidden_proto (inet_pton)
|
|
||||||
extern __typeof (inet_pton) __inet_pton;
|
|
||||||
diff --git a/nscd/gai.c b/nscd/gai.c
|
|
||||||
index fd4e8e092f..801d304d47 100644
|
|
||||||
--- a/nscd/gai.c
|
|
||||||
+++ b/nscd/gai.c
|
|
||||||
@@ -19,7 +19,6 @@
|
|
||||||
|
|
||||||
/* This file uses the getaddrinfo code but it compiles it without NSCD
|
|
||||||
support. We just need a few symbol renames. */
|
|
||||||
-#define __inet_aton inet_aton
|
|
||||||
#define __ioctl ioctl
|
|
||||||
#define __getsockname getsockname
|
|
||||||
#define __socket socket
|
|
||||||
diff --git a/nscd/gethstbynm3_r.c b/nscd/gethstbynm3_r.c
|
|
||||||
index 9f70a86a58..ff594b6d27 100644
|
|
||||||
--- a/nscd/gethstbynm3_r.c
|
|
||||||
+++ b/nscd/gethstbynm3_r.c
|
|
||||||
@@ -38,8 +38,6 @@
|
|
||||||
#define HAVE_LOOKUP_BUFFER 1
|
|
||||||
#define HAVE_AF 1
|
|
||||||
|
|
||||||
-#define __inet_aton inet_aton
|
|
||||||
-
|
|
||||||
/* We are nscd, so we don't want to be talking to ourselves. */
|
|
||||||
#undef USE_NSCD
|
|
||||||
|
|
||||||
diff --git a/nss/digits_dots.c b/nss/digits_dots.c
|
|
||||||
index 95015896a4..440d9955d2 100644
|
|
||||||
--- a/nss/digits_dots.c
|
|
||||||
+++ b/nss/digits_dots.c
|
|
||||||
@@ -29,7 +29,6 @@
|
|
||||||
#include "nsswitch.h"
|
|
||||||
|
|
||||||
#ifdef USE_NSCD
|
|
||||||
-# define inet_aton __inet_aton
|
|
||||||
# include <nscd/nscd_proto.h>
|
|
||||||
#endif
|
|
||||||
|
|
||||||
@@ -160,7 +159,7 @@ __nss_hostname_digits_dots_context (struct resolv_context *ctx,
|
|
||||||
255.255.255.255? The test below will succeed
|
|
||||||
spuriously... ??? */
|
|
||||||
if (af == AF_INET)
|
|
||||||
- ok = __inet_aton (name, (struct in_addr *) host_addr);
|
|
||||||
+ ok = __inet_aton_exact (name, (struct in_addr *) host_addr);
|
|
||||||
else
|
|
||||||
{
|
|
||||||
assert (af == AF_INET6);
|
|
||||||
diff --git a/resolv/Makefile b/resolv/Makefile
|
|
||||||
index 450e171b01..8f22e6a154 100644
|
|
||||||
--- a/resolv/Makefile
|
|
||||||
+++ b/resolv/Makefile
|
|
||||||
@@ -34,6 +34,9 @@ routines := herror inet_addr inet_ntop inet_pton nsap_addr res_init \
|
|
||||||
tests = tst-aton tst-leaks tst-inet_ntop
|
|
||||||
xtests = tst-leaks2
|
|
||||||
|
|
||||||
+tests-internal += tst-inet_aton_exact
|
|
||||||
+
|
|
||||||
+
|
|
||||||
generate := mtrace-tst-leaks.out tst-leaks.mtrace tst-leaks2.mtrace
|
|
||||||
|
|
||||||
extra-libs := libresolv libnss_dns
|
|
||||||
@@ -54,8 +57,10 @@ tests += \
|
|
||||||
tst-resolv-binary \
|
|
||||||
tst-resolv-edns \
|
|
||||||
tst-resolv-network \
|
|
||||||
+ tst-resolv-nondecimal \
|
|
||||||
tst-resolv-res_init-multi \
|
|
||||||
tst-resolv-search \
|
|
||||||
+ tst-resolv-trailing \
|
|
||||||
|
|
||||||
# These tests need libdl.
|
|
||||||
ifeq (yes,$(build-shared))
|
|
||||||
@@ -190,9 +195,11 @@ $(objpfx)tst-resolv-res_init-multi: $(objpfx)libresolv.so \
|
|
||||||
$(shared-thread-library)
|
|
||||||
$(objpfx)tst-resolv-res_init-thread: $(libdl) $(objpfx)libresolv.so \
|
|
||||||
$(shared-thread-library)
|
|
||||||
+$(objpfx)tst-resolv-nondecimal: $(objpfx)libresolv.so $(shared-thread-library)
|
|
||||||
$(objpfx)tst-resolv-qtypes: $(objpfx)libresolv.so $(shared-thread-library)
|
|
||||||
$(objpfx)tst-resolv-rotate: $(objpfx)libresolv.so $(shared-thread-library)
|
|
||||||
$(objpfx)tst-resolv-search: $(objpfx)libresolv.so $(shared-thread-library)
|
|
||||||
+$(objpfx)tst-resolv-trailing: $(objpfx)libresolv.so $(shared-thread-library)
|
|
||||||
$(objpfx)tst-resolv-threads: \
|
|
||||||
$(libdl) $(objpfx)libresolv.so $(shared-thread-library)
|
|
||||||
$(objpfx)tst-resolv-canonname: \
|
|
||||||
diff --git a/resolv/Versions b/resolv/Versions
|
|
||||||
index b05778d965..9a82704af7 100644
|
|
||||||
--- a/resolv/Versions
|
|
||||||
+++ b/resolv/Versions
|
|
||||||
@@ -27,6 +27,7 @@ libc {
|
|
||||||
__h_errno; __resp;
|
|
||||||
|
|
||||||
__res_iclose;
|
|
||||||
+ __inet_aton_exact;
|
|
||||||
__inet_pton_length;
|
|
||||||
__resolv_context_get;
|
|
||||||
__resolv_context_get_preinit;
|
|
||||||
diff --git a/resolv/inet_addr.c b/resolv/inet_addr.c
|
|
||||||
index 32f58b0e13..41b6166a5b 100644
|
|
||||||
--- a/resolv/inet_addr.c
|
|
||||||
+++ b/resolv/inet_addr.c
|
|
||||||
@@ -96,29 +96,14 @@
|
|
||||||
#include <limits.h>
|
|
||||||
#include <errno.h>
|
|
||||||
|
|
||||||
-/*
|
|
||||||
- * Ascii internet address interpretation routine.
|
|
||||||
- * The value returned is in network order.
|
|
||||||
- */
|
|
||||||
-in_addr_t
|
|
||||||
-__inet_addr(const char *cp) {
|
|
||||||
- struct in_addr val;
|
|
||||||
-
|
|
||||||
- if (__inet_aton(cp, &val))
|
|
||||||
- return (val.s_addr);
|
|
||||||
- return (INADDR_NONE);
|
|
||||||
-}
|
|
||||||
-weak_alias (__inet_addr, inet_addr)
|
|
||||||
-
|
|
||||||
-/*
|
|
||||||
- * Check whether "cp" is a valid ascii representation
|
|
||||||
- * of an Internet address and convert to a binary address.
|
|
||||||
- * Returns 1 if the address is valid, 0 if not.
|
|
||||||
- * This replaces inet_addr, the return value from which
|
|
||||||
- * cannot distinguish between failure and a local broadcast address.
|
|
||||||
- */
|
|
||||||
-int
|
|
||||||
-__inet_aton(const char *cp, struct in_addr *addr)
|
|
||||||
+ /* Check whether "cp" is a valid ASCII representation of an IPv4
|
|
||||||
+ Internet address and convert it to a binary address. Returns 1 if
|
|
||||||
+ the address is valid, 0 if not. This replaces inet_addr, the
|
|
||||||
+ return value from which cannot distinguish between failure and a
|
|
||||||
+ local broadcast address. Write a pointer to the first
|
|
||||||
+ non-converted character to *endp. */
|
|
||||||
+static int
|
|
||||||
+inet_aton_end (const char *cp, struct in_addr *addr, const char **endp)
|
|
||||||
{
|
|
||||||
static const in_addr_t max[4] = { 0xffffffff, 0xffffff, 0xffff, 0xff };
|
|
||||||
in_addr_t val;
|
|
||||||
@@ -180,6 +168,7 @@ __inet_aton (const char *cp, struct in_addr *addr)
|
|
||||||
|
|
||||||
if (addr != NULL)
|
|
||||||
addr->s_addr = res.word | htonl (val);
|
|
||||||
+ *endp = cp;
|
|
||||||
|
|
||||||
__set_errno (saved_errno);
|
|
||||||
return (1);
|
|
||||||
@@ -188,6 +177,41 @@ __inet_aton (const char *cp, struct in_addr *addr)
|
|
||||||
__set_errno (saved_errno);
|
|
||||||
return (0);
|
|
||||||
}
|
|
||||||
-weak_alias (__inet_aton, inet_aton)
|
|
||||||
-libc_hidden_def (__inet_aton)
|
|
||||||
-libc_hidden_weak (inet_aton)
|
|
||||||
+
|
|
||||||
+int
|
|
||||||
+__inet_aton_exact (const char *cp, struct in_addr *addr)
|
|
||||||
+{
|
|
||||||
+ struct in_addr val;
|
|
||||||
+ const char *endp;
|
|
||||||
+ /* Check that inet_aton_end parsed the entire string. */
|
|
||||||
+ if (inet_aton_end (cp, &val, &endp) != 0 && *endp == 0)
|
|
||||||
+ {
|
|
||||||
+ *addr = val;
|
|
||||||
+ return 1;
|
|
||||||
+ }
|
|
||||||
+ else
|
|
||||||
+ return 0;
|
|
||||||
+}
|
|
||||||
+libc_hidden_def (__inet_aton_exact)
|
|
||||||
+
|
|
||||||
+/* inet_aton ignores trailing garbage. */
|
|
||||||
+int
|
|
||||||
+__inet_aton_ignore_trailing (const char *cp, struct in_addr *addr)
|
|
||||||
+{
|
|
||||||
+ const char *endp;
|
|
||||||
+ return inet_aton_end (cp, addr, &endp);
|
|
||||||
+}
|
|
||||||
+weak_alias (__inet_aton_ignore_trailing, inet_aton)
|
|
||||||
+
|
|
||||||
+/* ASCII IPv4 Internet address interpretation routine. The value
|
|
||||||
+ returned is in network order. */
|
|
||||||
+in_addr_t
|
|
||||||
+__inet_addr (const char *cp)
|
|
||||||
+{
|
|
||||||
+ struct in_addr val;
|
|
||||||
+ const char *endp;
|
|
||||||
+ if (inet_aton_end (cp, &val, &endp))
|
|
||||||
+ return val.s_addr;
|
|
||||||
+ return INADDR_NONE;
|
|
||||||
+}
|
|
||||||
+weak_alias (__inet_addr, inet_addr)
|
|
||||||
diff --git a/resolv/res_init.c b/resolv/res_init.c
|
|
||||||
index 58c563898e..265e3cc6e3 100644
|
|
||||||
--- a/resolv/res_init.c
|
|
||||||
+++ b/resolv/res_init.c
|
|
||||||
@@ -399,8 +399,16 @@ res_vinit_1 (FILE *fp, struct resolv_conf_parser *parser)
|
|
||||||
cp = parser->buffer + sizeof ("nameserver") - 1;
|
|
||||||
while (*cp == ' ' || *cp == '\t')
|
|
||||||
cp++;
|
|
||||||
+
|
|
||||||
+ /* Ignore trailing contents on the name server line. */
|
|
||||||
+ {
|
|
||||||
+ char *el;
|
|
||||||
+ if ((el = strpbrk (cp, " \t\n")) != NULL)
|
|
||||||
+ *el = '\0';
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
struct sockaddr *sa;
|
|
||||||
- if ((*cp != '\0') && (*cp != '\n') && __inet_aton (cp, &a))
|
|
||||||
+ if ((*cp != '\0') && (*cp != '\n') && __inet_aton_exact (cp, &a))
|
|
||||||
{
|
|
||||||
sa = allocate_address_v4 (a, NAMESERVER_PORT);
|
|
||||||
if (sa == NULL)
|
|
||||||
@@ -410,9 +418,6 @@ res_vinit_1 (FILE *fp, struct resolv_conf_parser *parser)
|
|
||||||
{
|
|
||||||
struct in6_addr a6;
|
|
||||||
char *el;
|
|
||||||
-
|
|
||||||
- if ((el = strpbrk (cp, " \t\n")) != NULL)
|
|
||||||
- *el = '\0';
|
|
||||||
if ((el = strchr (cp, SCOPE_DELIMITER)) != NULL)
|
|
||||||
*el = '\0';
|
|
||||||
if ((*cp != '\0') && (__inet_pton (AF_INET6, cp, &a6) > 0))
|
|
||||||
@@ -472,7 +477,7 @@ res_vinit_1 (FILE *fp, struct resolv_conf_parser *parser)
|
|
||||||
char separator = *cp;
|
|
||||||
*cp = 0;
|
|
||||||
struct resolv_sortlist_entry e;
|
|
||||||
- if (__inet_aton (net, &a))
|
|
||||||
+ if (__inet_aton_exact (net, &a))
|
|
||||||
{
|
|
||||||
e.addr = a;
|
|
||||||
if (is_sort_mask (separator))
|
|
||||||
@@ -484,7 +489,7 @@ res_vinit_1 (FILE *fp, struct resolv_conf_parser *parser)
|
|
||||||
cp++;
|
|
||||||
separator = *cp;
|
|
||||||
*cp = 0;
|
|
||||||
- if (__inet_aton (net, &a))
|
|
||||||
+ if (__inet_aton_exact (net, &a))
|
|
||||||
e.mask = a.s_addr;
|
|
||||||
else
|
|
||||||
e.mask = net_mask (e.addr);
|
|
||||||
diff --git a/resolv/tst-aton.c b/resolv/tst-aton.c
|
|
||||||
index 08110a007a..eb734d7758 100644
|
|
||||||
--- a/resolv/tst-aton.c
|
|
||||||
+++ b/resolv/tst-aton.c
|
|
||||||
@@ -1,11 +1,29 @@
|
|
||||||
+/* Test legacy IPv4 text-to-address function inet_aton.
|
|
||||||
+ Copyright (C) 1998-2019 Free Software Foundation, Inc.
|
|
||||||
+ This file is part of the GNU C Library.
|
|
||||||
+
|
|
||||||
+ The GNU C Library is free software; you can redistribute it and/or
|
|
||||||
+ modify it under the terms of the GNU Lesser General Public
|
|
||||||
+ License as published by the Free Software Foundation; either
|
|
||||||
+ version 2.1 of the License, or (at your option) any later version.
|
|
||||||
+
|
|
||||||
+ The GNU C Library is distributed in the hope that it will be useful,
|
|
||||||
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
||||||
+ Lesser General Public License for more details.
|
|
||||||
+
|
|
||||||
+ You should have received a copy of the GNU Lesser General Public
|
|
||||||
+ License along with the GNU C Library; if not, see
|
|
||||||
+ <http://www.gnu.org/licenses/>. */
|
|
||||||
+
|
|
||||||
+#include <array_length.h>
|
|
||||||
#include <stdio.h>
|
|
||||||
#include <stdint.h>
|
|
||||||
#include <sys/socket.h>
|
|
||||||
#include <netinet/in.h>
|
|
||||||
#include <arpa/inet.h>
|
|
||||||
|
|
||||||
-
|
|
||||||
-static struct tests
|
|
||||||
+static const struct tests
|
|
||||||
{
|
|
||||||
const char *input;
|
|
||||||
int valid;
|
|
||||||
@@ -16,6 +34,7 @@ static struct tests
|
|
||||||
{ "-1", 0, 0 },
|
|
||||||
{ "256", 1, 0x00000100 },
|
|
||||||
{ "256.", 0, 0 },
|
|
||||||
+ { "255a", 0, 0 },
|
|
||||||
{ "256a", 0, 0 },
|
|
||||||
{ "0x100", 1, 0x00000100 },
|
|
||||||
{ "0200.0x123456", 1, 0x80123456 },
|
|
||||||
@@ -40,7 +59,12 @@ static struct tests
|
|
||||||
{ "1.2.256.4", 0, 0 },
|
|
||||||
{ "1.2.3.0x100", 0, 0 },
|
|
||||||
{ "323543357756889", 0, 0 },
|
|
||||||
- { "10.1.2.3.4", 0, 0},
|
|
||||||
+ { "10.1.2.3.4", 0, 0 },
|
|
||||||
+ { "192.0.2.1", 1, 0xc0000201 },
|
|
||||||
+ { "192.0.2.2\nX", 1, 0xc0000202 },
|
|
||||||
+ { "192.0.2.3 Y", 1, 0xc0000203 },
|
|
||||||
+ { "192.0.2.3Z", 0, 0 },
|
|
||||||
+ { "192.000.002.010", 1, 0xc0000208 },
|
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
@@ -50,7 +74,7 @@ do_test (void)
|
|
||||||
int result = 0;
|
|
||||||
size_t cnt;
|
|
||||||
|
|
||||||
- for (cnt = 0; cnt < sizeof (tests) / sizeof (tests[0]); ++cnt)
|
|
||||||
+ for (cnt = 0; cnt < array_length (tests); ++cnt)
|
|
||||||
{
|
|
||||||
struct in_addr addr;
|
|
||||||
|
|
||||||
@@ -73,5 +97,4 @@ do_test (void)
|
|
||||||
return result;
|
|
||||||
}
|
|
||||||
|
|
||||||
-#define TEST_FUNCTION do_test ()
|
|
||||||
-#include "../test-skeleton.c"
|
|
||||||
+#include <support/test-driver.c>
|
|
||||||
diff --git a/resolv/tst-inet_aton_exact.c b/resolv/tst-inet_aton_exact.c
|
|
||||||
new file mode 100644
|
|
||||||
index 0000000000..0fdfa3d6aa
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/resolv/tst-inet_aton_exact.c
|
|
||||||
@@ -0,0 +1,47 @@
|
|
||||||
+/* Test internal legacy IPv4 text-to-address function __inet_aton_exact.
|
|
||||||
+ Copyright (C) 2019 Free Software Foundation, Inc.
|
|
||||||
+ This file is part of the GNU C Library.
|
|
||||||
+
|
|
||||||
+ The GNU C Library is free software; you can redistribute it and/or
|
|
||||||
+ modify it under the terms of the GNU Lesser General Public
|
|
||||||
+ License as published by the Free Software Foundation; either
|
|
||||||
+ version 2.1 of the License, or (at your option) any later version.
|
|
||||||
+
|
|
||||||
+ The GNU C Library is distributed in the hope that it will be useful,
|
|
||||||
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
||||||
+ Lesser General Public License for more details.
|
|
||||||
+
|
|
||||||
+ You should have received a copy of the GNU Lesser General Public
|
|
||||||
+ License along with the GNU C Library; if not, see
|
|
||||||
+ <http://www.gnu.org/licenses/>. */
|
|
||||||
+
|
|
||||||
+#include <arpa/inet.h>
|
|
||||||
+#include <support/check.h>
|
|
||||||
+
|
|
||||||
+static int
|
|
||||||
+do_test (void)
|
|
||||||
+{
|
|
||||||
+ struct in_addr addr = { };
|
|
||||||
+
|
|
||||||
+ TEST_COMPARE (__inet_aton_exact ("192.0.2.1", &addr), 1);
|
|
||||||
+ TEST_COMPARE (ntohl (addr.s_addr), 0xC0000201);
|
|
||||||
+
|
|
||||||
+ TEST_COMPARE (__inet_aton_exact ("192.000.002.010", &addr), 1);
|
|
||||||
+ TEST_COMPARE (ntohl (addr.s_addr), 0xC0000208);
|
|
||||||
+ TEST_COMPARE (__inet_aton_exact ("0xC0000234", &addr), 1);
|
|
||||||
+ TEST_COMPARE (ntohl (addr.s_addr), 0xC0000234);
|
|
||||||
+
|
|
||||||
+ /* Trailing content is not accepted. */
|
|
||||||
+ TEST_COMPARE (__inet_aton_exact ("192.0.2.2X", &addr), 0);
|
|
||||||
+ TEST_COMPARE (__inet_aton_exact ("192.0.2.3 Y", &addr), 0);
|
|
||||||
+ TEST_COMPARE (__inet_aton_exact ("192.0.2.4\nZ", &addr), 0);
|
|
||||||
+ TEST_COMPARE (__inet_aton_exact ("192.0.2.5\tT", &addr), 0);
|
|
||||||
+ TEST_COMPARE (__inet_aton_exact ("192.0.2.6 Y", &addr), 0);
|
|
||||||
+ TEST_COMPARE (__inet_aton_exact ("192.0.2.7\n", &addr), 0);
|
|
||||||
+ TEST_COMPARE (__inet_aton_exact ("192.0.2.8\t", &addr), 0);
|
|
||||||
+
|
|
||||||
+ return 0;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+#include <support/test-driver.c>
|
|
||||||
diff --git a/resolv/tst-resolv-nondecimal.c b/resolv/tst-resolv-nondecimal.c
|
|
||||||
new file mode 100644
|
|
||||||
index 0000000000..a0df6f332a
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/resolv/tst-resolv-nondecimal.c
|
|
||||||
@@ -0,0 +1,139 @@
|
|
||||||
+/* Test name resolution behavior for octal, hexadecimal IPv4 addresses.
|
|
||||||
+ Copyright (C) 2019 Free Software Foundation, Inc.
|
|
||||||
+ This file is part of the GNU C Library.
|
|
||||||
+
|
|
||||||
+ The GNU C Library is free software; you can redistribute it and/or
|
|
||||||
+ modify it under the terms of the GNU Lesser General Public
|
|
||||||
+ License as published by the Free Software Foundation; either
|
|
||||||
+ version 2.1 of the License, or (at your option) any later version.
|
|
||||||
+
|
|
||||||
+ The GNU C Library is distributed in the hope that it will be useful,
|
|
||||||
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
||||||
+ Lesser General Public License for more details.
|
|
||||||
+
|
|
||||||
+ You should have received a copy of the GNU Lesser General Public
|
|
||||||
+ License along with the GNU C Library; if not, see
|
|
||||||
+ <http://www.gnu.org/licenses/>. */
|
|
||||||
+
|
|
||||||
+#include <netdb.h>
|
|
||||||
+#include <stdlib.h>
|
|
||||||
+#include <support/check.h>
|
|
||||||
+#include <support/check_nss.h>
|
|
||||||
+#include <support/resolv_test.h>
|
|
||||||
+#include <support/support.h>
|
|
||||||
+
|
|
||||||
+static void
|
|
||||||
+response (const struct resolv_response_context *ctx,
|
|
||||||
+ struct resolv_response_builder *b,
|
|
||||||
+ const char *qname, uint16_t qclass, uint16_t qtype)
|
|
||||||
+{
|
|
||||||
+ /* The tests are not supposed send any DNS queries. */
|
|
||||||
+ FAIL_EXIT1 ("unexpected DNS query for %s/%d/%d", qname, qclass, qtype);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static void
|
|
||||||
+run_query_addrinfo (const char *query, const char *address)
|
|
||||||
+{
|
|
||||||
+ char *quoted_query = support_quote_string (query);
|
|
||||||
+
|
|
||||||
+ struct addrinfo *ai;
|
|
||||||
+ struct addrinfo hints =
|
|
||||||
+ {
|
|
||||||
+ .ai_socktype = SOCK_STREAM,
|
|
||||||
+ .ai_protocol = IPPROTO_TCP,
|
|
||||||
+ };
|
|
||||||
+
|
|
||||||
+ char *context = xasprintf ("getaddrinfo \"%s\" AF_INET", quoted_query);
|
|
||||||
+ char *expected = xasprintf ("address: STREAM/TCP %s 80\n", address);
|
|
||||||
+ hints.ai_family = AF_INET;
|
|
||||||
+ int ret = getaddrinfo (query, "80", &hints, &ai);
|
|
||||||
+ check_addrinfo (context, ai, ret, expected);
|
|
||||||
+ if (ret == 0)
|
|
||||||
+ freeaddrinfo (ai);
|
|
||||||
+ free (context);
|
|
||||||
+
|
|
||||||
+ context = xasprintf ("getaddrinfo \"%s\" AF_UNSPEC", quoted_query);
|
|
||||||
+ hints.ai_family = AF_UNSPEC;
|
|
||||||
+ ret = getaddrinfo (query, "80", &hints, &ai);
|
|
||||||
+ check_addrinfo (context, ai, ret, expected);
|
|
||||||
+ if (ret == 0)
|
|
||||||
+ freeaddrinfo (ai);
|
|
||||||
+ free (expected);
|
|
||||||
+ free (context);
|
|
||||||
+
|
|
||||||
+ context = xasprintf ("getaddrinfo \"%s\" AF_INET6", quoted_query);
|
|
||||||
+ expected = xasprintf ("flags: AI_V4MAPPED\n"
|
|
||||||
+ "address: STREAM/TCP ::ffff:%s 80\n",
|
|
||||||
+ address);
|
|
||||||
+ hints.ai_family = AF_INET6;
|
|
||||||
+ hints.ai_flags = AI_V4MAPPED;
|
|
||||||
+ ret = getaddrinfo (query, "80", &hints, &ai);
|
|
||||||
+ check_addrinfo (context, ai, ret, expected);
|
|
||||||
+ if (ret == 0)
|
|
||||||
+ freeaddrinfo (ai);
|
|
||||||
+ free (expected);
|
|
||||||
+ free (context);
|
|
||||||
+
|
|
||||||
+ free (quoted_query);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static void
|
|
||||||
+run_query (const char *query, const char *address)
|
|
||||||
+{
|
|
||||||
+ char *quoted_query = support_quote_string (query);
|
|
||||||
+ char *context = xasprintf ("gethostbyname (\"%s\")", quoted_query);
|
|
||||||
+ char *expected = xasprintf ("name: %s\n"
|
|
||||||
+ "address: %s\n", query, address);
|
|
||||||
+ check_hostent (context, gethostbyname (query), expected);
|
|
||||||
+ free (context);
|
|
||||||
+
|
|
||||||
+ context = xasprintf ("gethostbyname_r \"%s\"", quoted_query);
|
|
||||||
+ struct hostent storage;
|
|
||||||
+ char buf[4096];
|
|
||||||
+ struct hostent *e = NULL;
|
|
||||||
+ TEST_COMPARE (gethostbyname_r (query, &storage, buf, sizeof (buf),
|
|
||||||
+ &e, &h_errno), 0);
|
|
||||||
+ check_hostent (context, e, expected);
|
|
||||||
+ free (context);
|
|
||||||
+
|
|
||||||
+ context = xasprintf ("gethostbyname2 (\"%s\", AF_INET)", quoted_query);
|
|
||||||
+ check_hostent (context, gethostbyname2 (query, AF_INET), expected);
|
|
||||||
+ free (context);
|
|
||||||
+
|
|
||||||
+ context = xasprintf ("gethostbyname2_r \"%s\" AF_INET", quoted_query);
|
|
||||||
+ e = NULL;
|
|
||||||
+ TEST_COMPARE (gethostbyname2_r (query, AF_INET, &storage, buf, sizeof (buf),
|
|
||||||
+ &e, &h_errno), 0);
|
|
||||||
+ check_hostent (context, e, expected);
|
|
||||||
+ free (context);
|
|
||||||
+ free (expected);
|
|
||||||
+
|
|
||||||
+ free (quoted_query);
|
|
||||||
+
|
|
||||||
+ /* The gethostbyname tests are always valid for getaddrinfo, but not
|
|
||||||
+ vice versa. */
|
|
||||||
+ run_query_addrinfo (query, address);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static int
|
|
||||||
+do_test (void)
|
|
||||||
+{
|
|
||||||
+ struct resolv_test *aux = resolv_test_start
|
|
||||||
+ ((struct resolv_redirect_config)
|
|
||||||
+ {
|
|
||||||
+ .response_callback = response,
|
|
||||||
+ });
|
|
||||||
+
|
|
||||||
+ run_query ("192.000.002.010", "192.0.2.8");
|
|
||||||
+
|
|
||||||
+ /* Hexadecimal numbers are not accepted by gethostbyname. */
|
|
||||||
+ run_query_addrinfo ("0xc0000210", "192.0.2.16");
|
|
||||||
+ run_query_addrinfo ("192.0x234", "192.0.2.52");
|
|
||||||
+
|
|
||||||
+ resolv_test_end (aux);
|
|
||||||
+
|
|
||||||
+ return 0;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+#include <support/test-driver.c>
|
|
||||||
diff --git a/resolv/tst-resolv-trailing.c b/resolv/tst-resolv-trailing.c
|
|
||||||
new file mode 100644
|
|
||||||
index 0000000000..7504bdae57
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/resolv/tst-resolv-trailing.c
|
|
||||||
@@ -0,0 +1,136 @@
|
|
||||||
+/* Test name resolution behavior with trailing characters.
|
|
||||||
+ Copyright (C) 2019 Free Software Foundation, Inc.
|
|
||||||
+ This file is part of the GNU C Library.
|
|
||||||
+
|
|
||||||
+ The GNU C Library is free software; you can redistribute it and/or
|
|
||||||
+ modify it under the terms of the GNU Lesser General Public
|
|
||||||
+ License as published by the Free Software Foundation; either
|
|
||||||
+ version 2.1 of the License, or (at your option) any later version.
|
|
||||||
+
|
|
||||||
+ The GNU C Library is distributed in the hope that it will be useful,
|
|
||||||
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
||||||
+ Lesser General Public License for more details.
|
|
||||||
+
|
|
||||||
+ You should have received a copy of the GNU Lesser General Public
|
|
||||||
+ License along with the GNU C Library; if not, see
|
|
||||||
+ <http://www.gnu.org/licenses/>. */
|
|
||||||
+
|
|
||||||
+#include <array_length.h>
|
|
||||||
+#include <netdb.h>
|
|
||||||
+#include <support/check.h>
|
|
||||||
+#include <support/check_nss.h>
|
|
||||||
+#include <support/resolv_test.h>
|
|
||||||
+#include <support/support.h>
|
|
||||||
+
|
|
||||||
+static void
|
|
||||||
+response (const struct resolv_response_context *ctx,
|
|
||||||
+ struct resolv_response_builder *b,
|
|
||||||
+ const char *qname, uint16_t qclass, uint16_t qtype)
|
|
||||||
+{
|
|
||||||
+ /* The tests are not supposed send any DNS queries. */
|
|
||||||
+ FAIL_EXIT1 ("unexpected DNS query for %s/%d/%d", qname, qclass, qtype);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static int
|
|
||||||
+do_test (void)
|
|
||||||
+{
|
|
||||||
+ struct resolv_test *aux = resolv_test_start
|
|
||||||
+ ((struct resolv_redirect_config)
|
|
||||||
+ {
|
|
||||||
+ .response_callback = response,
|
|
||||||
+ });
|
|
||||||
+
|
|
||||||
+ static const char *const queries[] =
|
|
||||||
+ {
|
|
||||||
+ "192.0.2.1 ",
|
|
||||||
+ "192.0.2.2\t",
|
|
||||||
+ "192.0.2.3\n",
|
|
||||||
+ "192.0.2.4 X",
|
|
||||||
+ "192.0.2.5\tY",
|
|
||||||
+ "192.0.2.6\nZ",
|
|
||||||
+ "192.0.2. ",
|
|
||||||
+ "192.0.2.\t",
|
|
||||||
+ "192.0.2.\n",
|
|
||||||
+ "192.0.2. X",
|
|
||||||
+ "192.0.2.\tY",
|
|
||||||
+ "192.0.2.\nZ",
|
|
||||||
+ "2001:db8::1 ",
|
|
||||||
+ "2001:db8::2\t",
|
|
||||||
+ "2001:db8::3\n",
|
|
||||||
+ "2001:db8::4 X",
|
|
||||||
+ "2001:db8::5\tY",
|
|
||||||
+ "2001:db8::6\nZ",
|
|
||||||
+ };
|
|
||||||
+ for (size_t query_idx = 0; query_idx < array_length (queries); ++query_idx)
|
|
||||||
+ {
|
|
||||||
+ const char *query = queries[query_idx];
|
|
||||||
+ struct hostent storage;
|
|
||||||
+ char buf[4096];
|
|
||||||
+ struct hostent *e;
|
|
||||||
+
|
|
||||||
+ h_errno = 0;
|
|
||||||
+ TEST_VERIFY (gethostbyname (query) == NULL);
|
|
||||||
+ TEST_COMPARE (h_errno, HOST_NOT_FOUND);
|
|
||||||
+
|
|
||||||
+ h_errno = 0;
|
|
||||||
+ e = NULL;
|
|
||||||
+ TEST_COMPARE (gethostbyname_r (query, &storage, buf, sizeof (buf),
|
|
||||||
+ &e, &h_errno), 0);
|
|
||||||
+ TEST_VERIFY (e == NULL);
|
|
||||||
+ TEST_COMPARE (h_errno, HOST_NOT_FOUND);
|
|
||||||
+
|
|
||||||
+ h_errno = 0;
|
|
||||||
+ TEST_VERIFY (gethostbyname2 (query, AF_INET) == NULL);
|
|
||||||
+ TEST_COMPARE (h_errno, HOST_NOT_FOUND);
|
|
||||||
+
|
|
||||||
+ h_errno = 0;
|
|
||||||
+ e = NULL;
|
|
||||||
+ TEST_COMPARE (gethostbyname2_r (query, AF_INET,
|
|
||||||
+ &storage, buf, sizeof (buf),
|
|
||||||
+ &e, &h_errno), 0);
|
|
||||||
+ TEST_VERIFY (e == NULL);
|
|
||||||
+ TEST_COMPARE (h_errno, HOST_NOT_FOUND);
|
|
||||||
+
|
|
||||||
+ h_errno = 0;
|
|
||||||
+ TEST_VERIFY (gethostbyname2 (query, AF_INET6) == NULL);
|
|
||||||
+ TEST_COMPARE (h_errno, HOST_NOT_FOUND);
|
|
||||||
+
|
|
||||||
+ h_errno = 0;
|
|
||||||
+ e = NULL;
|
|
||||||
+ TEST_COMPARE (gethostbyname2_r (query, AF_INET6,
|
|
||||||
+ &storage, buf, sizeof (buf),
|
|
||||||
+ &e, &h_errno), 0);
|
|
||||||
+ TEST_VERIFY (e == NULL);
|
|
||||||
+ TEST_COMPARE (h_errno, HOST_NOT_FOUND);
|
|
||||||
+
|
|
||||||
+ static const int gai_flags[] =
|
|
||||||
+ {
|
|
||||||
+ 0,
|
|
||||||
+ AI_ADDRCONFIG,
|
|
||||||
+ AI_NUMERICHOST,
|
|
||||||
+ AI_IDN,
|
|
||||||
+ AI_IDN | AI_NUMERICHOST,
|
|
||||||
+ AI_V4MAPPED,
|
|
||||||
+ AI_V4MAPPED | AI_NUMERICHOST,
|
|
||||||
+ };
|
|
||||||
+ for (size_t gai_flags_idx; gai_flags_idx < array_length (gai_flags);
|
|
||||||
+ ++gai_flags_idx)
|
|
||||||
+ {
|
|
||||||
+ struct addrinfo hints = { .ai_flags = gai_flags[gai_flags_idx], };
|
|
||||||
+ struct addrinfo *ai;
|
|
||||||
+ hints.ai_family = AF_INET;
|
|
||||||
+ TEST_COMPARE (getaddrinfo (query, "80", &hints, &ai), EAI_NONAME);
|
|
||||||
+ hints.ai_family = AF_INET6;
|
|
||||||
+ TEST_COMPARE (getaddrinfo (query, "80", &hints, &ai), EAI_NONAME);
|
|
||||||
+ hints.ai_family = AF_UNSPEC;
|
|
||||||
+ TEST_COMPARE (getaddrinfo (query, "80", &hints, &ai), EAI_NONAME);
|
|
||||||
+ }
|
|
||||||
+ };
|
|
||||||
+
|
|
||||||
+ resolv_test_end (aux);
|
|
||||||
+
|
|
||||||
+ return 0;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+#include <support/test-driver.c>
|
|
||||||
diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c
|
|
||||||
index aa69eb7e54..aa054b620f 100644
|
|
||||||
--- a/sysdeps/posix/getaddrinfo.c
|
|
||||||
+++ b/sysdeps/posix/getaddrinfo.c
|
|
||||||
@@ -488,7 +488,7 @@ gaih_inet (const char *name, const struct gaih_service *service,
|
|
||||||
malloc_name = true;
|
|
||||||
}
|
|
||||||
|
|
||||||
- if (__inet_aton (name, (struct in_addr *) at->addr) != 0)
|
|
||||||
+ if (__inet_aton_exact (name, (struct in_addr *) at->addr) != 0)
|
|
||||||
{
|
|
||||||
if (req->ai_family == AF_UNSPEC || req->ai_family == AF_INET)
|
|
||||||
at->family = AF_INET;
|
|
||||||
--
|
|
||||||
2.25.1
|
|
||||||
|
|
|
@ -1,31 +0,0 @@
|
||||||
From 7966ce07e89fa4ccc8fdba00d4439fc652862462 Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?utf8?q?Marcin=20Ko=C5=9Bcielnicki?= <mwk@0x04.net>
|
|
||||||
Date: Thu, 21 Nov 2019 00:20:15 +0100
|
|
||||||
Subject: [PATCH] rtld: Check __libc_enable_secure before honoring
|
|
||||||
LD_PREFER_MAP_32BIT_EXEC (CVE-2019-19126) [BZ #25204]
|
|
||||||
|
|
||||||
The problem was introduced in glibc 2.23, in commit
|
|
||||||
b9eb92ab05204df772eb4929eccd018637c9f3e9
|
|
||||||
("Add Prefer_MAP_32BIT_EXEC to map executable pages with MAP_32BIT").
|
|
||||||
|
|
||||||
(cherry picked from commit d5dfad4326fc683c813df1e37bbf5cf920591c8e)
|
|
||||||
---
|
|
||||||
sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h | 3 ++-
|
|
||||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h b/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h
|
|
||||||
index 194369174d..ac694c032e 100644
|
|
||||||
--- a/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h
|
|
||||||
+++ b/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h
|
|
||||||
@@ -31,7 +31,8 @@
|
|
||||||
environment variable, LD_PREFER_MAP_32BIT_EXEC. */
|
|
||||||
#define EXTRA_LD_ENVVARS \
|
|
||||||
case 21: \
|
|
||||||
- if (memcmp (envline, "PREFER_MAP_32BIT_EXEC", 21) == 0) \
|
|
||||||
+ if (!__libc_enable_secure \
|
|
||||||
+ && memcmp (envline, "PREFER_MAP_32BIT_EXEC", 21) == 0) \
|
|
||||||
GLRO(dl_x86_cpu_features).feature[index_arch_Prefer_MAP_32BIT_EXEC] \
|
|
||||||
|= bit_arch_Prefer_MAP_32BIT_EXEC; \
|
|
||||||
break;
|
|
||||||
--
|
|
||||||
2.18.4
|
|
|
@ -1,132 +0,0 @@
|
||||||
From ee7a3144c9922808181009b7b3e50e852fb4999b Mon Sep 17 00:00:00 2001
|
|
||||||
From: Andreas Schwab <schwab@suse.de>
|
|
||||||
Date: Mon, 21 Dec 2020 08:56:43 +0530
|
|
||||||
Subject: [PATCH] Fix buffer overrun in EUC-KR conversion module (bz #24973)
|
|
||||||
|
|
||||||
The byte 0xfe as input to the EUC-KR conversion denotes a user-defined
|
|
||||||
area and is not allowed. The from_euc_kr function used to skip two bytes
|
|
||||||
when told to skip over the unknown designation, potentially running over
|
|
||||||
the buffer end.
|
|
||||||
---
|
|
||||||
iconvdata/Makefile | 3 ++-
|
|
||||||
iconvdata/bug-iconv13.c | 53 +++++++++++++++++++++++++++++++++++++++++
|
|
||||||
iconvdata/euc-kr.c | 6 +----
|
|
||||||
iconvdata/ksc5601.h | 6 ++---
|
|
||||||
4 files changed, 59 insertions(+), 9 deletions(-)
|
|
||||||
create mode 100644 iconvdata/bug-iconv13.c
|
|
||||||
|
|
||||||
diff --git a/iconvdata/Makefile b/iconvdata/Makefile
|
|
||||||
index 4ec2741cdc..85009f3390 100644
|
|
||||||
--- a/iconvdata/Makefile
|
|
||||||
+++ b/iconvdata/Makefile
|
|
||||||
@@ -73,7 +73,8 @@ modules.so := $(addsuffix .so, $(modules))
|
|
||||||
ifeq (yes,$(build-shared))
|
|
||||||
tests = bug-iconv1 bug-iconv2 tst-loading tst-e2big tst-iconv4 bug-iconv4 \
|
|
||||||
tst-iconv6 bug-iconv5 bug-iconv6 tst-iconv7 bug-iconv8 bug-iconv9 \
|
|
||||||
- bug-iconv10 bug-iconv11 bug-iconv12
|
|
||||||
+ bug-iconv10 bug-iconv11 bug-iconv12 \
|
|
||||||
+ bug-iconv13
|
|
||||||
ifeq ($(have-thread-library),yes)
|
|
||||||
tests += bug-iconv3
|
|
||||||
endif
|
|
||||||
diff --git a/iconvdata/bug-iconv13.c b/iconvdata/bug-iconv13.c
|
|
||||||
new file mode 100644
|
|
||||||
index 0000000000..87aaff398e
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/iconvdata/bug-iconv13.c
|
|
||||||
@@ -0,0 +1,53 @@
|
|
||||||
+/* bug 24973: Test EUC-KR module
|
|
||||||
+ Copyright (C) 2020 Free Software Foundation, Inc.
|
|
||||||
+ This file is part of the GNU C Library.
|
|
||||||
+
|
|
||||||
+ The GNU C Library is free software; you can redistribute it and/or
|
|
||||||
+ modify it under the terms of the GNU Lesser General Public
|
|
||||||
+ License as published by the Free Software Foundation; either
|
|
||||||
+ version 2.1 of the License, or (at your option) any later version.
|
|
||||||
+
|
|
||||||
+ The GNU C Library is distributed in the hope that it will be useful,
|
|
||||||
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
||||||
+ Lesser General Public License for more details.
|
|
||||||
+
|
|
||||||
+ You should have received a copy of the GNU Lesser General Public
|
|
||||||
+ License along with the GNU C Library; if not, see
|
|
||||||
+ <https://www.gnu.org/licenses/>. */
|
|
||||||
+
|
|
||||||
+#include <errno.h>
|
|
||||||
+#include <iconv.h>
|
|
||||||
+#include <stdio.h>
|
|
||||||
+#include <support/check.h>
|
|
||||||
+
|
|
||||||
+static int
|
|
||||||
+do_test (void)
|
|
||||||
+{
|
|
||||||
+ iconv_t cd = iconv_open ("UTF-8//IGNORE", "EUC-KR");
|
|
||||||
+ TEST_VERIFY_EXIT (cd != (iconv_t) -1);
|
|
||||||
+
|
|
||||||
+ /* 0xfe (->0x7e : row 94) and 0xc9 (->0x49 : row 41) are user-defined
|
|
||||||
+ areas, which are not allowed and should be skipped over due to
|
|
||||||
+ //IGNORE. The trailing 0xfe also is an incomplete sequence, which
|
|
||||||
+ should be checked first. */
|
|
||||||
+ char input[4] = { '\xc9', '\xa1', '\0', '\xfe' };
|
|
||||||
+ char *inptr = input;
|
|
||||||
+ size_t insize = sizeof (input);
|
|
||||||
+ char output[4];
|
|
||||||
+ char *outptr = output;
|
|
||||||
+ size_t outsize = sizeof (output);
|
|
||||||
+
|
|
||||||
+ /* This used to crash due to buffer overrun. */
|
|
||||||
+ TEST_VERIFY (iconv (cd, &inptr, &insize, &outptr, &outsize) == (size_t) -1);
|
|
||||||
+ TEST_VERIFY (errno == EINVAL);
|
|
||||||
+ /* The conversion should produce one character, the converted null
|
|
||||||
+ character. */
|
|
||||||
+ TEST_VERIFY (sizeof (output) - outsize == 1);
|
|
||||||
+
|
|
||||||
+ TEST_VERIFY_EXIT (iconv_close (cd) != -1);
|
|
||||||
+
|
|
||||||
+ return 0;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+#include <support/test-driver.c>
|
|
||||||
diff --git a/iconvdata/euc-kr.c b/iconvdata/euc-kr.c
|
|
||||||
index b0d56cf3ee..1045bae926 100644
|
|
||||||
--- a/iconvdata/euc-kr.c
|
|
||||||
+++ b/iconvdata/euc-kr.c
|
|
||||||
@@ -80,11 +80,7 @@ euckr_from_ucs4 (uint32_t ch, unsigned char *cp)
|
|
||||||
\
|
|
||||||
if (ch <= 0x9f) \
|
|
||||||
++inptr; \
|
|
||||||
- /* 0xfe(->0x7e : row 94) and 0xc9(->0x59 : row 41) are \
|
|
||||||
- user-defined areas. */ \
|
|
||||||
- else if (__builtin_expect (ch == 0xa0, 0) \
|
|
||||||
- || __builtin_expect (ch > 0xfe, 0) \
|
|
||||||
- || __builtin_expect (ch == 0xc9, 0)) \
|
|
||||||
+ else if (__glibc_unlikely (ch == 0xa0)) \
|
|
||||||
{ \
|
|
||||||
/* This is illegal. */ \
|
|
||||||
STANDARD_FROM_LOOP_ERR_HANDLER (1); \
|
|
||||||
diff --git a/iconvdata/ksc5601.h b/iconvdata/ksc5601.h
|
|
||||||
index d3eb3a4ff8..f5cdc72797 100644
|
|
||||||
--- a/iconvdata/ksc5601.h
|
|
||||||
+++ b/iconvdata/ksc5601.h
|
|
||||||
@@ -50,15 +50,15 @@ ksc5601_to_ucs4 (const unsigned char **s, size_t avail, unsigned char offset)
|
|
||||||
unsigned char ch2;
|
|
||||||
int idx;
|
|
||||||
|
|
||||||
+ if (avail < 2)
|
|
||||||
+ return 0;
|
|
||||||
+
|
|
||||||
/* row 94(0x7e) and row 41(0x49) are user-defined area in KS C 5601 */
|
|
||||||
|
|
||||||
if (ch < offset || (ch - offset) <= 0x20 || (ch - offset) >= 0x7e
|
|
||||||
|| (ch - offset) == 0x49)
|
|
||||||
return __UNKNOWN_10646_CHAR;
|
|
||||||
|
|
||||||
- if (avail < 2)
|
|
||||||
- return 0;
|
|
||||||
-
|
|
||||||
ch2 = (*s)[1];
|
|
||||||
if (ch2 < offset || (ch2 - offset) <= 0x20 || (ch2 - offset) >= 0x7f)
|
|
||||||
return __UNKNOWN_10646_CHAR;
|
|
||||||
--
|
|
||||||
2.27.0
|
|
|
@ -1,217 +0,0 @@
|
||||||
diff --git a/./ChangeLog b/ChangeLog
|
|
||||||
index 08b42bd..0e82190 100644
|
|
||||||
--- a/ChangeLog
|
|
||||||
+++ b/ChangeLog
|
|
||||||
@@ -1,3 +1,14 @@
|
|
||||||
+2019-02-04 H.J. Lu <hongjiu.lu@intel.com>
|
|
||||||
+
|
|
||||||
+ [BZ #24155]
|
|
||||||
+ CVE-2019-7309
|
|
||||||
+ * NEWS: Updated for CVE-2019-7309.
|
|
||||||
+ * sysdeps/x86_64/memcmp.S: Use RDX_LP for size. Clear the
|
|
||||||
+ upper 32 bits of RDX register for x32. Use unsigned Jcc
|
|
||||||
+ instructions, instead of signed.
|
|
||||||
+ * sysdeps/x86_64/x32/Makefile (tests): Add tst-size_t-memcmp-2.
|
|
||||||
+ * sysdeps/x86_64/x32/tst-size_t-memcmp-2.c: New test.
|
|
||||||
+
|
|
||||||
2018-08-01 Carlos O'Donel <carlos@redhat.com>
|
|
||||||
|
|
||||||
* version.h (RELEASE): Set to "stable".
|
|
||||||
diff --git a/NEWS b/NEWS
|
|
||||||
index 154ab22..d254097 100644
|
|
||||||
--- a/NEWS
|
|
||||||
+++ b/NEWS
|
|
||||||
@@ -240,6 +240,14 @@ Security related changes:
|
|
||||||
architecture could write beyond the target buffer, resulting in a buffer
|
|
||||||
overflow. Reported by Andreas Schwab.
|
|
||||||
|
|
||||||
+ CVE-2019-7309: x86-64 memcmp used signed Jcc instructions to check
|
|
||||||
+ size. For x86-64, memcmp on an object size larger than SSIZE_MAX
|
|
||||||
+ has undefined behavior. On x32, the size_t argument may be passed
|
|
||||||
+ in the lower 32 bits of the 64-bit RDX register with non-zero upper
|
|
||||||
+ 32 bits. When it happened with the sign bit of RDX register set,
|
|
||||||
+ memcmp gave the wrong result since it treated the size argument as
|
|
||||||
+ zero. Reported by H.J. Lu.
|
|
||||||
+
|
|
||||||
The following bugs are resolved with this release:
|
|
||||||
|
|
||||||
[1190] stdio: fgetc()/fread() behaviour is not POSIX compliant
|
|
||||||
@@ -422,6 +430,7 @@ The following bugs are resolved with this release:
|
|
||||||
[23459] libc: COMMON_CPUID_INDEX_80000001 isn't populated for Intel
|
|
||||||
processors
|
|
||||||
[23467] dynamic-link: x86/CET: A property note parser bug
|
|
||||||
+ [24155] x32 memcmp can treat positive length as 0 (if sign bit in RDX is set) (CVE-2019-7309)
|
|
||||||
|
|
||||||
|
|
||||||
Version 2.27
|
|
||||||
|
|
||||||
diff --git a/sysdeps/x86_64/memcmp.S b/sysdeps/x86_64/memcmp.S
|
|
||||||
index bcb4a2e88d..45918d375a 100644
|
|
||||||
--- a/sysdeps/x86_64/memcmp.S
|
|
||||||
+++ b/sysdeps/x86_64/memcmp.S
|
|
||||||
@@ -21,14 +21,18 @@
|
|
||||||
|
|
||||||
.text
|
|
||||||
ENTRY (memcmp)
|
|
||||||
- test %rdx, %rdx
|
|
||||||
+#ifdef __ILP32__
|
|
||||||
+ /* Clear the upper 32 bits. */
|
|
||||||
+ movl %edx, %edx
|
|
||||||
+#endif
|
|
||||||
+ test %RDX_LP, %RDX_LP
|
|
||||||
jz L(finz)
|
|
||||||
cmpq $1, %rdx
|
|
||||||
- jle L(finr1b)
|
|
||||||
+ jbe L(finr1b)
|
|
||||||
subq %rdi, %rsi
|
|
||||||
movq %rdx, %r10
|
|
||||||
cmpq $32, %r10
|
|
||||||
- jge L(gt32)
|
|
||||||
+ jae L(gt32)
|
|
||||||
/* Handle small chunks and last block of less than 32 bytes. */
|
|
||||||
L(small):
|
|
||||||
testq $1, %r10
|
|
||||||
@@ -156,7 +160,7 @@ L(A32):
|
|
||||||
movq %r11, %r10
|
|
||||||
andq $-32, %r10
|
|
||||||
cmpq %r10, %rdi
|
|
||||||
- jge L(mt16)
|
|
||||||
+ jae L(mt16)
|
|
||||||
/* Pre-unroll to be ready for unrolled 64B loop. */
|
|
||||||
testq $32, %rdi
|
|
||||||
jz L(A64)
|
|
||||||
@@ -178,7 +182,7 @@ L(A64):
|
|
||||||
movq %r11, %r10
|
|
||||||
andq $-64, %r10
|
|
||||||
cmpq %r10, %rdi
|
|
||||||
- jge L(mt32)
|
|
||||||
+ jae L(mt32)
|
|
||||||
|
|
||||||
L(A64main):
|
|
||||||
movdqu (%rdi,%rsi), %xmm0
|
|
||||||
@@ -216,7 +220,7 @@ L(mt32):
|
|
||||||
movq %r11, %r10
|
|
||||||
andq $-32, %r10
|
|
||||||
cmpq %r10, %rdi
|
|
||||||
- jge L(mt16)
|
|
||||||
+ jae L(mt16)
|
|
||||||
|
|
||||||
L(A32main):
|
|
||||||
movdqu (%rdi,%rsi), %xmm0
|
|
||||||
@@ -254,7 +258,7 @@ L(ATR):
|
|
||||||
movq %r11, %r10
|
|
||||||
andq $-32, %r10
|
|
||||||
cmpq %r10, %rdi
|
|
||||||
- jge L(mt16)
|
|
||||||
+ jae L(mt16)
|
|
||||||
testq $16, %rdi
|
|
||||||
jz L(ATR32)
|
|
||||||
|
|
||||||
@@ -325,7 +329,7 @@ L(ATR64main):
|
|
||||||
movq %r11, %r10
|
|
||||||
andq $-32, %r10
|
|
||||||
cmpq %r10, %rdi
|
|
||||||
- jge L(mt16)
|
|
||||||
+ jae L(mt16)
|
|
||||||
|
|
||||||
L(ATR32res):
|
|
||||||
movdqa (%rdi,%rsi), %xmm0
|
|
||||||
diff --git a/sysdeps/x86_64/x32/Makefile b/sysdeps/x86_64/x32/Makefile
|
|
||||||
index f2ebc24..457c707 100644
|
|
||||||
--- a/sysdeps/x86_64/x32/Makefile
|
|
||||||
+++ b/sysdeps/x86_64/x32/Makefile
|
|
||||||
@@ -4,3 +4,7 @@ ifeq ($(subdir),math)
|
|
||||||
# 64-bit llround. Add -fno-builtin-lround to silence the compiler.
|
|
||||||
CFLAGS-s_llround.c += -fno-builtin-lround
|
|
||||||
endif
|
|
||||||
+
|
|
||||||
+ifeq ($(subdir),string)
|
|
||||||
+ tests += tst-size_t-memcmp-2
|
|
||||||
+endif
|
|
||||||
\ No newline at end of file
|
|
||||||
diff --git a/sysdeps/x86_64/x32/tst-size_t-memcmp-2.c b/sysdeps/x86_64/x32/tst-size_t-memcmp-2.c
|
|
||||||
new file mode 100644
|
|
||||||
index 0000000000..d8ae1a0813
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/sysdeps/x86_64/x32/tst-size_t-memcmp-2.c
|
|
||||||
@@ -0,0 +1,79 @@
|
|
||||||
+/* Test memcmp with size_t in the lower 32 bits of 64-bit register.
|
|
||||||
+ Copyright (C) 2019 Free Software Foundation, Inc.
|
|
||||||
+ This file is part of the GNU C Library.
|
|
||||||
+
|
|
||||||
+ The GNU C Library is free software; you can redistribute it and/or
|
|
||||||
+ modify it under the terms of the GNU Lesser General Public
|
|
||||||
+ License as published by the Free Software Foundation; either
|
|
||||||
+ version 2.1 of the License, or (at your option) any later version.
|
|
||||||
+
|
|
||||||
+ The GNU C Library is distributed in the hope that it will be useful,
|
|
||||||
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
||||||
+ Lesser General Public License for more details.
|
|
||||||
+
|
|
||||||
+ You should have received a copy of the GNU Lesser General Public
|
|
||||||
+ License along with the GNU C Library; if not, see
|
|
||||||
+ <http://www.gnu.org/licenses/>. */
|
|
||||||
+
|
|
||||||
+#define TEST_MAIN
|
|
||||||
+#ifdef WIDE
|
|
||||||
+# define TEST_NAME "wmemcmp"
|
|
||||||
+#else
|
|
||||||
+# define TEST_NAME "memcmp"
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
+#include "test-size_t.h"
|
|
||||||
+
|
|
||||||
+#ifdef WIDE
|
|
||||||
+# include <inttypes.h>
|
|
||||||
+# include <wchar.h>
|
|
||||||
+
|
|
||||||
+# define MEMCMP wmemcmp
|
|
||||||
+# define CHAR wchar_t
|
|
||||||
+#else
|
|
||||||
+# define MEMCMP memcmp
|
|
||||||
+# define CHAR char
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
+IMPL (MEMCMP, 1)
|
|
||||||
+
|
|
||||||
+typedef int (*proto_t) (const CHAR *, const CHAR *, size_t);
|
|
||||||
+
|
|
||||||
+static int
|
|
||||||
+__attribute__ ((noinline, noclone))
|
|
||||||
+do_memcmp (parameter_t a, parameter_t b)
|
|
||||||
+{
|
|
||||||
+ return CALL (&b, a.p, b.p, a.len);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static int
|
|
||||||
+test_main (void)
|
|
||||||
+{
|
|
||||||
+ test_init ();
|
|
||||||
+
|
|
||||||
+ parameter_t dest = { { page_size / sizeof (CHAR) }, buf1 };
|
|
||||||
+ parameter_t src = { { 0 }, buf2 };
|
|
||||||
+
|
|
||||||
+ memcpy (buf1, buf2, page_size);
|
|
||||||
+
|
|
||||||
+ CHAR *p = (CHAR *) buf1;
|
|
||||||
+ p[page_size / sizeof (CHAR) - 1] = (CHAR) 1;
|
|
||||||
+
|
|
||||||
+ int ret = 0;
|
|
||||||
+ FOR_EACH_IMPL (impl, 0)
|
|
||||||
+ {
|
|
||||||
+ src.fn = impl->fn;
|
|
||||||
+ int res = do_memcmp (dest, src);
|
|
||||||
+ if (res >= 0)
|
|
||||||
+ {
|
|
||||||
+ error (0, 0, "Wrong result in function %s: %i >= 0",
|
|
||||||
+ impl->name, res);
|
|
||||||
+ ret = 1;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ return ret ? EXIT_FAILURE : EXIT_SUCCESS;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+#include <support/test-driver.c>
|
|
||||||
--
|
|
|
@ -1,33 +0,0 @@
|
||||||
From 583dd860d5b833037175247230a328f0050dbfe9 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Paul Eggert <eggert@cs.ucla.edu>
|
|
||||||
Date: Mon, 21 Jan 2019 11:08:13 -0800
|
|
||||||
Subject: [PATCH] regex: fix read overrun [BZ #24114]
|
|
||||||
|
|
||||||
Problem found by AddressSanitizer, reported by Hongxu Chen in:
|
|
||||||
https://debbugs.gnu.org/34140
|
|
||||||
* posix/regexec.c (proceed_next_node):
|
|
||||||
Do not read past end of input buffer.
|
|
||||||
---
|
|
||||||
posix/regexec.c | 6 ++++--
|
|
||||||
1 file changed, 3 insertions(+), 3 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/posix/regexec.c b/posix/regexec.c
|
|
||||||
index 91d5a79..084b122 100644
|
|
||||||
--- a/posix/regexec.c
|
|
||||||
+++ b/posix/regexec.c
|
|
||||||
@@ -1293,8 +1293,10 @@ proceed_next_node (const re_match_context_t *mctx, Idx nregs, regmatch_t *regs,
|
|
||||||
else if (naccepted)
|
|
||||||
{
|
|
||||||
char *buf = (char *) re_string_get_buffer (&mctx->input);
|
|
||||||
- if (memcmp (buf + regs[subexp_idx].rm_so, buf + *pidx,
|
|
||||||
- naccepted) != 0)
|
|
||||||
+ if (mctx->input.valid_len - *pidx < naccepted
|
|
||||||
+ || (memcmp (buf + regs[subexp_idx].rm_so, buf + *pidx,
|
|
||||||
+ naccepted)
|
|
||||||
+ != 0))
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
--
|
|
||||||
2.9.3
|
|
||||||
|
|
|
@ -1,126 +0,0 @@
|
||||||
From 0474cd5de60448f31d7b872805257092faa626e4 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Joseph Myers <joseph@codesourcery.com>
|
|
||||||
Date: Wed, 12 Feb 2020 23:31:56 +0000
|
|
||||||
Subject: [PATCH] Avoid ldbl-96 stack corruption from range reduction of
|
|
||||||
pseudo-zero (bug 25487).
|
|
||||||
|
|
||||||
Bug 25487 reports stack corruption in ldbl-96 sinl on a pseudo-zero
|
|
||||||
argument (an representation where all the significand bits, including
|
|
||||||
the explicit high bit, are zero, but the exponent is not zero, which
|
|
||||||
is not a valid representation for the long double type).
|
|
||||||
|
|
||||||
Although this is not a valid long double representation, existing
|
|
||||||
practice in this area (see bug 4586, originally marked invalid but
|
|
||||||
subsequently fixed) is that we still seek to avoid invalid memory
|
|
||||||
accesses as a result, in case of programs that treat arbitrary binary
|
|
||||||
data as long double representations, although the invalid
|
|
||||||
representations of the ldbl-96 format do not need to be consistently
|
|
||||||
handled the same as any particular valid representation.
|
|
||||||
|
|
||||||
This patch makes the range reduction detect pseudo-zero and unnormal
|
|
||||||
representations that would otherwise go to __kernel_rem_pio2, and
|
|
||||||
returns a NaN for them instead of continuing with the range reduction
|
|
||||||
process. (Pseudo-zero and unnormal representations whose unbiased
|
|
||||||
exponent is less than -1 have already been safely returned from the
|
|
||||||
function before this point without going through the rest of range
|
|
||||||
reduction.) Pseudo-zero representations would previously result in
|
|
||||||
the value passed to __kernel_rem_pio2 being all-zero, which is
|
|
||||||
definitely unsafe; unnormal representations would previously result in
|
|
||||||
a value passed whose high bit is zero, which might well be unsafe
|
|
||||||
since that is not a form of input expected by __kernel_rem_pio2.
|
|
||||||
|
|
||||||
Tested for x86_64.
|
|
||||||
|
|
||||||
(cherry picked from commit 9333498794cde1d5cca518badf79533a24114b6f)
|
|
||||||
---
|
|
||||||
sysdeps/ieee754/ldbl-96/Makefile | 3 +-
|
|
||||||
sysdeps/ieee754/ldbl-96/e_rem_pio2l.c | 12 +++++++
|
|
||||||
sysdeps/ieee754/ldbl-96/test-sinl-pseudo.c | 41 ++++++++++++++++++++++
|
|
||||||
3 files changed, 55 insertions(+), 1 deletion(-)
|
|
||||||
create mode 100644 sysdeps/ieee754/ldbl-96/test-sinl-pseudo.c
|
|
||||||
|
|
||||||
diff --git a/sysdeps/ieee754/ldbl-96/Makefile b/sysdeps/ieee754/ldbl-96/Makefile
|
|
||||||
index b103254214..052c1c7703 100644
|
|
||||||
--- a/sysdeps/ieee754/ldbl-96/Makefile
|
|
||||||
+++ b/sysdeps/ieee754/ldbl-96/Makefile
|
|
||||||
@@ -17,5 +17,6 @@
|
|
||||||
# <http://www.gnu.org/licenses/>.
|
|
||||||
|
|
||||||
ifeq ($(subdir),math)
|
|
||||||
-tests += test-canonical-ldbl-96 test-totalorderl-ldbl-96
|
|
||||||
+tests += test-canonical-ldbl-96 test-totalorderl-ldbl-96 test-sinl-pseudo
|
|
||||||
+CFLAGS-test-sinl-pseudo.c += -fstack-protector-all
|
|
||||||
endif
|
|
||||||
diff --git a/sysdeps/ieee754/ldbl-96/e_rem_pio2l.c b/sysdeps/ieee754/ldbl-96/e_rem_pio2l.c
|
|
||||||
index 805de22d73..1aeccb47d7 100644
|
|
||||||
--- a/sysdeps/ieee754/ldbl-96/e_rem_pio2l.c
|
|
||||||
+++ b/sysdeps/ieee754/ldbl-96/e_rem_pio2l.c
|
|
||||||
@@ -210,6 +210,18 @@ __ieee754_rem_pio2l (long double x, long double *y)
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
+ if ((i0 & 0x80000000) == 0)
|
|
||||||
+ {
|
|
||||||
+ /* Pseudo-zero and unnormal representations are not valid
|
|
||||||
+ representations of long double. We need to avoid stack
|
|
||||||
+ corruption in __kernel_rem_pio2, which expects input in a
|
|
||||||
+ particular normal form, but those representations do not need
|
|
||||||
+ to be consistently handled like any particular floating-point
|
|
||||||
+ value. */
|
|
||||||
+ y[1] = y[0] = __builtin_nanl ("");
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
/* Split the 64 bits of the mantissa into three 24-bit integers
|
|
||||||
stored in a double array. */
|
|
||||||
exp = j0 - 23;
|
|
||||||
diff --git a/sysdeps/ieee754/ldbl-96/test-sinl-pseudo.c b/sysdeps/ieee754/ldbl-96/test-sinl-pseudo.c
|
|
||||||
new file mode 100644
|
|
||||||
index 0000000000..f59b97769d
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/sysdeps/ieee754/ldbl-96/test-sinl-pseudo.c
|
|
||||||
@@ -0,0 +1,41 @@
|
|
||||||
+/* Test sinl for pseudo-zeros and unnormals for ldbl-96 (bug 25487).
|
|
||||||
+ Copyright (C) 2020 Free Software Foundation, Inc.
|
|
||||||
+ This file is part of the GNU C Library.
|
|
||||||
+
|
|
||||||
+ The GNU C Library is free software; you can redistribute it and/or
|
|
||||||
+ modify it under the terms of the GNU Lesser General Public
|
|
||||||
+ License as published by the Free Software Foundation; either
|
|
||||||
+ version 2.1 of the License, or (at your option) any later version.
|
|
||||||
+
|
|
||||||
+ The GNU C Library is distributed in the hope that it will be useful,
|
|
||||||
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
||||||
+ Lesser General Public License for more details.
|
|
||||||
+
|
|
||||||
+ You should have received a copy of the GNU Lesser General Public
|
|
||||||
+ License along with the GNU C Library; if not, see
|
|
||||||
+ <https://www.gnu.org/licenses/>. */
|
|
||||||
+
|
|
||||||
+#include <math.h>
|
|
||||||
+#include <math_ldbl.h>
|
|
||||||
+#include <stdint.h>
|
|
||||||
+
|
|
||||||
+static int
|
|
||||||
+do_test (void)
|
|
||||||
+{
|
|
||||||
+ for (int i = 0; i < 64; i++)
|
|
||||||
+ {
|
|
||||||
+ uint64_t sig = i == 63 ? 0 : 1ULL << i;
|
|
||||||
+ long double ld;
|
|
||||||
+ SET_LDOUBLE_WORDS (ld, 0x4141,
|
|
||||||
+ sig >> 32, sig & 0xffffffffULL);
|
|
||||||
+ /* The requirement is that no stack overflow occurs when the
|
|
||||||
+ pseudo-zero or unnormal goes through range reduction. */
|
|
||||||
+ volatile long double ldr;
|
|
||||||
+ ldr = sinl (ld);
|
|
||||||
+ (void) ldr;
|
|
||||||
+ }
|
|
||||||
+ return 0;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+#include <support/test-driver.c>
|
|
||||||
--
|
|
||||||
2.25.1
|
|
||||||
|
|
|
@ -1,65 +0,0 @@
|
||||||
From 21344a3d62a29406fddeec069ee4eb3c341369f9 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Andreas Schwab <schwab@suse.de>
|
|
||||||
Date: Wed, 19 Feb 2020 17:21:46 +0100
|
|
||||||
Subject: [PATCH] Fix use-after-free in glob when expanding ~user (bug 25414)
|
|
||||||
|
|
||||||
The value of `end_name' points into the value of `dirname', thus don't
|
|
||||||
deallocate the latter before the last use of the former.
|
|
||||||
|
|
||||||
(cherry picked from commit ddc650e9b3dc916eab417ce9f79e67337b05035c)
|
|
||||||
---
|
|
||||||
posix/glob.c | 25 +++++++++++++------------
|
|
||||||
2 files changed, 17 insertions(+), 12 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/posix/glob.c b/posix/glob.c
|
|
||||||
index 8444b2f79e..1b389d2da1 100644
|
|
||||||
--- a/posix/glob.c
|
|
||||||
+++ b/posix/glob.c
|
|
||||||
@@ -827,31 +827,32 @@ __glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
|
|
||||||
{
|
|
||||||
size_t home_len = strlen (p->pw_dir);
|
|
||||||
size_t rest_len = end_name == NULL ? 0 : strlen (end_name);
|
|
||||||
- char *d;
|
|
||||||
+ char *d, *newp;
|
|
||||||
+ bool use_alloca = glob_use_alloca (alloca_used,
|
|
||||||
+ home_len + rest_len + 1);
|
|
||||||
|
|
||||||
- if (__glibc_unlikely (malloc_dirname))
|
|
||||||
- free (dirname);
|
|
||||||
- malloc_dirname = 0;
|
|
||||||
-
|
|
||||||
- if (glob_use_alloca (alloca_used, home_len + rest_len + 1))
|
|
||||||
- dirname = alloca_account (home_len + rest_len + 1,
|
|
||||||
- alloca_used);
|
|
||||||
+ if (use_alloca)
|
|
||||||
+ newp = alloca_account (home_len + rest_len + 1, alloca_used);
|
|
||||||
else
|
|
||||||
{
|
|
||||||
- dirname = malloc (home_len + rest_len + 1);
|
|
||||||
- if (dirname == NULL)
|
|
||||||
+ newp = malloc (home_len + rest_len + 1);
|
|
||||||
+ if (newp == NULL)
|
|
||||||
{
|
|
||||||
scratch_buffer_free (&pwtmpbuf);
|
|
||||||
retval = GLOB_NOSPACE;
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
- malloc_dirname = 1;
|
|
||||||
}
|
|
||||||
- d = mempcpy (dirname, p->pw_dir, home_len);
|
|
||||||
+ d = mempcpy (newp, p->pw_dir, home_len);
|
|
||||||
if (end_name != NULL)
|
|
||||||
d = mempcpy (d, end_name, rest_len);
|
|
||||||
*d = '\0';
|
|
||||||
|
|
||||||
+ if (__glibc_unlikely (malloc_dirname))
|
|
||||||
+ free (dirname);
|
|
||||||
+ dirname = newp;
|
|
||||||
+ malloc_dirname = !use_alloca;
|
|
||||||
+
|
|
||||||
dirlen = home_len + rest_len;
|
|
||||||
dirname_modified = 1;
|
|
||||||
}
|
|
||||||
--
|
|
||||||
2.25.1
|
|
||||||
|
|
|
@ -1,56 +0,0 @@
|
||||||
From 9a99c682144bdbd40792ebf822fe9264e0376fb5 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Arjun Shankar <arjun@redhat.com>
|
|
||||||
Date: Wed, 4 Nov 2020 12:19:38 +0100
|
|
||||||
Subject: [PATCH] iconv: Accept redundant shift sequences in IBM1364 [BZ
|
|
||||||
#26224]
|
|
||||||
|
|
||||||
The IBM1364, IBM1371, IBM1388, IBM1390 and IBM1399 character sets
|
|
||||||
share converter logic (iconvdata/ibm1364.c) which would reject
|
|
||||||
redundant shift sequences when processing input in these character
|
|
||||||
sets. This led to a hang in the iconv program (CVE-2020-27618).
|
|
||||||
|
|
||||||
This commit adjusts the converter to ignore redundant shift sequences
|
|
||||||
and adds test cases for iconv_prog hangs that would be triggered upon
|
|
||||||
their rejection. This brings the implementation in line with other
|
|
||||||
converters that also ignore redundant shift sequences (e.g. IBM930
|
|
||||||
etc., fixed in commit 692de4b3960d).
|
|
||||||
|
|
||||||
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
|
|
||||||
---
|
|
||||||
iconvdata/ibm1364.c | 14 ++------------
|
|
||||||
1 file changed, 2 insertions(+), 12 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/iconvdata/ibm1364.c b/iconvdata/ibm1364.c
|
|
||||||
index 49e7267ab4..521f0825b7 100644
|
|
||||||
--- a/iconvdata/ibm1364.c
|
|
||||||
+++ b/iconvdata/ibm1364.c
|
|
||||||
@@ -158,24 +158,14 @@ enum
|
|
||||||
\
|
|
||||||
if (__builtin_expect (ch, 0) == SO) \
|
|
||||||
{ \
|
|
||||||
- /* Shift OUT, change to DBCS converter. */ \
|
|
||||||
- if (curcs == db) \
|
|
||||||
- { \
|
|
||||||
- result = __GCONV_ILLEGAL_INPUT; \
|
|
||||||
- break; \
|
|
||||||
- } \
|
|
||||||
+ /* Shift OUT, change to DBCS converter (redundant escape okay). */ \
|
|
||||||
curcs = db; \
|
|
||||||
++inptr; \
|
|
||||||
continue; \
|
|
||||||
} \
|
|
||||||
if (__builtin_expect (ch, 0) == SI) \
|
|
||||||
{ \
|
|
||||||
- /* Shift IN, change to SBCS converter. */ \
|
|
||||||
- if (curcs == sb) \
|
|
||||||
- { \
|
|
||||||
- result = __GCONV_ILLEGAL_INPUT; \
|
|
||||||
- break; \
|
|
||||||
- } \
|
|
||||||
+ /* Shift IN, change to SBCS converter (redundant escape okay). */ \
|
|
||||||
curcs = sb; \
|
|
||||||
++inptr; \
|
|
||||||
continue; \
|
|
||||||
--
|
|
||||||
2.27.0
|
|
||||||
|
|
|
@ -1,286 +0,0 @@
|
||||||
From: Florian Weimer <fweimer@redhat.com>
|
|
||||||
Date: Wed, 27 Jan 2021 12:36:12 +0000 (+0100)
|
|
||||||
Subject: gconv: Fix assertion failure in ISO-2022-JP-3 module (bug 27256)
|
|
||||||
X-Git-Url: https://sourceware.org/git/?p=glibc.git;a=commitdiff_plain;h=e9db7768
|
|
||||||
|
|
||||||
gconv: Fix assertion failure in ISO-2022-JP-3 module (bug 27256)
|
|
||||||
|
|
||||||
The conversion loop to the internal encoding does not follow
|
|
||||||
the interface contract that __GCONV_FULL_OUTPUT is only returned
|
|
||||||
after the internal wchar_t buffer has been filled completely. This
|
|
||||||
is enforced by the first of the two asserts in iconv/skeleton.c:
|
|
||||||
|
|
||||||
/* We must run out of output buffer space in this
|
|
||||||
rerun. */
|
|
||||||
assert (outbuf == outerr);
|
|
||||||
assert (nstatus == __GCONV_FULL_OUTPUT);
|
|
||||||
|
|
||||||
This commit solves this issue by queuing a second wide character
|
|
||||||
which cannot be written immediately in the state variable, like
|
|
||||||
other converters already do (e.g., BIG5-HKSCS or TSCII).
|
|
||||||
|
|
||||||
Reported-by: Tavis Ormandy <taviso@gmail.com>
|
|
||||||
(cherry picked from commit 7d88c6142c6efc160c0ee5e4f85cde382c072888)
|
|
||||||
---
|
|
||||||
|
|
||||||
diff --git a/iconvdata/Makefile b/iconvdata/Makefile
|
|
||||||
index 06e161d9b8..36dd5d12c3 100644
|
|
||||||
--- a/iconvdata/Makefile
|
|
||||||
+++ b/iconvdata/Makefile
|
|
||||||
@@ -74,7 +74,7 @@ modules.so := $(addsuffix .so, $(modules))
|
|
||||||
tests = bug-iconv1 bug-iconv2 tst-loading tst-e2big tst-iconv4 bug-iconv4 \
|
|
||||||
tst-iconv6 bug-iconv5 bug-iconv6 tst-iconv7 bug-iconv8 bug-iconv9 \
|
|
||||||
bug-iconv10 bug-iconv11 bug-iconv12 \
|
|
||||||
- bug-iconv13
|
|
||||||
+ bug-iconv13 bug-iconv14
|
|
||||||
ifeq ($(have-thread-library),yes)
|
|
||||||
tests += bug-iconv3
|
|
||||||
endif
|
|
||||||
@@ -316,6 +316,8 @@ $(objpfx)bug-iconv10.out: $(objpfx)gconv-modules \
|
|
||||||
$(addprefix $(objpfx),$(modules.so))
|
|
||||||
$(objpfx)bug-iconv12.out: $(objpfx)gconv-modules \
|
|
||||||
$(addprefix $(objpfx),$(modules.so))
|
|
||||||
+$(objpfx)bug-iconv14.out: $(objpfx)gconv-modules \
|
|
||||||
+ $(addprefix $(objpfx),$(modules.so))
|
|
||||||
|
|
||||||
$(objpfx)iconv-test.out: run-iconv-test.sh $(objpfx)gconv-modules \
|
|
||||||
$(addprefix $(objpfx),$(modules.so)) \
|
|
||||||
diff --git a/iconvdata/bug-iconv14.c b/iconvdata/bug-iconv14.c
|
|
||||||
new file mode 100644
|
|
||||||
index 0000000000..902f140fa9
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/iconvdata/bug-iconv14.c
|
|
||||||
@@ -0,0 +1,127 @@
|
|
||||||
+/* Assertion in ISO-2022-JP-3 due to two-character sequence (bug 27256).
|
|
||||||
+ Copyright (C) 2021 Free Software Foundation, Inc.
|
|
||||||
+ This file is part of the GNU C Library.
|
|
||||||
+
|
|
||||||
+ The GNU C Library is free software; you can redistribute it and/or
|
|
||||||
+ modify it under the terms of the GNU Lesser General Public
|
|
||||||
+ License as published by the Free Software Foundation; either
|
|
||||||
+ version 2.1 of the License, or (at your option) any later version.
|
|
||||||
+
|
|
||||||
+ The GNU C Library is distributed in the hope that it will be useful,
|
|
||||||
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
||||||
+ Lesser General Public License for more details.
|
|
||||||
+
|
|
||||||
+ You should have received a copy of the GNU Lesser General Public
|
|
||||||
+ License along with the GNU C Library; if not, see
|
|
||||||
+ <https://www.gnu.org/licenses/>. */
|
|
||||||
+
|
|
||||||
+#include <iconv.h>
|
|
||||||
+#include <string.h>
|
|
||||||
+#include <errno.h>
|
|
||||||
+#include <support/check.h>
|
|
||||||
+
|
|
||||||
+/* Use an escape sequence to return to the initial state. */
|
|
||||||
+static void
|
|
||||||
+with_escape_sequence (void)
|
|
||||||
+{
|
|
||||||
+ iconv_t c = iconv_open ("UTF-8", "ISO-2022-JP-3");
|
|
||||||
+ TEST_VERIFY_EXIT (c != (iconv_t) -1);
|
|
||||||
+
|
|
||||||
+ char in[] = "\e$(O+D\e(B";
|
|
||||||
+ char *inbuf = in;
|
|
||||||
+ size_t inleft = strlen (in);
|
|
||||||
+ char out[3]; /* Space for one output character. */
|
|
||||||
+ char *outbuf;
|
|
||||||
+ size_t outleft;
|
|
||||||
+
|
|
||||||
+ outbuf = out;
|
|
||||||
+ outleft = sizeof (out);
|
|
||||||
+ TEST_COMPARE (iconv (c, &inbuf, &inleft, &outbuf, &outleft), (size_t) -1);
|
|
||||||
+ TEST_COMPARE (errno, E2BIG);
|
|
||||||
+ TEST_COMPARE (inleft, 3);
|
|
||||||
+ TEST_COMPARE (inbuf - in, strlen (in) - 3);
|
|
||||||
+ TEST_COMPARE (outleft, sizeof (out) - 2);
|
|
||||||
+ TEST_COMPARE (outbuf - out, 2);
|
|
||||||
+ TEST_COMPARE (out[0] & 0xff, 0xc3);
|
|
||||||
+ TEST_COMPARE (out[1] & 0xff, 0xa6);
|
|
||||||
+
|
|
||||||
+ /* Return to the initial shift state, producing the pending
|
|
||||||
+ character. */
|
|
||||||
+ outbuf = out;
|
|
||||||
+ outleft = sizeof (out);
|
|
||||||
+ TEST_COMPARE (iconv (c, &inbuf, &inleft, &outbuf, &outleft), 0);
|
|
||||||
+ TEST_COMPARE (inleft, 0);
|
|
||||||
+ TEST_COMPARE (inbuf - in, strlen (in));
|
|
||||||
+ TEST_COMPARE (outleft, sizeof (out) - 2);
|
|
||||||
+ TEST_COMPARE (outbuf - out, 2);
|
|
||||||
+ TEST_COMPARE (out[0] & 0xff, 0xcc);
|
|
||||||
+ TEST_COMPARE (out[1] & 0xff, 0x80);
|
|
||||||
+
|
|
||||||
+ /* Nothing should be flushed the second time. */
|
|
||||||
+ outbuf = out;
|
|
||||||
+ outleft = sizeof (out);
|
|
||||||
+ TEST_COMPARE (iconv (c, NULL, 0, &outbuf, &outleft), 0);
|
|
||||||
+ TEST_COMPARE (outleft, sizeof (out));
|
|
||||||
+ TEST_COMPARE (outbuf - out, 0);
|
|
||||||
+ TEST_COMPARE (out[0] & 0xff, 0xcc);
|
|
||||||
+ TEST_COMPARE (out[1] & 0xff, 0x80);
|
|
||||||
+
|
|
||||||
+ TEST_COMPARE (iconv_close (c), 0);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+/* Use an explicit flush to return to the initial state. */
|
|
||||||
+static void
|
|
||||||
+with_flush (void)
|
|
||||||
+{
|
|
||||||
+ iconv_t c = iconv_open ("UTF-8", "ISO-2022-JP-3");
|
|
||||||
+ TEST_VERIFY_EXIT (c != (iconv_t) -1);
|
|
||||||
+
|
|
||||||
+ char in[] = "\e$(O+D";
|
|
||||||
+ char *inbuf = in;
|
|
||||||
+ size_t inleft = strlen (in);
|
|
||||||
+ char out[3]; /* Space for one output character. */
|
|
||||||
+ char *outbuf;
|
|
||||||
+ size_t outleft;
|
|
||||||
+
|
|
||||||
+ outbuf = out;
|
|
||||||
+ outleft = sizeof (out);
|
|
||||||
+ TEST_COMPARE (iconv (c, &inbuf, &inleft, &outbuf, &outleft), (size_t) -1);
|
|
||||||
+ TEST_COMPARE (errno, E2BIG);
|
|
||||||
+ TEST_COMPARE (inleft, 0);
|
|
||||||
+ TEST_COMPARE (inbuf - in, strlen (in));
|
|
||||||
+ TEST_COMPARE (outleft, sizeof (out) - 2);
|
|
||||||
+ TEST_COMPARE (outbuf - out, 2);
|
|
||||||
+ TEST_COMPARE (out[0] & 0xff, 0xc3);
|
|
||||||
+ TEST_COMPARE (out[1] & 0xff, 0xa6);
|
|
||||||
+
|
|
||||||
+ /* Flush the pending character. */
|
|
||||||
+ outbuf = out;
|
|
||||||
+ outleft = sizeof (out);
|
|
||||||
+ TEST_COMPARE (iconv (c, NULL, 0, &outbuf, &outleft), 0);
|
|
||||||
+ TEST_COMPARE (outleft, sizeof (out) - 2);
|
|
||||||
+ TEST_COMPARE (outbuf - out, 2);
|
|
||||||
+ TEST_COMPARE (out[0] & 0xff, 0xcc);
|
|
||||||
+ TEST_COMPARE (out[1] & 0xff, 0x80);
|
|
||||||
+
|
|
||||||
+ /* Nothing should be flushed the second time. */
|
|
||||||
+ outbuf = out;
|
|
||||||
+ outleft = sizeof (out);
|
|
||||||
+ TEST_COMPARE (iconv (c, NULL, 0, &outbuf, &outleft), 0);
|
|
||||||
+ TEST_COMPARE (outleft, sizeof (out));
|
|
||||||
+ TEST_COMPARE (outbuf - out, 0);
|
|
||||||
+ TEST_COMPARE (out[0] & 0xff, 0xcc);
|
|
||||||
+ TEST_COMPARE (out[1] & 0xff, 0x80);
|
|
||||||
+
|
|
||||||
+ TEST_COMPARE (iconv_close (c), 0);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static int
|
|
||||||
+do_test (void)
|
|
||||||
+{
|
|
||||||
+ with_escape_sequence ();
|
|
||||||
+ with_flush ();
|
|
||||||
+ return 0;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+#include <support/test-driver.c>
|
|
||||||
diff --git a/iconvdata/iso-2022-jp-3.c b/iconvdata/iso-2022-jp-3.c
|
|
||||||
index de259580c3..047fab8e8d 100644
|
|
||||||
--- a/iconvdata/iso-2022-jp-3.c
|
|
||||||
+++ b/iconvdata/iso-2022-jp-3.c
|
|
||||||
@@ -67,23 +67,34 @@ enum
|
|
||||||
CURRENT_SEL_MASK = 7 << 3
|
|
||||||
};
|
|
||||||
|
|
||||||
-/* During UCS-4 to ISO-2022-JP-3 conversion, the COUNT element of the state
|
|
||||||
- also contains the last two bytes to be output, shifted by 6 bits, and a
|
|
||||||
- one-bit indicator whether they must be preceded by the shift sequence,
|
|
||||||
- in bit 22. */
|
|
||||||
+/* During UCS-4 to ISO-2022-JP-3 conversion, the COUNT element of the
|
|
||||||
+ state also contains the last two bytes to be output, shifted by 6
|
|
||||||
+ bits, and a one-bit indicator whether they must be preceded by the
|
|
||||||
+ shift sequence, in bit 22. During ISO-2022-JP-3 to UCS-4
|
|
||||||
+ conversion, COUNT may also contain a non-zero pending wide
|
|
||||||
+ character, shifted by six bits. This happens for certain inputs in
|
|
||||||
+ JISX0213_1_2004_set and JISX0213_2_set if the second wide character
|
|
||||||
+ in a combining sequence cannot be written because the buffer is
|
|
||||||
+ full. */
|
|
||||||
|
|
||||||
/* Since this is a stateful encoding we have to provide code which resets
|
|
||||||
the output state to the initial state. This has to be done during the
|
|
||||||
flushing. */
|
|
||||||
#define EMIT_SHIFT_TO_INIT \
|
|
||||||
- if ((data->__statep->__count & ~7) != ASCII_set) \
|
|
||||||
+ if (data->__statep->__count != ASCII_set) \
|
|
||||||
{ \
|
|
||||||
if (FROM_DIRECTION) \
|
|
||||||
{ \
|
|
||||||
- /* It's easy, we don't have to emit anything, we just reset the \
|
|
||||||
- state for the input. */ \
|
|
||||||
- data->__statep->__count &= 7; \
|
|
||||||
- data->__statep->__count |= ASCII_set; \
|
|
||||||
+ if (__glibc_likely (outbuf + 4 <= outend)) \
|
|
||||||
+ { \
|
|
||||||
+ /* Write out the last character. */ \
|
|
||||||
+ *((uint32_t *) outbuf) = data->__statep->__count >> 6; \
|
|
||||||
+ outbuf += sizeof (uint32_t); \
|
|
||||||
+ data->__statep->__count = ASCII_set; \
|
|
||||||
+ } \
|
|
||||||
+ else \
|
|
||||||
+ /* We don't have enough room in the output buffer. */ \
|
|
||||||
+ status = __GCONV_FULL_OUTPUT; \
|
|
||||||
} \
|
|
||||||
else \
|
|
||||||
{ \
|
|
||||||
@@ -151,7 +162,21 @@ enum
|
|
||||||
#define LOOPFCT FROM_LOOP
|
|
||||||
#define BODY \
|
|
||||||
{ \
|
|
||||||
- uint32_t ch = *inptr; \
|
|
||||||
+ uint32_t ch; \
|
|
||||||
+ \
|
|
||||||
+ /* Output any pending character. */ \
|
|
||||||
+ ch = set >> 6; \
|
|
||||||
+ if (__glibc_unlikely (ch != 0)) \
|
|
||||||
+ { \
|
|
||||||
+ put32 (outptr, ch); \
|
|
||||||
+ outptr += 4; \
|
|
||||||
+ /* Remove the pending character, but preserve state bits. */ \
|
|
||||||
+ set &= (1 << 6) - 1; \
|
|
||||||
+ continue; \
|
|
||||||
+ } \
|
|
||||||
+ \
|
|
||||||
+ /* Otherwise read the next input byte. */ \
|
|
||||||
+ ch = *inptr; \
|
|
||||||
\
|
|
||||||
/* Recognize escape sequences. */ \
|
|
||||||
if (__glibc_unlikely (ch == ESC)) \
|
|
||||||
@@ -297,21 +322,25 @@ enum
|
|
||||||
uint32_t u1 = __jisx0213_to_ucs_combining[ch - 1][0]; \
|
|
||||||
uint32_t u2 = __jisx0213_to_ucs_combining[ch - 1][1]; \
|
|
||||||
\
|
|
||||||
+ inptr += 2; \
|
|
||||||
+ \
|
|
||||||
+ put32 (outptr, u1); \
|
|
||||||
+ outptr += 4; \
|
|
||||||
+ \
|
|
||||||
/* See whether we have room for two characters. */ \
|
|
||||||
- if (outptr + 8 <= outend) \
|
|
||||||
+ if (outptr + 4 <= outend) \
|
|
||||||
{ \
|
|
||||||
- inptr += 2; \
|
|
||||||
- put32 (outptr, u1); \
|
|
||||||
- outptr += 4; \
|
|
||||||
put32 (outptr, u2); \
|
|
||||||
outptr += 4; \
|
|
||||||
continue; \
|
|
||||||
} \
|
|
||||||
- else \
|
|
||||||
- { \
|
|
||||||
- result = __GCONV_FULL_OUTPUT; \
|
|
||||||
- break; \
|
|
||||||
- } \
|
|
||||||
+ \
|
|
||||||
+ /* Otherwise store only the first character now, and \
|
|
||||||
+ put the second one into the queue. */ \
|
|
||||||
+ set |= u2 << 6; \
|
|
||||||
+ /* Tell the caller why we terminate the loop. */ \
|
|
||||||
+ result = __GCONV_FULL_OUTPUT; \
|
|
||||||
+ break; \
|
|
||||||
} \
|
|
||||||
\
|
|
||||||
inptr += 2; \
|
|
|
@ -1,162 +0,0 @@
|
||||||
Patch from the OpenSUSE glibc
|
|
||||||
|
|
||||||
---
|
|
||||||
sunrpc/bindrsvprt.c | 107 ++++++++++++++++++++++++++++++++++++++++++++++++----
|
|
||||||
1 file changed, 99 insertions(+), 8 deletions(-)
|
|
||||||
|
|
||||||
--- a/sunrpc/bindrsvprt.c
|
|
||||||
+++ b/sunrpc/bindrsvprt.c
|
|
||||||
@@ -29,34 +29,114 @@
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*/
|
|
||||||
|
|
||||||
+#include <stdio.h>
|
|
||||||
+#include <ctype.h>
|
|
||||||
#include <errno.h>
|
|
||||||
+#include <stdlib.h>
|
|
||||||
#include <unistd.h>
|
|
||||||
#include <string.h>
|
|
||||||
#include <sys/types.h>
|
|
||||||
#include <sys/socket.h>
|
|
||||||
#include <netinet/in.h>
|
|
||||||
#include <libc-lock.h>
|
|
||||||
|
|
||||||
+#define STARTPORT 600
|
|
||||||
+#define LOWPORT 512
|
|
||||||
+#define ENDPORT (IPPORT_RESERVED - 1)
|
|
||||||
+#define NPORTS (ENDPORT - STARTPORT + 1)
|
|
||||||
+
|
|
||||||
+/*
|
|
||||||
+ * Read the file /etc/rpc.blacklisted, so that we don't bind
|
|
||||||
+ * to this ports.
|
|
||||||
+ */
|
|
||||||
+
|
|
||||||
+static int blacklist_read;
|
|
||||||
+static int *list;
|
|
||||||
+static int list_size = 0;
|
|
||||||
+
|
|
||||||
+static void
|
|
||||||
+load_blacklist (void)
|
|
||||||
+{
|
|
||||||
+ FILE *fp;
|
|
||||||
+ char *buf = NULL;
|
|
||||||
+ size_t buflen = 0;
|
|
||||||
+ int size = 0, ptr = 0;
|
|
||||||
+
|
|
||||||
+ blacklist_read = 1;
|
|
||||||
+
|
|
||||||
+ fp = fopen ("/etc/bindresvport.blacklist", "r");
|
|
||||||
+ if (NULL == fp)
|
|
||||||
+ return;
|
|
||||||
+
|
|
||||||
+ while (!feof_unlocked (fp))
|
|
||||||
+ {
|
|
||||||
+ unsigned long port;
|
|
||||||
+ char *tmp, *cp;
|
|
||||||
+ ssize_t n = __getline (&buf, &buflen, fp);
|
|
||||||
+ if (n < 1)
|
|
||||||
+ break;
|
|
||||||
+
|
|
||||||
+ cp = buf;
|
|
||||||
+ tmp = strchr (cp, '#'); /* remove comments */
|
|
||||||
+ if (tmp)
|
|
||||||
+ *tmp = '\0';
|
|
||||||
+ while (isspace ((int)*cp)) /* remove spaces and tabs */
|
|
||||||
+ ++cp;
|
|
||||||
+ if (*cp == '\0') /* ignore empty lines */
|
|
||||||
+ continue;
|
|
||||||
+ if (cp[strlen (cp) - 1] == '\n')
|
|
||||||
+ cp[strlen (cp) - 1] = '\0';
|
|
||||||
+
|
|
||||||
+ port = strtoul (cp, &tmp, 0);
|
|
||||||
+ while (isspace(*tmp))
|
|
||||||
+ ++tmp;
|
|
||||||
+ if (*tmp != '\0' || (port == ULONG_MAX && errno == ERANGE))
|
|
||||||
+ continue;
|
|
||||||
+
|
|
||||||
+ /* Don't bother with out-of-range ports */
|
|
||||||
+ if (port < LOWPORT || port > ENDPORT)
|
|
||||||
+ continue;
|
|
||||||
+
|
|
||||||
+ if (ptr >= size)
|
|
||||||
+ {
|
|
||||||
+ size += 10;
|
|
||||||
+ list = realloc (list, size * sizeof (int));
|
|
||||||
+ if (list == NULL)
|
|
||||||
+ {
|
|
||||||
+ free (buf);
|
|
||||||
+ return;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ list[ptr++] = port;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ fclose (fp);
|
|
||||||
+
|
|
||||||
+ if (buf)
|
|
||||||
+ free (buf);
|
|
||||||
+
|
|
||||||
+ list_size = ptr;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
/*
|
|
||||||
* Locks the static variables in this file.
|
|
||||||
*/
|
|
||||||
__libc_lock_define_initialized (static, lock);
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Bind a socket to a privileged IP port
|
|
||||||
*/
|
|
||||||
int
|
|
||||||
bindresvport (int sd, struct sockaddr_in *sin)
|
|
||||||
{
|
|
||||||
+ static short startport = STARTPORT;
|
|
||||||
static short port;
|
|
||||||
struct sockaddr_in myaddr;
|
|
||||||
int i;
|
|
||||||
|
|
||||||
-#define STARTPORT 600
|
|
||||||
-#define LOWPORT 512
|
|
||||||
-#define ENDPORT (IPPORT_RESERVED - 1)
|
|
||||||
-#define NPORTS (ENDPORT - STARTPORT + 1)
|
|
||||||
- static short startport = STARTPORT;
|
|
||||||
+ if (!blacklist_read)
|
|
||||||
+ load_blacklist ();
|
|
||||||
|
|
||||||
if (sin == (struct sockaddr_in *) 0)
|
|
||||||
{
|
|
||||||
@@ -69,6 +149,7 @@
|
|
||||||
port = (__getpid () % NPORTS) + STARTPORT;
|
|
||||||
}
|
|
||||||
|
|
||||||
+ __set_errno (EADDRINUSE);
|
|
||||||
/* Initialize to make gcc happy. */
|
|
||||||
int res = -1;
|
|
||||||
|
|
||||||
@@ -77,12 +158,22 @@
|
|
||||||
again:
|
|
||||||
for (i = 0; i < nports; ++i)
|
|
||||||
{
|
|
||||||
- sin->sin_port = htons (port++);
|
|
||||||
- if (port > endport)
|
|
||||||
- port = startport;
|
|
||||||
+ int j;
|
|
||||||
+
|
|
||||||
+ sin->sin_port = htons (port);
|
|
||||||
+
|
|
||||||
+ /* Check, if this port is not blacklisted. */
|
|
||||||
+ for (j = 0; j < list_size; j++)
|
|
||||||
+ if (port == list[j])
|
|
||||||
+ goto try_next_port;
|
|
||||||
+
|
|
||||||
res = __bind (sd, sin, sizeof (struct sockaddr_in));
|
|
||||||
if (res >= 0 || errno != EADDRINUSE)
|
|
||||||
break;
|
|
||||||
+
|
|
||||||
+try_next_port:
|
|
||||||
+ if (++port > endport)
|
|
||||||
+ port = startport;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (i == nports && startport != LOWPORT)
|
|
|
@ -1,37 +0,0 @@
|
||||||
From: Florian Weimer <fweimer@redhat.com>
|
|
||||||
Date: Tue, 27 Nov 2018 15:12:43 +0000 (+0100)
|
|
||||||
Subject: CVE-2018-19591: if_nametoindex: Fix descriptor for overlong name [BZ #23927]
|
|
||||||
X-Git-Url: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff_plain;h=d527c860f5a3f0ed687bd03f0cb464612dc23408
|
|
||||||
|
|
||||||
CVE-2018-19591: if_nametoindex: Fix descriptor for overlong name [BZ #23927]
|
|
||||||
---
|
|
||||||
|
|
||||||
diff --git a/sysdeps/unix/sysv/linux/if_index.c b/sysdeps/unix/sysv/linux/if_index.c
|
|
||||||
index e3d0898..782fc5e 100644
|
|
||||||
--- a/sysdeps/unix/sysv/linux/if_index.c
|
|
||||||
+++ b/sysdeps/unix/sysv/linux/if_index.c
|
|
||||||
@@ -38,11 +38,6 @@ __if_nametoindex (const char *ifname)
|
|
||||||
return 0;
|
|
||||||
#else
|
|
||||||
struct ifreq ifr;
|
|
||||||
- int fd = __opensock ();
|
|
||||||
-
|
|
||||||
- if (fd < 0)
|
|
||||||
- return 0;
|
|
||||||
-
|
|
||||||
if (strlen (ifname) >= IFNAMSIZ)
|
|
||||||
{
|
|
||||||
__set_errno (ENODEV);
|
|
||||||
@@ -50,6 +45,12 @@ __if_nametoindex (const char *ifname)
|
|
||||||
}
|
|
||||||
|
|
||||||
strncpy (ifr.ifr_name, ifname, sizeof (ifr.ifr_name));
|
|
||||||
+
|
|
||||||
+ int fd = __opensock ();
|
|
||||||
+
|
|
||||||
+ if (fd < 0)
|
|
||||||
+ return 0;
|
|
||||||
+
|
|
||||||
if (__ioctl (fd, SIOCGIFINDEX, &ifr) < 0)
|
|
||||||
{
|
|
||||||
int saved_errno = errno;
|
|
|
@ -1,6 +1,6 @@
|
||||||
{
|
{
|
||||||
"Signatures": {
|
"Signatures": {
|
||||||
"glibc-2.34.tar.xz": "44d26a1fe20b8853a48f470ead01e4279e869ac149b195dda4e44a195d981ab2",
|
"glibc-2.35.tar.xz": "5123732f6b67ccd319305efd399971d58592122bcc2a6518a1bd2510dd0cf52e",
|
||||||
"locale-gen.conf": "94182ce116a42e38ce783d2a867dca1eaf4d6a347d4bff9aac4d6e61cbbfc8f4",
|
"locale-gen.conf": "94182ce116a42e38ce783d2a867dca1eaf4d6a347d4bff9aac4d6e61cbbfc8f4",
|
||||||
"locale-gen.sh": "df7169cb9f126875e0a57a4700261e16e6eba2a98312d739f972377150ba9964"
|
"locale-gen.sh": "df7169cb9f126875e0a57a4700261e16e6eba2a98312d739f972377150ba9964"
|
||||||
}
|
}
|
||||||
|
|
|
@ -6,8 +6,8 @@
|
||||||
|
|
||||||
Summary: Main C library
|
Summary: Main C library
|
||||||
Name: glibc
|
Name: glibc
|
||||||
Version: 2.34
|
Version: 2.35
|
||||||
Release: 3%{?dist}
|
Release: 1%{?dist}
|
||||||
License: BSD AND GPLv2+ AND Inner-Net AND ISC AND LGPLv2+ AND MIT
|
License: BSD AND GPLv2+ AND Inner-Net AND ISC AND LGPLv2+ AND MIT
|
||||||
Vendor: Microsoft Corporation
|
Vendor: Microsoft Corporation
|
||||||
Distribution: Mariner
|
Distribution: Mariner
|
||||||
|
@ -16,30 +16,17 @@ URL: https://www.gnu.org/software/libc
|
||||||
Source0: https://ftp.gnu.org/gnu/glibc/%{name}-%{version}.tar.xz
|
Source0: https://ftp.gnu.org/gnu/glibc/%{name}-%{version}.tar.xz
|
||||||
Source1: locale-gen.sh
|
Source1: locale-gen.sh
|
||||||
Source2: locale-gen.conf
|
Source2: locale-gen.conf
|
||||||
Patch0: https://www.linuxfromscratch.org/patches/downloads/glibc/glibc-2.34-fhs-1.patch
|
Patch0: https://www.linuxfromscratch.org/patches/downloads/glibc/glibc-2.35-fhs-1.patch
|
||||||
#Patch1: glibc-2.24-bindrsvport-blacklist.patch
|
|
||||||
#Patch2: 0002-malloc-arena-fix.patch
|
|
||||||
#Patch3: glibc-2.28-CVE-2018-19591.patch
|
|
||||||
#Patch4: CVE-2019-9169.patch
|
|
||||||
#Patch5: CVE-2016-10739.patch
|
|
||||||
#Patch6: CVE-2020-1752.patch
|
|
||||||
#Patch7: CVE-2020-10029.patch
|
|
||||||
# Only applicable on ARMv7 targets.
|
# Only applicable on ARMv7 targets.
|
||||||
Patch8: CVE-2020-6096.nopatch
|
Patch1: CVE-2020-6096.nopatch
|
||||||
# Only applicable on x32 targets.
|
# Only applicable on x32 targets.
|
||||||
Patch9: CVE-2019-6488.nopatch
|
Patch2: CVE-2019-6488.nopatch
|
||||||
# Only applicable on PowerPC targets.
|
# Only applicable on PowerPC targets.
|
||||||
Patch10: CVE-2020-1751.nopatch
|
Patch3: CVE-2020-1751.nopatch
|
||||||
# Marked by upstream/Ubuntu/Red Hat as not a security bug, no fix available
|
# Marked by upstream/Ubuntu/Red Hat as not a security bug, no fix available
|
||||||
# Rationale: Exploit requires crafted pattern in regex compiler meant only for trusted content
|
# Rationale: Exploit requires crafted pattern in regex compiler meant only for trusted content
|
||||||
Patch11: CVE-2018-20796.nopatch
|
Patch4: CVE-2018-20796.nopatch
|
||||||
#Patch12: CVE-2019-7309.patch
|
Patch5: glibc-2.34_pthread_cond_wait.patch
|
||||||
# CVE-2019-19126 patch taken from upstream commit 7966ce07e89fa4ccc8fdba00d4439fc652862462
|
|
||||||
#Patch13: CVE-2019-19126.patch
|
|
||||||
#Patch14: CVE-2019-25013.patch
|
|
||||||
#Patch15: CVE-2021-3326.patch
|
|
||||||
#Patch16: CVE-2020-27618.patch
|
|
||||||
Patch17: glibc-2.34_pthread_cond_wait.patch
|
|
||||||
|
|
||||||
BuildRequires: bison
|
BuildRequires: bison
|
||||||
BuildRequires: kernel-headers
|
BuildRequires: kernel-headers
|
||||||
|
@ -312,6 +299,10 @@ grep "^FAIL: nptl/tst-eintr1" tests.sum >/dev/null && n=$((n+1)) ||:
|
||||||
%defattr(-,root,root)
|
%defattr(-,root,root)
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Apr 12 2022 Andrew Phelps <anphel@microsoft.com> - 2.35-1
|
||||||
|
- Upgrade to version 2.35
|
||||||
|
- Cleanup old patch files
|
||||||
|
|
||||||
* Wed Mar 02 2022 Andy Caldwell <andycaldwell@microsoft.com> - 2.34-3
|
* Wed Mar 02 2022 Andy Caldwell <andycaldwell@microsoft.com> - 2.34-3
|
||||||
- Add support for building `-static-pie` binaries against `glibc`
|
- Add support for building `-static-pie` binaries against `glibc`
|
||||||
- Add additional BuildRequires
|
- Add additional BuildRequires
|
||||||
|
|
|
@ -47,7 +47,7 @@
|
||||||
# Required for proper ELF symbol versioning support.
|
# Required for proper ELF symbol versioning support.
|
||||||
%global _ld_strict_symbol_defs 1
|
%global _ld_strict_symbol_defs 1
|
||||||
# override_glibc and glibcversion are temporary to make libxcrypt install on top of glibc
|
# override_glibc and glibcversion are temporary to make libxcrypt install on top of glibc
|
||||||
%define glibcversion 2.34
|
%define glibcversion 2.35
|
||||||
%bcond_without override_glibc
|
%bcond_without override_glibc
|
||||||
# Build the static library?
|
# Build the static library?
|
||||||
%bcond_with new_api
|
%bcond_with new_api
|
||||||
|
@ -449,6 +449,9 @@ ln -s %{_libdir}/libcrypt-%{glibcversion}.so %{_libdir}/libcrypt.so.1
|
||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Apr 14 2022 Andrew Phelps <anphel@microsoft.com> - 4.4.27-2
|
||||||
|
- Update glibcversion variable to 2.35
|
||||||
|
|
||||||
* Wed Jan 27 2022 Henry Li <lihl@microsoft.com> - 4.4.27-1
|
* Wed Jan 27 2022 Henry Li <lihl@microsoft.com> - 4.4.27-1
|
||||||
- Upgrade to version 4.4.27
|
- Upgrade to version 4.4.27
|
||||||
- Remove patches that no longer apply
|
- Remove patches that no longer apply
|
||||||
|
|
|
@ -4440,8 +4440,8 @@
|
||||||
"type": "other",
|
"type": "other",
|
||||||
"other": {
|
"other": {
|
||||||
"name": "glibc",
|
"name": "glibc",
|
||||||
"version": "2.34",
|
"version": "2.35",
|
||||||
"downloadUrl": "https://ftp.gnu.org/gnu/glibc/glibc-2.34.tar.xz"
|
"downloadUrl": "https://ftp.gnu.org/gnu/glibc/glibc-2.35.tar.xz"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|
|
@ -1,12 +1,12 @@
|
||||||
filesystem-1.1-8.cm2.aarch64.rpm
|
filesystem-1.1-8.cm2.aarch64.rpm
|
||||||
kernel-headers-5.15.32.1-1.cm2.noarch.rpm
|
kernel-headers-5.15.32.1-1.cm2.noarch.rpm
|
||||||
glibc-2.34-3.cm2.aarch64.rpm
|
glibc-2.35-1.cm2.aarch64.rpm
|
||||||
glibc-devel-2.34-3.cm2.aarch64.rpm
|
glibc-devel-2.35-1.cm2.aarch64.rpm
|
||||||
glibc-i18n-2.34-3.cm2.aarch64.rpm
|
glibc-i18n-2.35-1.cm2.aarch64.rpm
|
||||||
glibc-iconv-2.34-3.cm2.aarch64.rpm
|
glibc-iconv-2.35-1.cm2.aarch64.rpm
|
||||||
glibc-lang-2.34-3.cm2.aarch64.rpm
|
glibc-lang-2.35-1.cm2.aarch64.rpm
|
||||||
glibc-nscd-2.34-3.cm2.aarch64.rpm
|
glibc-nscd-2.35-1.cm2.aarch64.rpm
|
||||||
glibc-tools-2.34-3.cm2.aarch64.rpm
|
glibc-tools-2.35-1.cm2.aarch64.rpm
|
||||||
zlib-1.2.11-5.cm2.aarch64.rpm
|
zlib-1.2.11-5.cm2.aarch64.rpm
|
||||||
zlib-devel-1.2.11-5.cm2.aarch64.rpm
|
zlib-devel-1.2.11-5.cm2.aarch64.rpm
|
||||||
file-5.40-2.cm2.aarch64.rpm
|
file-5.40-2.cm2.aarch64.rpm
|
||||||
|
|
|
@ -1,12 +1,12 @@
|
||||||
filesystem-1.1-8.cm2.x86_64.rpm
|
filesystem-1.1-8.cm2.x86_64.rpm
|
||||||
kernel-headers-5.15.32.1-1.cm2.noarch.rpm
|
kernel-headers-5.15.32.1-1.cm2.noarch.rpm
|
||||||
glibc-2.34-3.cm2.x86_64.rpm
|
glibc-2.35-1.cm2.x86_64.rpm
|
||||||
glibc-devel-2.34-3.cm2.x86_64.rpm
|
glibc-devel-2.35-1.cm2.x86_64.rpm
|
||||||
glibc-i18n-2.34-3.cm2.x86_64.rpm
|
glibc-i18n-2.35-1.cm2.x86_64.rpm
|
||||||
glibc-iconv-2.34-3.cm2.x86_64.rpm
|
glibc-iconv-2.35-1.cm2.x86_64.rpm
|
||||||
glibc-lang-2.34-3.cm2.x86_64.rpm
|
glibc-lang-2.35-1.cm2.x86_64.rpm
|
||||||
glibc-nscd-2.34-3.cm2.x86_64.rpm
|
glibc-nscd-2.35-1.cm2.x86_64.rpm
|
||||||
glibc-tools-2.34-3.cm2.x86_64.rpm
|
glibc-tools-2.35-1.cm2.x86_64.rpm
|
||||||
zlib-1.2.11-5.cm2.x86_64.rpm
|
zlib-1.2.11-5.cm2.x86_64.rpm
|
||||||
zlib-devel-1.2.11-5.cm2.x86_64.rpm
|
zlib-devel-1.2.11-5.cm2.x86_64.rpm
|
||||||
file-5.40-2.cm2.x86_64.rpm
|
file-5.40-2.cm2.x86_64.rpm
|
||||||
|
|
|
@ -102,13 +102,13 @@ glib-debuginfo-2.71.0-1.cm2.aarch64.rpm
|
||||||
glib-devel-2.71.0-1.cm2.aarch64.rpm
|
glib-devel-2.71.0-1.cm2.aarch64.rpm
|
||||||
glib-doc-2.71.0-1.cm2.noarch.rpm
|
glib-doc-2.71.0-1.cm2.noarch.rpm
|
||||||
glib-schemas-2.71.0-1.cm2.aarch64.rpm
|
glib-schemas-2.71.0-1.cm2.aarch64.rpm
|
||||||
glibc-2.34-3.cm2.aarch64.rpm
|
glibc-2.35-1.cm2.aarch64.rpm
|
||||||
glibc-devel-2.34-3.cm2.aarch64.rpm
|
glibc-devel-2.35-1.cm2.aarch64.rpm
|
||||||
glibc-i18n-2.34-3.cm2.aarch64.rpm
|
glibc-i18n-2.35-1.cm2.aarch64.rpm
|
||||||
glibc-iconv-2.34-3.cm2.aarch64.rpm
|
glibc-iconv-2.35-1.cm2.aarch64.rpm
|
||||||
glibc-lang-2.34-3.cm2.aarch64.rpm
|
glibc-lang-2.35-1.cm2.aarch64.rpm
|
||||||
glibc-nscd-2.34-3.cm2.aarch64.rpm
|
glibc-nscd-2.35-1.cm2.aarch64.rpm
|
||||||
glibc-tools-2.34-3.cm2.aarch64.rpm
|
glibc-tools-2.35-1.cm2.aarch64.rpm
|
||||||
gmock-1.11.0-2.cm2.aarch64.rpm
|
gmock-1.11.0-2.cm2.aarch64.rpm
|
||||||
gmock-devel-1.11.0-2.cm2.aarch64.rpm
|
gmock-devel-1.11.0-2.cm2.aarch64.rpm
|
||||||
gmp-6.2.1-2.cm2.aarch64.rpm
|
gmp-6.2.1-2.cm2.aarch64.rpm
|
||||||
|
|
|
@ -102,13 +102,13 @@ glib-debuginfo-2.71.0-1.cm2.x86_64.rpm
|
||||||
glib-devel-2.71.0-1.cm2.x86_64.rpm
|
glib-devel-2.71.0-1.cm2.x86_64.rpm
|
||||||
glib-doc-2.71.0-1.cm2.noarch.rpm
|
glib-doc-2.71.0-1.cm2.noarch.rpm
|
||||||
glib-schemas-2.71.0-1.cm2.x86_64.rpm
|
glib-schemas-2.71.0-1.cm2.x86_64.rpm
|
||||||
glibc-2.34-3.cm2.x86_64.rpm
|
glibc-2.35-1.cm2.x86_64.rpm
|
||||||
glibc-devel-2.34-3.cm2.x86_64.rpm
|
glibc-devel-2.35-1.cm2.x86_64.rpm
|
||||||
glibc-i18n-2.34-3.cm2.x86_64.rpm
|
glibc-i18n-2.35-1.cm2.x86_64.rpm
|
||||||
glibc-iconv-2.34-3.cm2.x86_64.rpm
|
glibc-iconv-2.35-1.cm2.x86_64.rpm
|
||||||
glibc-lang-2.34-3.cm2.x86_64.rpm
|
glibc-lang-2.35-1.cm2.x86_64.rpm
|
||||||
glibc-nscd-2.34-3.cm2.x86_64.rpm
|
glibc-nscd-2.35-1.cm2.x86_64.rpm
|
||||||
glibc-tools-2.34-3.cm2.x86_64.rpm
|
glibc-tools-2.35-1.cm2.x86_64.rpm
|
||||||
gmock-1.11.0-2.cm2.x86_64.rpm
|
gmock-1.11.0-2.cm2.x86_64.rpm
|
||||||
gmock-devel-1.11.0-2.cm2.x86_64.rpm
|
gmock-devel-1.11.0-2.cm2.x86_64.rpm
|
||||||
gmp-6.2.1-2.cm2.x86_64.rpm
|
gmp-6.2.1-2.cm2.x86_64.rpm
|
||||||
|
|
|
@ -33,8 +33,8 @@ https://git.centos.org/rpms/python-rpm-generators/raw/c8s/f/SOURCES/pythondeps.s
|
||||||
https://git.centos.org/rpms/python-rpm-generators/raw/c8s/f/SOURCES/pythondistdeps.py
|
https://git.centos.org/rpms/python-rpm-generators/raw/c8s/f/SOURCES/pythondistdeps.py
|
||||||
https://www.linuxfromscratch.org/patches/downloads/lua/lua-5.4.3-shared_library-1.patch
|
https://www.linuxfromscratch.org/patches/downloads/lua/lua-5.4.3-shared_library-1.patch
|
||||||
https://ftp.gnu.org/gnu/gcc/gcc-11.2.0/gcc-11.2.0.tar.xz
|
https://ftp.gnu.org/gnu/gcc/gcc-11.2.0/gcc-11.2.0.tar.xz
|
||||||
https://ftp.gnu.org/gnu/glibc/glibc-2.34.tar.xz
|
https://ftp.gnu.org/gnu/glibc/glibc-2.35.tar.xz
|
||||||
https://www.linuxfromscratch.org/patches/downloads/glibc/glibc-2.34-fhs-1.patch
|
https://www.linuxfromscratch.org/patches/downloads/glibc/glibc-2.35-fhs-1.patch
|
||||||
https://ftp.gnu.org/gnu/readline/readline-8.1.tar.gz
|
https://ftp.gnu.org/gnu/readline/readline-8.1.tar.gz
|
||||||
https://ftp.gnu.org/gnu/tar/tar-1.34.tar.xz
|
https://ftp.gnu.org/gnu/tar/tar-1.34.tar.xz
|
||||||
http://ftp.gnu.org/gnu/texinfo/texinfo-6.8.tar.xz
|
http://ftp.gnu.org/gnu/texinfo/texinfo-6.8.tar.xz
|
||||||
|
|
|
@ -19,8 +19,8 @@ cf5fea4ac5665fd5171af4716baab2effc76306a9572988d5ba1078f196382bd gawk-5.1.0.tar
|
||||||
d08edc536b54c372a1010ff6619dd274c0f1603aa49212ba20f7aa2cda36fa8b gcc-11.2.0.tar.xz
|
d08edc536b54c372a1010ff6619dd274c0f1603aa49212ba20f7aa2cda36fa8b gcc-11.2.0.tar.xz
|
||||||
b0b7dbdefd798de7ddccdd8edf6693a30494f7789777838042991ef107339cc2 gdbm-1.21.tar.gz
|
b0b7dbdefd798de7ddccdd8edf6693a30494f7789777838042991ef107339cc2 gdbm-1.21.tar.gz
|
||||||
105556dbc5c3fbbc2aa0edb46d22d055748b6f5c7cd7a8d99f8e7eb84e938be4 gettext-0.19.8.1.tar.xz
|
105556dbc5c3fbbc2aa0edb46d22d055748b6f5c7cd7a8d99f8e7eb84e938be4 gettext-0.19.8.1.tar.xz
|
||||||
643552db030e2f2d7ffde4f558e0f5f83d3fabf34a2e0e56ebdb49750ac27b0d glibc-2.34-fhs-1.patch
|
643552db030e2f2d7ffde4f558e0f5f83d3fabf34a2e0e56ebdb49750ac27b0d glibc-2.35-fhs-1.patch
|
||||||
44d26a1fe20b8853a48f470ead01e4279e869ac149b195dda4e44a195d981ab2 glibc-2.34.tar.xz
|
5123732f6b67ccd319305efd399971d58592122bcc2a6518a1bd2510dd0cf52e glibc-2.35.tar.xz
|
||||||
fd4829912cddd12f84181c3451cc752be224643e87fac497b69edddadc49b4f2 gmp-6.2.1.tar.xz
|
fd4829912cddd12f84181c3451cc752be224643e87fac497b69edddadc49b4f2 gmp-6.2.1.tar.xz
|
||||||
588546b945bba4b70b6a3a616e80b4ab466e3f33024a352fc2198112cdbb3ae2 gperf-3.1.tar.gz
|
588546b945bba4b70b6a3a616e80b4ab466e3f33024a352fc2198112cdbb3ae2 gperf-3.1.tar.gz
|
||||||
5c10da312460aec721984d5d83246d24520ec438dd48d7ab5a05dbc0d6d6823c grep-3.7.tar.xz
|
5c10da312460aec721984d5d83246d24520ec438dd48d7ab5a05dbc0d6d6823c grep-3.7.tar.xz
|
||||||
|
|
|
@ -85,10 +85,10 @@ popd
|
||||||
rm -rf man-pages-5.02
|
rm -rf man-pages-5.02
|
||||||
touch /logs/status_man_pages_complete
|
touch /logs/status_man_pages_complete
|
||||||
|
|
||||||
echo glibc-2.34
|
echo glibc-2.35
|
||||||
tar xf glibc-2.34.tar.xz
|
tar xf glibc-2.35.tar.xz
|
||||||
pushd glibc-2.34
|
pushd glibc-2.35
|
||||||
patch -Np1 -i ../glibc-2.34-fhs-1.patch
|
patch -Np1 -i ../glibc-2.35-fhs-1.patch
|
||||||
ln -sfv /tools/lib/gcc /usr/lib
|
ln -sfv /tools/lib/gcc /usr/lib
|
||||||
ls -la /usr/lib/gcc/
|
ls -la /usr/lib/gcc/
|
||||||
case $(uname -m) in
|
case $(uname -m) in
|
||||||
|
@ -129,7 +129,7 @@ include /etc/ld.so.conf.d/*.conf
|
||||||
EOF
|
EOF
|
||||||
mkdir -pv /etc/ld.so.conf.d
|
mkdir -pv /etc/ld.so.conf.d
|
||||||
popd
|
popd
|
||||||
rm -rf glibc-2.34
|
rm -rf glibc-2.35
|
||||||
|
|
||||||
touch /logs/status_glibc_complete
|
touch /logs/status_glibc_complete
|
||||||
|
|
||||||
|
|
|
@ -125,9 +125,10 @@ rm -rf CBL-Mariner-Linux-Kernel-rolling-lts-mariner-5.15.32.1
|
||||||
|
|
||||||
touch $LFS/logs/temptoolchain/status_kernel_headers_complete
|
touch $LFS/logs/temptoolchain/status_kernel_headers_complete
|
||||||
|
|
||||||
echo glibc-2.34
|
echo glibc-2.35
|
||||||
tar xf glibc-2.34.tar.xz
|
tar xf glibc-2.35.tar.xz
|
||||||
pushd glibc-2.34
|
pushd glibc-2.35
|
||||||
|
patch -Np1 -i ../glibc-2.35-fhs-1.patch
|
||||||
mkdir -v build
|
mkdir -v build
|
||||||
cd build
|
cd build
|
||||||
../configure \
|
../configure \
|
||||||
|
@ -158,7 +159,7 @@ rm -v dummy.c a.out
|
||||||
set -e
|
set -e
|
||||||
echo End sanity check - temptoolchain - glibc
|
echo End sanity check - temptoolchain - glibc
|
||||||
popd
|
popd
|
||||||
rm -rf glibc-2.34
|
rm -rf glibc-2.35
|
||||||
|
|
||||||
touch $LFS/logs/temptoolchain/status_glibc_complete
|
touch $LFS/logs/temptoolchain/status_glibc_complete
|
||||||
|
|
||||||
|
|
Загрузка…
Ссылка в новой задаче