[gentoo-commits] gentoo commit in src/patchsets/glibc/2.14.1: 0080_all_glibc-2.14-tzfile-bz13506.patch - gentoo-commits

From:	"Mike Frysinger (vapier)" <vapier@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo commit in src/patchsets/glibc/2.14.1: 0080_all_glibc-2.14-tzfile-bz13506.patch
Date:	Sun, 01 Jan 2012 09:42:56
Message-Id:	`20120101094245.D2EB22004B@flycatcher.gentoo.org`

1

vapier      12/01/01 09:42:45

2

3

  Added:                0080_all_glibc-2.14-tzfile-bz13506.patch

4

  Log:

5

  fix from upstream for tzfile vulns #393477

6

7

Revision  Changes    Path

8

1.1                  src/patchsets/glibc/2.14.1/0080_all_glibc-2.14-tzfile-bz13506.patch

9

10

file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.14.1/0080_all_glibc-2.14-tzfile-bz13506.patch?rev=1.1&view=markup

11

plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.14.1/0080_all_glibc-2.14-tzfile-bz13506.patch?rev=1.1&content-type=text/plain

12

13

Index: 0080_all_glibc-2.14-tzfile-bz13506.patch

14

===================================================================

15

https://bugs.gentoo.org/393477

16

http://sourceware.org/bugzilla/show_bug.cgi?id=13506

17

18

From 97ac2654b2d831acaa18a2b018b0736245903fd2 Mon Sep 17 00:00:00 2001

19

From: Ulrich Drepper <drepper@×××××.com>

20

Date: Sat, 17 Dec 2011 20:18:42 -0500

21

Subject: [PATCH] Check values from TZ file header

22

23

---

24

 ChangeLog     |    5 +++++

25

 NEWS          |    2 +-

26

 time/tzfile.c |   53 ++++++++++++++++++++++++++++++++++++++++++++---------

27

 3 files changed, 50 insertions(+), 10 deletions(-)

28

29

2011-12-17  Ulrich Drepper  <drepper@×××××.com>

30

31

	[BZ #13506]

32

	* time/tzfile.c (__tzfile_read): Check values from file header.

33

34

diff --git a/time/tzfile.c b/time/tzfile.c

35

index 144e20b..402389c 100644

36

--- a/time/tzfile.c

37

+++ b/time/tzfile.c

38

@@ -22,6 +22,7 @@

39

 #include <stdio.h>

40

 #include <stdio_ext.h>

41

 #include <stdlib.h>

42

+#include <stdint.h>

43

 #include <string.h>

44

 #include <time.h>

45

 #include <unistd.h>

46

@@ -234,23 +234,58 @@ __tzfile_read (const char *file, size_t extra, char **extrap)

47

       goto read_again;

48

}

49

50

+  if (__builtin_expect (num_transitions

51

+			> ((SIZE_MAX - (__alignof__ (struct ttinfo) - 1))

52

+			   / (sizeof (time_t) + 1)), 0))

53

+    goto lose;

54

   total_size = num_transitions * (sizeof (time_t) + 1);

55

   total_size = ((total_size + __alignof__ (struct ttinfo) - 1)

56

 		& ~(__alignof__ (struct ttinfo) - 1));

57

   types_idx = total_size;

58

-  total_size += num_types * sizeof (struct ttinfo) + chars;

59

+  if (__builtin_expect (num_types

60

+			> (SIZE_MAX - total_size) / sizeof (struct ttinfo), 0))

61

+    goto lose;

62

+  total_size += num_types * sizeof (struct ttinfo);

63

+  if (__builtin_expect (chars > SIZE_MAX - total_size, 0))

64

+    goto lose;

65

+  total_size += chars;

66

+  if (__builtin_expect (__alignof__ (struct leap) - 1

67

+			> SIZE_MAX - total_size, 0))

68

+    goto lose;

69

   total_size = ((total_size + __alignof__ (struct leap) - 1)

70

 		& ~(__alignof__ (struct leap) - 1));

71

   leaps_idx = total_size;

72

+  if (__builtin_expect (num_leaps

73

+			> (SIZE_MAX - total_size) / sizeof (struct leap), 0))

74

+    goto lose;

75

   total_size += num_leaps * sizeof (struct leap);

76

-  tzspec_len = (sizeof (time_t) == 8 && trans_width == 8

77

-		? st.st_size - (ftello (f)

78

-				+ num_transitions * (8 + 1)

79

-				+ num_types * 6

80

-				+ chars

81

-				+ num_leaps * 12

82

-				+ num_isstd

83

-				+ num_isgmt) - 1 : 0);

84

+  tzspec_len = 0;

85

+  if (sizeof (time_t) == 8 && trans_width == 8)

86

+    {

87

+      off_t rem = st.st_size - ftello (f);

88

+      if (__builtin_expect (rem < 0

89

+			    || (size_t) rem < (num_transitions * (8 + 1)

90

+					       + num_types * 6

91

+					       + chars), 0))

92

+	goto lose;

93

+      tzspec_len = (size_t) rem - (num_transitions * (8 + 1)

94

+				   + num_types * 6

95

+				   + chars);

96

+      if (__builtin_expect (num_leaps > SIZE_MAX / 12

97

+			    || tzspec_len < num_leaps * 12, 0))

98

+	goto lose;

99

+      tzspec_len -= num_leaps * 12;

100

+      if (__builtin_expect (tzspec_len < num_isstd, 0))

101

+	goto lose;

102

+      tzspec_len -= num_isstd;

103

+      if (__builtin_expect (tzspec_len == 0 || tzspec_len - 1 < num_isgmt, 0))

104

+	goto lose;

105

+      tzspec_len -= num_isgmt + 1;

106

+      if (__builtin_expect (SIZE_MAX - total_size < tzspec_len, 0))

107

+	goto lose;

108

+    }

109

+  if (__builtin_expect (SIZE_MAX - total_size - tzspec_len < extra, 0))

110

+    goto lose;

111

112

   /* Allocate enough memory including the extra block requested by the

113

      caller.  */

114

--

115

1.7.6.1

1	vapier 12/01/01 09:42:45
2
3	Added: 0080_all_glibc-2.14-tzfile-bz13506.patch
4	Log:
5	fix from upstream for tzfile vulns #393477
6
7	Revision Changes Path
8	1.1 src/patchsets/glibc/2.14.1/0080_all_glibc-2.14-tzfile-bz13506.patch
9
10	file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.14.1/0080_all_glibc-2.14-tzfile-bz13506.patch?rev=1.1&view=markup
11	plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.14.1/0080_all_glibc-2.14-tzfile-bz13506.patch?rev=1.1&content-type=text/plain
12
13	Index: 0080_all_glibc-2.14-tzfile-bz13506.patch
14	===================================================================
15	https://bugs.gentoo.org/393477
16	http://sourceware.org/bugzilla/show_bug.cgi?id=13506
17
18	From 97ac2654b2d831acaa18a2b018b0736245903fd2 Mon Sep 17 00:00:00 2001
19	From: Ulrich Drepper <drepper@×××××.com>
20	Date: Sat, 17 Dec 2011 20:18:42 -0500
21	Subject: [PATCH] Check values from TZ file header
22
23	---
24	ChangeLog \| 5 +++++
25	NEWS \| 2 +-
26	time/tzfile.c \| 53 ++++++++++++++++++++++++++++++++++++++++++++---------
27	3 files changed, 50 insertions(+), 10 deletions(-)
28
29	2011-12-17 Ulrich Drepper <drepper@×××××.com>
30
31	[BZ #13506]
32	* time/tzfile.c (__tzfile_read): Check values from file header.
33
34	diff --git a/time/tzfile.c b/time/tzfile.c
35	index 144e20b..402389c 100644
36	--- a/time/tzfile.c
37	+++ b/time/tzfile.c
38	@@ -22,6 +22,7 @@
39	#include <stdio.h>
40	#include <stdio_ext.h>
41	#include <stdlib.h>
42	+#include <stdint.h>
43	#include <string.h>
44	#include <time.h>
45	#include <unistd.h>
46	@@ -234,23 +234,58 @@ __tzfile_read (const char file, size_t extra, char *extrap)
47	goto read_again;
48	}
49
50	+ if (__builtin_expect (num_transitions
51	+ > ((SIZE_MAX - (__alignof__ (struct ttinfo) - 1))
52	+ / (sizeof (time_t) + 1)), 0))
53	+ goto lose;
54	total_size = num_transitions * (sizeof (time_t) + 1);
55	total_size = ((total_size + __alignof__ (struct ttinfo) - 1)
56	& ~(__alignof__ (struct ttinfo) - 1));
57	types_idx = total_size;
58	- total_size += num_types * sizeof (struct ttinfo) + chars;
59	+ if (__builtin_expect (num_types
60	+ > (SIZE_MAX - total_size) / sizeof (struct ttinfo), 0))
61	+ goto lose;
62	+ total_size += num_types * sizeof (struct ttinfo);
63	+ if (__builtin_expect (chars > SIZE_MAX - total_size, 0))
64	+ goto lose;
65	+ total_size += chars;
66	+ if (__builtin_expect (__alignof__ (struct leap) - 1
67	+ > SIZE_MAX - total_size, 0))
68	+ goto lose;
69	total_size = ((total_size + __alignof__ (struct leap) - 1)
70	& ~(__alignof__ (struct leap) - 1));
71	leaps_idx = total_size;
72	+ if (__builtin_expect (num_leaps
73	+ > (SIZE_MAX - total_size) / sizeof (struct leap), 0))
74	+ goto lose;
75	total_size += num_leaps * sizeof (struct leap);
76	- tzspec_len = (sizeof (time_t) == 8 && trans_width == 8
77	- ? st.st_size - (ftello (f)
78	- + num_transitions * (8 + 1)
79	- + num_types * 6
80	- + chars
81	- + num_leaps * 12
82	- + num_isstd
83	- + num_isgmt) - 1 : 0);
84	+ tzspec_len = 0;
85	+ if (sizeof (time_t) == 8 && trans_width == 8)
86	+ {
87	+ off_t rem = st.st_size - ftello (f);
88	+ if (__builtin_expect (rem < 0
89	+ \|\| (size_t) rem < (num_transitions * (8 + 1)
90	+ + num_types * 6
91	+ + chars), 0))
92	+ goto lose;
93	+ tzspec_len = (size_t) rem - (num_transitions * (8 + 1)
94	+ + num_types * 6
95	+ + chars);
96	+ if (__builtin_expect (num_leaps > SIZE_MAX / 12
97	+ \|\| tzspec_len < num_leaps * 12, 0))
98	+ goto lose;
99	+ tzspec_len -= num_leaps * 12;
100	+ if (__builtin_expect (tzspec_len < num_isstd, 0))
101	+ goto lose;
102	+ tzspec_len -= num_isstd;
103	+ if (__builtin_expect (tzspec_len == 0 \|\| tzspec_len - 1 < num_isgmt, 0))
104	+ goto lose;
105	+ tzspec_len -= num_isgmt + 1;
106	+ if (__builtin_expect (SIZE_MAX - total_size < tzspec_len, 0))
107	+ goto lose;
108	+ }
109	+ if (__builtin_expect (SIZE_MAX - total_size - tzspec_len < extra, 0))
110	+ goto lose;
111
112	/* Allocate enough memory including the extra block requested by the
113	caller. */
114	--
115	1.7.6.1

Gentoo Archives: gentoo-commits