X-Git-Url: https://review.fuel-infra.org/gitweb?a=blobdiff_plain;f=cirros-testvm%2Fsrc-cirros%2Fbuildroot-2015.05%2Fpackage%2Fglibc%2F2.19-svnr25243%2F0002-CVE-2014-6040.patch;fp=cirros-testvm%2Fsrc-cirros%2Fbuildroot-2015.05%2Fpackage%2Fglibc%2F2.19-svnr25243%2F0002-CVE-2014-6040.patch;h=f447dcd329f7eec4cd69b9284a428e110f694a9a;hb=b0a0f15dfaa205161a7fcb20cf1b8cd4948c2ef3;hp=0000000000000000000000000000000000000000;hpb=c6ac3cd55ee2da956195eee393b0882105dfad4e;p=packages%2Ftrusty%2Fcirros-testvm.git

diff --git a/cirros-testvm/src-cirros/buildroot-2015.05/package/glibc/2.19-svnr25243/0002-CVE-2014-6040.patch b/cirros-testvm/src-cirros/buildroot-2015.05/package/glibc/2.19-svnr25243/0002-CVE-2014-6040.patch
new file mode 100644
index 0000000..f447dcd
--- /dev/null
+++ b/cirros-testvm/src-cirros/buildroot-2015.05/package/glibc/2.19-svnr25243/0002-CVE-2014-6040.patch
@@ -0,0 +1,141 @@
+Backport from https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=41488498b6
+See https://bugzilla.redhat.com/show_bug.cgi?id=1135841
+
+Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
+
+diff -Nura eglibc-2.19.orig/libc/iconvdata/ibm1364.c eglibc-2.19/libc/iconvdata/ibm1364.c
+--- eglibc-2.19.orig/libc/iconvdata/ibm1364.c	2015-01-08 16:05:53.918823240 -0300
++++ eglibc-2.19/libc/iconvdata/ibm1364.c	2015-01-08 16:06:02.781555143 -0300
+@@ -220,7 +220,8 @@
+ 	  ++rp2;							      \
+ 									      \
+ 	uint32_t res;							      \
+-	if (__builtin_expect (ch < rp2->start, 0)			      \
++	if (__builtin_expect (rp2->start == 0xffff, 0)			      \
++	    || __builtin_expect (ch < rp2->start, 0)			      \
+ 	    || (res = DB_TO_UCS4[ch + rp2->idx],			      \
+ 		__builtin_expect (res, L'\1') == L'\0' && ch != '\0'))	      \
+ 	  {								      \
+diff -Nura eglibc-2.19.orig/libc/iconvdata/ibm932.c eglibc-2.19/libc/iconvdata/ibm932.c
+--- eglibc-2.19.orig/libc/iconvdata/ibm932.c	2015-01-08 16:05:53.910818967 -0300
++++ eglibc-2.19/libc/iconvdata/ibm932.c	2015-01-08 16:06:02.781555143 -0300
+@@ -73,11 +73,12 @@
+ 	  }								      \
+ 									      \
+ 	ch = (ch * 0x100) + inptr[1];					      \
++	/* ch was less than 0xfd.  */					      \
++	assert (ch < 0xfd00);						      \
+ 	while (ch > rp2->end)						      \
+ 	  ++rp2;							      \
+ 									      \
+-	if (__builtin_expect (rp2 == NULL, 0)				      \
+-	    || __builtin_expect (ch < rp2->start, 0)			      \
++	if (__builtin_expect (ch < rp2->start, 0)			      \
+ 	    || (res = __ibm932db_to_ucs4[ch + rp2->idx],		      \
+ 	    __builtin_expect (res, '\1') == 0 && ch !=0))		      \
+ 	  {								      \
+diff -Nura eglibc-2.19.orig/libc/iconvdata/ibm933.c eglibc-2.19/libc/iconvdata/ibm933.c
+--- eglibc-2.19.orig/libc/iconvdata/ibm933.c	2015-01-08 16:05:53.917822706 -0300
++++ eglibc-2.19/libc/iconvdata/ibm933.c	2015-01-08 16:06:02.781555143 -0300
+@@ -161,7 +161,7 @@
+ 	while (ch > rp2->end)						      \
+ 	  ++rp2;							      \
+ 									      \
+-	if (__builtin_expect (rp2 == NULL, 0)				      \
++	if (__builtin_expect (rp2->start == 0xffff, 0)			      \
+ 	    || __builtin_expect (ch < rp2->start, 0)			      \
+ 	    || (res = __ibm933db_to_ucs4[ch + rp2->idx],		      \
+ 		__builtin_expect (res, L'\1') == L'\0' && ch != '\0'))	      \
+diff -Nura eglibc-2.19.orig/libc/iconvdata/ibm935.c eglibc-2.19/libc/iconvdata/ibm935.c
+--- eglibc-2.19.orig/libc/iconvdata/ibm935.c	2015-01-08 16:05:53.921824843 -0300
++++ eglibc-2.19/libc/iconvdata/ibm935.c	2015-01-08 16:06:02.782555677 -0300
+@@ -161,7 +161,7 @@
+ 	while (ch > rp2->end)						      \
+ 	  ++rp2;							      \
+ 									      \
+-	if (__builtin_expect (rp2 == NULL, 0)				      \
++	if (__builtin_expect (rp2->start == 0xffff, 0)			      \
+ 	    || __builtin_expect (ch < rp2->start, 0)			      \
+ 	    || (res = __ibm935db_to_ucs4[ch + rp2->idx],		      \
+ 		__builtin_expect (res, L'\1') == L'\0' && ch != '\0'))	      \
+diff -Nura eglibc-2.19.orig/libc/iconvdata/ibm937.c eglibc-2.19/libc/iconvdata/ibm937.c
+--- eglibc-2.19.orig/libc/iconvdata/ibm937.c	2015-01-08 16:05:53.915821638 -0300
++++ eglibc-2.19/libc/iconvdata/ibm937.c	2015-01-08 16:06:02.782555677 -0300
+@@ -161,7 +161,7 @@
+ 	while (ch > rp2->end)						      \
+ 	  ++rp2;							      \
+ 									      \
+-	if (__builtin_expect (rp2 == NULL, 0)				      \
++	if (__builtin_expect (rp2->start == 0xffff, 0)			      \
+ 	    || __builtin_expect (ch < rp2->start, 0)			      \
+ 	    || (res = __ibm937db_to_ucs4[ch + rp2->idx],		      \
+ 		__builtin_expect (res, L'\1') == L'\0' && ch != '\0'))	      \
+diff -Nura eglibc-2.19.orig/libc/iconvdata/ibm939.c eglibc-2.19/libc/iconvdata/ibm939.c
+--- eglibc-2.19.orig/libc/iconvdata/ibm939.c	2015-01-08 16:05:53.917822706 -0300
++++ eglibc-2.19/libc/iconvdata/ibm939.c	2015-01-08 16:06:02.782555677 -0300
+@@ -161,7 +161,7 @@
+ 	while (ch > rp2->end)						      \
+ 	  ++rp2;							      \
+ 									      \
+-	if (__builtin_expect (rp2 == NULL, 0)				      \
++	if (__builtin_expect (rp2->start == 0xffff, 0)			      \
+ 	    || __builtin_expect (ch < rp2->start, 0)			      \
+ 	    || (res = __ibm939db_to_ucs4[ch + rp2->idx],		      \
+ 		__builtin_expect (res, L'\1') == L'\0' && ch != '\0'))	      \
+diff -Nura eglibc-2.19.orig/libc/iconvdata/ibm943.c eglibc-2.19/libc/iconvdata/ibm943.c
+--- eglibc-2.19.orig/libc/iconvdata/ibm943.c	2015-01-08 16:05:53.918823240 -0300
++++ eglibc-2.19/libc/iconvdata/ibm943.c	2015-01-08 16:06:02.782555677 -0300
+@@ -74,11 +74,12 @@
+ 	  }								      \
+ 									      \
+ 	ch = (ch * 0x100) + inptr[1];					      \
++	/* ch was less than 0xfd.  */					      \
++	assert (ch < 0xfd00);						      \
+ 	while (ch > rp2->end)						      \
+ 	  ++rp2;							      \
+ 									      \
+-	if (__builtin_expect (rp2 == NULL, 0)				      \
+-	    || __builtin_expect (ch < rp2->start, 0)			      \
++	if (__builtin_expect (ch < rp2->start, 0)			      \
+ 	    || (res = __ibm943db_to_ucs4[ch + rp2->idx],		      \
+ 	    __builtin_expect (res, '\1') == 0 && ch !=0))		      \
+ 	  {								      \
+diff -Nura eglibc-2.19.orig/libc/iconvdata/Makefile eglibc-2.19/libc/iconvdata/Makefile
+--- eglibc-2.19.orig/libc/iconvdata/Makefile	2015-01-08 16:05:53.903815227 -0300
++++ eglibc-2.19/libc/iconvdata/Makefile	2015-01-08 16:06:02.782555677 -0300
+@@ -303,6 +303,7 @@
+ $(objpfx)iconv-test.out: run-iconv-test.sh $(objpfx)gconv-modules \
+ 			 $(addprefix $(objpfx),$(modules.so)) \
+ 			 $(common-objdir)/iconv/iconv_prog TESTS
++	iconv_modules="$(modules)" \
+ 	$(SHELL) $< $(common-objdir) '$(test-wrapper)' > $@
+ 
+ $(objpfx)tst-tables.out: tst-tables.sh $(objpfx)gconv-modules \
+diff -Nura eglibc-2.19.orig/libc/iconvdata/run-iconv-test.sh eglibc-2.19/libc/iconvdata/run-iconv-test.sh
+--- eglibc-2.19.orig/libc/iconvdata/run-iconv-test.sh	2015-01-08 16:05:53.894810420 -0300
++++ eglibc-2.19/libc/iconvdata/run-iconv-test.sh	2015-01-08 16:06:02.782555677 -0300
+@@ -188,6 +188,24 @@
+ 
+ done < TESTS2
+ 
++# Check for crashes in decoders.
++printf '\016\377\377\377\377\377\377\377' > $temp1
++for from in $iconv_modules ; do
++    echo $ac_n "test decoder $from $ac_c"
++    PROG=`eval echo $ICONV`
++    if $PROG < $temp1 >/dev/null 2>&1 ; then
++	: # fall through
++    else
++	status=$?
++	if test $status -gt 1 ; then
++	    echo "/FAILED"
++	    failed=1
++	    continue
++	fi
++    fi
++    echo "OK"
++done
++
+ exit $failed
+ # Local Variables:
+ #  mode:shell-script