From: "Mike Frysinger (vapier)" <vapier@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] gentoo commit in src/patchsets/glibc/2.14: 0088_all_glibc-2.12-getconf-buffer-overflow.patch README.history
Date: Mon, 18 Jun 2012 04:31:26 +0000 (UTC) [thread overview]
Message-ID: <20120618043126.ED2C22004F@flycatcher.gentoo.org> (raw)
vapier 12/06/18 04:31:26
Modified: README.history
Added: 0088_all_glibc-2.12-getconf-buffer-overflow.patch
Log:
add fix from upstream for not creating a large enough local buffer with getconf #411905 by Ryan Hill
Revision Changes Path
1.16 src/patchsets/glibc/2.14/README.history
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.14/README.history?rev=1.16&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.14/README.history?rev=1.16&content-type=text/plain
diff : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.14/README.history?r1=1.15&r2=1.16
Index: README.history
===================================================================
RCS file: /var/cvsroot/gentoo/src/patchsets/glibc/2.14/README.history,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- README.history 2 May 2012 04:46:19 -0000 1.15
+++ README.history 18 Jun 2012 04:31:26 -0000 1.16
@@ -1,4 +1,5 @@
8 [pending]
+ + 0088_all_glibc-2.12-getconf-buffer-overflow.patch
- 1103_all_glibc-new-valencian-locale.patch
+ 1510_all_glibc-2.13-hppa-libm.patch
- 6020_all_alpha-fix-gcc-4.1-warnings.patch
1.1 src/patchsets/glibc/2.14/0088_all_glibc-2.12-getconf-buffer-overflow.patch
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.14/0088_all_glibc-2.12-getconf-buffer-overflow.patch?rev=1.1&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.14/0088_all_glibc-2.12-getconf-buffer-overflow.patch?rev=1.1&content-type=text/plain
Index: 0088_all_glibc-2.12-getconf-buffer-overflow.patch
===================================================================
this also squashes in upstream d6a403f953fe80f40761023af9a8b7824752bb32
https://bugs.gentoo.org/411905
From ac4c54f0cce8bb20c100a4c1041f3aa3e7d6cd0a Mon Sep 17 00:00:00 2001
From: Roland McGrath <roland@hack.frob.com>
Date: Sun, 25 Mar 2012 11:36:35 -0700
Subject: [PATCH] Fix confstr use of local buffer outside its extent.
---
ChangeLog | 5 ++
posix/confstr.c | 222 ++++++++++++++++++++++++++-----------------------------
2 files changed, 111 insertions(+), 116 deletions(-)
2012-03-25 Roland McGrath <roland@hack.frob.com>
* posix/confstr.c (confstr): Lift RESTENVS definition to function scope.
Reported by Allan McRae <allan@archlinux.org>.
diff --git a/posix/confstr.c b/posix/confstr.c
index 3c9566d..ad8fea9 100644
--- a/posix/confstr.c
+++ b/posix/confstr.c
@@ -1,5 +1,4 @@
-/* Copyright (C) 1991,1996,1997,2000-2004,2009,2010 Free
- Software Foundation, Inc.
+/* Copyright (C) 1991-2012 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
@@ -34,6 +33,10 @@ confstr (name, buf, len)
{
const char *string = "";
size_t string_len = 1;
+
+ /* Note that this buffer must be large enough for the longest strings
+ used below. */
+ char restenvs[4 * sizeof "POSIX_V7_LPBIG_OFFBIG"];
switch (name)
{
@@ -53,59 +55,55 @@ confstr (name, buf, len)
wint_t types are no greater than the width of type long.
Currently this means all environment which the system allows. */
- {
- char restenvs[4 * sizeof "POSIX_V7_LPBIG_OFFBIG"];
-
- string_len = 0;
+ string_len = 0;
#ifndef _POSIX_V7_ILP32_OFF32
- if (__sysconf (_SC_V7_ILP32_OFF32) > 0)
+ if (__sysconf (_SC_V7_ILP32_OFF32) > 0)
#endif
#if !defined _POSIX_V7_ILP32_OFF32 || _POSIX_V7_ILP32_OFF32 > 0
- {
- memcpy (restenvs + string_len, "POSIX_V7_ILP32_OFF32",
- sizeof "POSIX_V7_ILP32_OFF32" - 1);
- string_len += sizeof "POSIX_V7_ILP32_OFF32" - 1;
- }
+ {
+ memcpy (restenvs + string_len, "POSIX_V7_ILP32_OFF32",
+ sizeof "POSIX_V7_ILP32_OFF32" - 1);
+ string_len += sizeof "POSIX_V7_ILP32_OFF32" - 1;
+ }
#endif
#ifndef _POSIX_V7_ILP32_OFFBIG
- if (__sysconf (_SC_V7_ILP32_OFFBIG) > 0)
+ if (__sysconf (_SC_V7_ILP32_OFFBIG) > 0)
#endif
#if !defined _POSIX_V7_ILP32_OFFBIG || _POSIX_V7_ILP32_OFFBIG > 0
- {
- if (string_len)
- restenvs[string_len++] = '\n';
- memcpy (restenvs + string_len, "POSIX_V7_ILP32_OFFBIG",
- sizeof "POSIX_V7_ILP32_OFFBIG" - 1);
- string_len += sizeof "POSIX_V7_ILP32_OFFBIG" - 1;
- }
+ {
+ if (string_len)
+ restenvs[string_len++] = '\n';
+ memcpy (restenvs + string_len, "POSIX_V7_ILP32_OFFBIG",
+ sizeof "POSIX_V7_ILP32_OFFBIG" - 1);
+ string_len += sizeof "POSIX_V7_ILP32_OFFBIG" - 1;
+ }
#endif
#ifndef _POSIX_V7_LP64_OFF64
- if (__sysconf (_SC_V7_LP64_OFF64) > 0)
+ if (__sysconf (_SC_V7_LP64_OFF64) > 0)
#endif
#if !defined _POSIX_V7_LP64_OFF64 || _POSIX_V7_LP64_OFF64 > 0
- {
- if (string_len)
- restenvs[string_len++] = '\n';
- memcpy (restenvs + string_len, "POSIX_V7_LP64_OFF64",
- sizeof "POSIX_V7_LP64_OFF64" - 1);
- string_len += sizeof "POSIX_V7_LP64_OFF64" - 1;
- }
+ {
+ if (string_len)
+ restenvs[string_len++] = '\n';
+ memcpy (restenvs + string_len, "POSIX_V7_LP64_OFF64",
+ sizeof "POSIX_V7_LP64_OFF64" - 1);
+ string_len += sizeof "POSIX_V7_LP64_OFF64" - 1;
+ }
#endif
#ifndef _POSIX_V7_LPBIG_OFFBIG
- if (__sysconf (_SC_V7_LPBIG_OFFBIG) > 0)
+ if (__sysconf (_SC_V7_LPBIG_OFFBIG) > 0)
#endif
#if !defined _POSIX_V7_LPBIG_OFFBIG || _POSIX_V7_LPBIG_OFFBIG > 0
- {
- if (string_len)
- restenvs[string_len++] = '\n';
- memcpy (restenvs + string_len, "POSIX_V7_LPBIG_OFFBIG",
- sizeof "POSIX_V7_LPBIG_OFFBIG" - 1);
- string_len += sizeof "POSIX_V7_LPBIG_OFFBIG" - 1;
- }
-#endif
- restenvs[string_len++] = '\0';
- string = restenvs;
- }
+ {
+ if (string_len)
+ restenvs[string_len++] = '\n';
+ memcpy (restenvs + string_len, "POSIX_V7_LPBIG_OFFBIG",
+ sizeof "POSIX_V7_LPBIG_OFFBIG" - 1);
+ string_len += sizeof "POSIX_V7_LPBIG_OFFBIG" - 1;
+ }
+#endif
+ restenvs[string_len++] = '\0';
+ string = restenvs;
break;
case _CS_V6_WIDTH_RESTRICTED_ENVS:
@@ -116,59 +114,55 @@ confstr (name, buf, len)
wint_t types are no greater than the width of type long.
Currently this means all environment which the system allows. */
- {
- char restenvs[4 * sizeof "POSIX_V6_LPBIG_OFFBIG"];
-
- string_len = 0;
+ string_len = 0;
#ifndef _POSIX_V6_ILP32_OFF32
- if (__sysconf (_SC_V6_ILP32_OFF32) > 0)
+ if (__sysconf (_SC_V6_ILP32_OFF32) > 0)
#endif
#if !defined _POSIX_V6_ILP32_OFF32 || _POSIX_V6_ILP32_OFF32 > 0
- {
- memcpy (restenvs + string_len, "POSIX_V6_ILP32_OFF32",
- sizeof "POSIX_V6_ILP32_OFF32" - 1);
- string_len += sizeof "POSIX_V6_ILP32_OFF32" - 1;
- }
+ {
+ memcpy (restenvs + string_len, "POSIX_V6_ILP32_OFF32",
+ sizeof "POSIX_V6_ILP32_OFF32" - 1);
+ string_len += sizeof "POSIX_V6_ILP32_OFF32" - 1;
+ }
#endif
#ifndef _POSIX_V6_ILP32_OFFBIG
- if (__sysconf (_SC_V6_ILP32_OFFBIG) > 0)
+ if (__sysconf (_SC_V6_ILP32_OFFBIG) > 0)
#endif
#if !defined _POSIX_V6_ILP32_OFFBIG || _POSIX_V6_ILP32_OFFBIG > 0
- {
- if (string_len)
- restenvs[string_len++] = '\n';
- memcpy (restenvs + string_len, "POSIX_V6_ILP32_OFFBIG",
- sizeof "POSIX_V6_ILP32_OFFBIG" - 1);
- string_len += sizeof "POSIX_V6_ILP32_OFFBIG" - 1;
- }
+ {
+ if (string_len)
+ restenvs[string_len++] = '\n';
+ memcpy (restenvs + string_len, "POSIX_V6_ILP32_OFFBIG",
+ sizeof "POSIX_V6_ILP32_OFFBIG" - 1);
+ string_len += sizeof "POSIX_V6_ILP32_OFFBIG" - 1;
+ }
#endif
#ifndef _POSIX_V6_LP64_OFF64
- if (__sysconf (_SC_V6_LP64_OFF64) > 0)
+ if (__sysconf (_SC_V6_LP64_OFF64) > 0)
#endif
#if !defined _POSIX_V6_LP64_OFF64 || _POSIX_V6_LP64_OFF64 > 0
- {
- if (string_len)
- restenvs[string_len++] = '\n';
- memcpy (restenvs + string_len, "POSIX_V6_LP64_OFF64",
- sizeof "POSIX_V6_LP64_OFF64" - 1);
- string_len += sizeof "POSIX_V6_LP64_OFF64" - 1;
- }
+ {
+ if (string_len)
+ restenvs[string_len++] = '\n';
+ memcpy (restenvs + string_len, "POSIX_V6_LP64_OFF64",
+ sizeof "POSIX_V6_LP64_OFF64" - 1);
+ string_len += sizeof "POSIX_V6_LP64_OFF64" - 1;
+ }
#endif
#ifndef _POSIX_V6_LPBIG_OFFBIG
- if (__sysconf (_SC_V6_LPBIG_OFFBIG) > 0)
+ if (__sysconf (_SC_V6_LPBIG_OFFBIG) > 0)
#endif
#if !defined _POSIX_V6_LPBIG_OFFBIG || _POSIX_V6_LPBIG_OFFBIG > 0
- {
- if (string_len)
- restenvs[string_len++] = '\n';
- memcpy (restenvs + string_len, "POSIX_V6_LPBIG_OFFBIG",
- sizeof "POSIX_V6_LPBIG_OFFBIG" - 1);
- string_len += sizeof "POSIX_V6_LPBIG_OFFBIG" - 1;
- }
-#endif
- restenvs[string_len++] = '\0';
- string = restenvs;
- }
+ {
+ if (string_len)
+ restenvs[string_len++] = '\n';
+ memcpy (restenvs + string_len, "POSIX_V6_LPBIG_OFFBIG",
+ sizeof "POSIX_V6_LPBIG_OFFBIG" - 1);
+ string_len += sizeof "POSIX_V6_LPBIG_OFFBIG" - 1;
+ }
+#endif
+ restenvs[string_len++] = '\0';
+ string = restenvs;
break;
case _CS_V5_WIDTH_RESTRICTED_ENVS:
@@ -179,59 +173,55 @@ confstr (name, buf, len)
wint_t types are no greater than the width of type long.
Currently this means all environment which the system allows. */
- {
- char restenvs[4 * sizeof "XBS5_LPBIG_OFFBIG"];
-
- string_len = 0;
+ string_len = 0;
#ifndef _XBS5_ILP32_OFF32
- if (__sysconf (_SC_XBS5_ILP32_OFF32) > 0)
+ if (__sysconf (_SC_XBS5_ILP32_OFF32) > 0)
#endif
#if !defined _XBS5_ILP32_OFF32 || _XBS5_ILP32_OFF32 > 0
- {
- memcpy (restenvs + string_len, "XBS5_ILP32_OFF32",
- sizeof "XBS5_ILP32_OFF32" - 1);
- string_len += sizeof "XBS5_ILP32_OFF32" - 1;
- }
+ {
+ memcpy (restenvs + string_len, "XBS5_ILP32_OFF32",
+ sizeof "XBS5_ILP32_OFF32" - 1);
+ string_len += sizeof "XBS5_ILP32_OFF32" - 1;
+ }
#endif
#ifndef _XBS5_ILP32_OFFBIG
- if (__sysconf (_SC_XBS5_ILP32_OFFBIG) > 0)
+ if (__sysconf (_SC_XBS5_ILP32_OFFBIG) > 0)
#endif
#if !defined _XBS5_ILP32_OFFBIG || _XBS5_ILP32_OFFBIG > 0
- {
- if (string_len)
- restenvs[string_len++] = '\n';
- memcpy (restenvs + string_len, "XBS5_ILP32_OFFBIG",
- sizeof "XBS5_ILP32_OFFBIG" - 1);
- string_len += sizeof "XBS5_ILP32_OFFBIG" - 1;
- }
+ {
+ if (string_len)
+ restenvs[string_len++] = '\n';
+ memcpy (restenvs + string_len, "XBS5_ILP32_OFFBIG",
+ sizeof "XBS5_ILP32_OFFBIG" - 1);
+ string_len += sizeof "XBS5_ILP32_OFFBIG" - 1;
+ }
#endif
#ifndef _XBS5_LP64_OFF64
- if (__sysconf (_SC_XBS5_LP64_OFF64) > 0)
+ if (__sysconf (_SC_XBS5_LP64_OFF64) > 0)
#endif
#if !defined _XBS5_LP64_OFF64 || _XBS5_LP64_OFF64 > 0
- {
- if (string_len)
- restenvs[string_len++] = '\n';
- memcpy (restenvs + string_len, "XBS5_LP64_OFF64",
- sizeof "XBS5_LP64_OFF64" - 1);
- string_len += sizeof "XBS5_LP64_OFF64" - 1;
- }
+ {
+ if (string_len)
+ restenvs[string_len++] = '\n';
+ memcpy (restenvs + string_len, "XBS5_LP64_OFF64",
+ sizeof "XBS5_LP64_OFF64" - 1);
+ string_len += sizeof "XBS5_LP64_OFF64" - 1;
+ }
#endif
#ifndef _XBS5_LPBIG_OFFBIG
- if (__sysconf (_SC_XBS5_LPBIG_OFFBIG) > 0)
+ if (__sysconf (_SC_XBS5_LPBIG_OFFBIG) > 0)
#endif
#if !defined _XBS5_LPBIG_OFFBIG || _XBS5_LPBIG_OFFBIG > 0
- {
- if (string_len)
- restenvs[string_len++] = '\n';
- memcpy (restenvs + string_len, "XBS5_LPBIG_OFFBIG",
- sizeof "XBS5_LPBIG_OFFBIG" - 1);
- string_len += sizeof "XBS5_LPBIG_OFFBIG" - 1;
- }
-#endif
- restenvs[string_len++] = '\0';
- string = restenvs;
- }
+ {
+ if (string_len)
+ restenvs[string_len++] = '\n';
+ memcpy (restenvs + string_len, "XBS5_LPBIG_OFFBIG",
+ sizeof "XBS5_LPBIG_OFFBIG" - 1);
+ string_len += sizeof "XBS5_LPBIG_OFFBIG" - 1;
+ }
+#endif
+ restenvs[string_len++] = '\0';
+ string = restenvs;
break;
case _CS_XBS5_ILP32_OFF32_CFLAGS:
--
1.7.9.7
reply other threads:[~2012-06-18 4:31 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120618043126.ED2C22004F@flycatcher.gentoo.org \
--to=vapier@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox