* [gentoo-commits] gentoo commit in src/patchsets/glibc/2.15: 0088_all_glibc-2.12-getconf-buffer-overflow.patch README.history
@ 2012-06-18 4:31 Mike Frysinger (vapier)
0 siblings, 0 replies; only message in thread
From: Mike Frysinger (vapier) @ 2012-06-18 4:31 UTC (permalink / raw
To: gentoo-commits
vapier 12/06/18 04:31:27
Modified: README.history
Added: 0088_all_glibc-2.12-getconf-buffer-overflow.patch
Log:
add fix from upstream for not creating a large enough local buffer with getconf #411905 by Ryan Hill
Revision Changes Path
1.24 src/patchsets/glibc/2.15/README.history
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.15/README.history?rev=1.24&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.15/README.history?rev=1.24&content-type=text/plain
diff : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.15/README.history?r1=1.23&r2=1.24
Index: README.history
===================================================================
RCS file: /var/cvsroot/gentoo/src/patchsets/glibc/2.15/README.history,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- README.history 14 Jun 2012 18:29:43 -0000 1.23
+++ README.history 18 Jun 2012 04:31:27 -0000 1.24
@@ -1,3 +1,6 @@
+18 17 Jun 2012
+ + 0088_all_glibc-2.12-getconf-buffer-overflow.patch
+
17 14 Jun 2012
U 1200_all_glibc-2.15-x32.patch
1.1 src/patchsets/glibc/2.15/0088_all_glibc-2.12-getconf-buffer-overflow.patch
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.15/0088_all_glibc-2.12-getconf-buffer-overflow.patch?rev=1.1&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.15/0088_all_glibc-2.12-getconf-buffer-overflow.patch?rev=1.1&content-type=text/plain
Index: 0088_all_glibc-2.12-getconf-buffer-overflow.patch
===================================================================
this also squashes in upstream d6a403f953fe80f40761023af9a8b7824752bb32
https://bugs.gentoo.org/411905
From ac4c54f0cce8bb20c100a4c1041f3aa3e7d6cd0a Mon Sep 17 00:00:00 2001
From: Roland McGrath <roland@hack.frob.com>
Date: Sun, 25 Mar 2012 11:36:35 -0700
Subject: [PATCH] Fix confstr use of local buffer outside its extent.
---
ChangeLog | 5 ++
posix/confstr.c | 222 ++++++++++++++++++++++++++-----------------------------
2 files changed, 111 insertions(+), 116 deletions(-)
2012-03-25 Roland McGrath <roland@hack.frob.com>
* posix/confstr.c (confstr): Lift RESTENVS definition to function scope.
Reported by Allan McRae <allan@archlinux.org>.
diff --git a/posix/confstr.c b/posix/confstr.c
index 3c9566d..ad8fea9 100644
--- a/posix/confstr.c
+++ b/posix/confstr.c
@@ -1,5 +1,4 @@
-/* Copyright (C) 1991,1996,1997,2000-2004,2009,2010 Free
- Software Foundation, Inc.
+/* Copyright (C) 1991-2012 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
@@ -34,6 +33,10 @@ confstr (name, buf, len)
{
const char *string = "";
size_t string_len = 1;
+
+ /* Note that this buffer must be large enough for the longest strings
+ used below. */
+ char restenvs[4 * sizeof "POSIX_V7_LPBIG_OFFBIG"];
switch (name)
{
@@ -53,59 +55,55 @@ confstr (name, buf, len)
wint_t types are no greater than the width of type long.
Currently this means all environment which the system allows. */
- {
- char restenvs[4 * sizeof "POSIX_V7_LPBIG_OFFBIG"];
-
- string_len = 0;
+ string_len = 0;
#ifndef _POSIX_V7_ILP32_OFF32
- if (__sysconf (_SC_V7_ILP32_OFF32) > 0)
+ if (__sysconf (_SC_V7_ILP32_OFF32) > 0)
#endif
#if !defined _POSIX_V7_ILP32_OFF32 || _POSIX_V7_ILP32_OFF32 > 0
- {
- memcpy (restenvs + string_len, "POSIX_V7_ILP32_OFF32",
- sizeof "POSIX_V7_ILP32_OFF32" - 1);
- string_len += sizeof "POSIX_V7_ILP32_OFF32" - 1;
- }
+ {
+ memcpy (restenvs + string_len, "POSIX_V7_ILP32_OFF32",
+ sizeof "POSIX_V7_ILP32_OFF32" - 1);
+ string_len += sizeof "POSIX_V7_ILP32_OFF32" - 1;
+ }
#endif
#ifndef _POSIX_V7_ILP32_OFFBIG
- if (__sysconf (_SC_V7_ILP32_OFFBIG) > 0)
+ if (__sysconf (_SC_V7_ILP32_OFFBIG) > 0)
#endif
#if !defined _POSIX_V7_ILP32_OFFBIG || _POSIX_V7_ILP32_OFFBIG > 0
- {
- if (string_len)
- restenvs[string_len++] = '\n';
- memcpy (restenvs + string_len, "POSIX_V7_ILP32_OFFBIG",
- sizeof "POSIX_V7_ILP32_OFFBIG" - 1);
- string_len += sizeof "POSIX_V7_ILP32_OFFBIG" - 1;
- }
+ {
+ if (string_len)
+ restenvs[string_len++] = '\n';
+ memcpy (restenvs + string_len, "POSIX_V7_ILP32_OFFBIG",
+ sizeof "POSIX_V7_ILP32_OFFBIG" - 1);
+ string_len += sizeof "POSIX_V7_ILP32_OFFBIG" - 1;
+ }
#endif
#ifndef _POSIX_V7_LP64_OFF64
- if (__sysconf (_SC_V7_LP64_OFF64) > 0)
+ if (__sysconf (_SC_V7_LP64_OFF64) > 0)
#endif
#if !defined _POSIX_V7_LP64_OFF64 || _POSIX_V7_LP64_OFF64 > 0
- {
- if (string_len)
- restenvs[string_len++] = '\n';
- memcpy (restenvs + string_len, "POSIX_V7_LP64_OFF64",
- sizeof "POSIX_V7_LP64_OFF64" - 1);
- string_len += sizeof "POSIX_V7_LP64_OFF64" - 1;
- }
+ {
+ if (string_len)
+ restenvs[string_len++] = '\n';
+ memcpy (restenvs + string_len, "POSIX_V7_LP64_OFF64",
+ sizeof "POSIX_V7_LP64_OFF64" - 1);
+ string_len += sizeof "POSIX_V7_LP64_OFF64" - 1;
+ }
#endif
#ifndef _POSIX_V7_LPBIG_OFFBIG
- if (__sysconf (_SC_V7_LPBIG_OFFBIG) > 0)
+ if (__sysconf (_SC_V7_LPBIG_OFFBIG) > 0)
#endif
#if !defined _POSIX_V7_LPBIG_OFFBIG || _POSIX_V7_LPBIG_OFFBIG > 0
- {
- if (string_len)
- restenvs[string_len++] = '\n';
- memcpy (restenvs + string_len, "POSIX_V7_LPBIG_OFFBIG",
- sizeof "POSIX_V7_LPBIG_OFFBIG" - 1);
- string_len += sizeof "POSIX_V7_LPBIG_OFFBIG" - 1;
- }
-#endif
- restenvs[string_len++] = '\0';
- string = restenvs;
- }
+ {
+ if (string_len)
+ restenvs[string_len++] = '\n';
+ memcpy (restenvs + string_len, "POSIX_V7_LPBIG_OFFBIG",
+ sizeof "POSIX_V7_LPBIG_OFFBIG" - 1);
+ string_len += sizeof "POSIX_V7_LPBIG_OFFBIG" - 1;
+ }
+#endif
+ restenvs[string_len++] = '\0';
+ string = restenvs;
break;
case _CS_V6_WIDTH_RESTRICTED_ENVS:
@@ -116,59 +114,55 @@ confstr (name, buf, len)
wint_t types are no greater than the width of type long.
Currently this means all environment which the system allows. */
- {
- char restenvs[4 * sizeof "POSIX_V6_LPBIG_OFFBIG"];
-
- string_len = 0;
+ string_len = 0;
#ifndef _POSIX_V6_ILP32_OFF32
- if (__sysconf (_SC_V6_ILP32_OFF32) > 0)
+ if (__sysconf (_SC_V6_ILP32_OFF32) > 0)
#endif
#if !defined _POSIX_V6_ILP32_OFF32 || _POSIX_V6_ILP32_OFF32 > 0
- {
- memcpy (restenvs + string_len, "POSIX_V6_ILP32_OFF32",
- sizeof "POSIX_V6_ILP32_OFF32" - 1);
- string_len += sizeof "POSIX_V6_ILP32_OFF32" - 1;
- }
+ {
+ memcpy (restenvs + string_len, "POSIX_V6_ILP32_OFF32",
+ sizeof "POSIX_V6_ILP32_OFF32" - 1);
+ string_len += sizeof "POSIX_V6_ILP32_OFF32" - 1;
+ }
#endif
#ifndef _POSIX_V6_ILP32_OFFBIG
- if (__sysconf (_SC_V6_ILP32_OFFBIG) > 0)
+ if (__sysconf (_SC_V6_ILP32_OFFBIG) > 0)
#endif
#if !defined _POSIX_V6_ILP32_OFFBIG || _POSIX_V6_ILP32_OFFBIG > 0
- {
- if (string_len)
- restenvs[string_len++] = '\n';
- memcpy (restenvs + string_len, "POSIX_V6_ILP32_OFFBIG",
- sizeof "POSIX_V6_ILP32_OFFBIG" - 1);
- string_len += sizeof "POSIX_V6_ILP32_OFFBIG" - 1;
- }
+ {
+ if (string_len)
+ restenvs[string_len++] = '\n';
+ memcpy (restenvs + string_len, "POSIX_V6_ILP32_OFFBIG",
+ sizeof "POSIX_V6_ILP32_OFFBIG" - 1);
+ string_len += sizeof "POSIX_V6_ILP32_OFFBIG" - 1;
+ }
#endif
#ifndef _POSIX_V6_LP64_OFF64
- if (__sysconf (_SC_V6_LP64_OFF64) > 0)
+ if (__sysconf (_SC_V6_LP64_OFF64) > 0)
#endif
#if !defined _POSIX_V6_LP64_OFF64 || _POSIX_V6_LP64_OFF64 > 0
- {
- if (string_len)
- restenvs[string_len++] = '\n';
- memcpy (restenvs + string_len, "POSIX_V6_LP64_OFF64",
- sizeof "POSIX_V6_LP64_OFF64" - 1);
- string_len += sizeof "POSIX_V6_LP64_OFF64" - 1;
- }
+ {
+ if (string_len)
+ restenvs[string_len++] = '\n';
+ memcpy (restenvs + string_len, "POSIX_V6_LP64_OFF64",
+ sizeof "POSIX_V6_LP64_OFF64" - 1);
+ string_len += sizeof "POSIX_V6_LP64_OFF64" - 1;
+ }
#endif
#ifndef _POSIX_V6_LPBIG_OFFBIG
- if (__sysconf (_SC_V6_LPBIG_OFFBIG) > 0)
+ if (__sysconf (_SC_V6_LPBIG_OFFBIG) > 0)
#endif
#if !defined _POSIX_V6_LPBIG_OFFBIG || _POSIX_V6_LPBIG_OFFBIG > 0
- {
- if (string_len)
- restenvs[string_len++] = '\n';
- memcpy (restenvs + string_len, "POSIX_V6_LPBIG_OFFBIG",
- sizeof "POSIX_V6_LPBIG_OFFBIG" - 1);
- string_len += sizeof "POSIX_V6_LPBIG_OFFBIG" - 1;
- }
-#endif
- restenvs[string_len++] = '\0';
- string = restenvs;
- }
+ {
+ if (string_len)
+ restenvs[string_len++] = '\n';
+ memcpy (restenvs + string_len, "POSIX_V6_LPBIG_OFFBIG",
+ sizeof "POSIX_V6_LPBIG_OFFBIG" - 1);
+ string_len += sizeof "POSIX_V6_LPBIG_OFFBIG" - 1;
+ }
+#endif
+ restenvs[string_len++] = '\0';
+ string = restenvs;
break;
case _CS_V5_WIDTH_RESTRICTED_ENVS:
@@ -179,59 +173,55 @@ confstr (name, buf, len)
wint_t types are no greater than the width of type long.
Currently this means all environment which the system allows. */
- {
- char restenvs[4 * sizeof "XBS5_LPBIG_OFFBIG"];
-
- string_len = 0;
+ string_len = 0;
#ifndef _XBS5_ILP32_OFF32
- if (__sysconf (_SC_XBS5_ILP32_OFF32) > 0)
+ if (__sysconf (_SC_XBS5_ILP32_OFF32) > 0)
#endif
#if !defined _XBS5_ILP32_OFF32 || _XBS5_ILP32_OFF32 > 0
- {
- memcpy (restenvs + string_len, "XBS5_ILP32_OFF32",
- sizeof "XBS5_ILP32_OFF32" - 1);
- string_len += sizeof "XBS5_ILP32_OFF32" - 1;
- }
+ {
+ memcpy (restenvs + string_len, "XBS5_ILP32_OFF32",
+ sizeof "XBS5_ILP32_OFF32" - 1);
+ string_len += sizeof "XBS5_ILP32_OFF32" - 1;
+ }
#endif
#ifndef _XBS5_ILP32_OFFBIG
- if (__sysconf (_SC_XBS5_ILP32_OFFBIG) > 0)
+ if (__sysconf (_SC_XBS5_ILP32_OFFBIG) > 0)
#endif
#if !defined _XBS5_ILP32_OFFBIG || _XBS5_ILP32_OFFBIG > 0
- {
- if (string_len)
- restenvs[string_len++] = '\n';
- memcpy (restenvs + string_len, "XBS5_ILP32_OFFBIG",
- sizeof "XBS5_ILP32_OFFBIG" - 1);
- string_len += sizeof "XBS5_ILP32_OFFBIG" - 1;
- }
+ {
+ if (string_len)
+ restenvs[string_len++] = '\n';
+ memcpy (restenvs + string_len, "XBS5_ILP32_OFFBIG",
+ sizeof "XBS5_ILP32_OFFBIG" - 1);
+ string_len += sizeof "XBS5_ILP32_OFFBIG" - 1;
+ }
#endif
#ifndef _XBS5_LP64_OFF64
- if (__sysconf (_SC_XBS5_LP64_OFF64) > 0)
+ if (__sysconf (_SC_XBS5_LP64_OFF64) > 0)
#endif
#if !defined _XBS5_LP64_OFF64 || _XBS5_LP64_OFF64 > 0
- {
- if (string_len)
- restenvs[string_len++] = '\n';
- memcpy (restenvs + string_len, "XBS5_LP64_OFF64",
- sizeof "XBS5_LP64_OFF64" - 1);
- string_len += sizeof "XBS5_LP64_OFF64" - 1;
- }
+ {
+ if (string_len)
+ restenvs[string_len++] = '\n';
+ memcpy (restenvs + string_len, "XBS5_LP64_OFF64",
+ sizeof "XBS5_LP64_OFF64" - 1);
+ string_len += sizeof "XBS5_LP64_OFF64" - 1;
+ }
#endif
#ifndef _XBS5_LPBIG_OFFBIG
- if (__sysconf (_SC_XBS5_LPBIG_OFFBIG) > 0)
+ if (__sysconf (_SC_XBS5_LPBIG_OFFBIG) > 0)
#endif
#if !defined _XBS5_LPBIG_OFFBIG || _XBS5_LPBIG_OFFBIG > 0
- {
- if (string_len)
- restenvs[string_len++] = '\n';
- memcpy (restenvs + string_len, "XBS5_LPBIG_OFFBIG",
- sizeof "XBS5_LPBIG_OFFBIG" - 1);
- string_len += sizeof "XBS5_LPBIG_OFFBIG" - 1;
- }
-#endif
- restenvs[string_len++] = '\0';
- string = restenvs;
- }
+ {
+ if (string_len)
+ restenvs[string_len++] = '\n';
+ memcpy (restenvs + string_len, "XBS5_LPBIG_OFFBIG",
+ sizeof "XBS5_LPBIG_OFFBIG" - 1);
+ string_len += sizeof "XBS5_LPBIG_OFFBIG" - 1;
+ }
+#endif
+ restenvs[string_len++] = '\0';
+ string = restenvs;
break;
case _CS_XBS5_ILP32_OFF32_CFLAGS:
--
1.7.9.7
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2012-06-18 4:32 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-06-18 4:31 [gentoo-commits] gentoo commit in src/patchsets/glibc/2.15: 0088_all_glibc-2.12-getconf-buffer-overflow.patch README.history Mike Frysinger (vapier)
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox