# HG changeset patch # User Stanislas Leduc # Date 1713475495 0 # Node ID 48865289e466cf950d8e1e02fee1396b90823d4a # Parent 12b90a723e05e7756faf79ad5c02719b8dcdd21c Patch glibc CVE-2024-2961 again (wrong encode char on patch) diff -r 12b90a723e05 -r 48865289e466 glibc/stuff/glibc-2.28-CVE-2024-2961.patch --- a/glibc/stuff/glibc-2.28-CVE-2024-2961.patch Thu Apr 18 21:07:29 2024 +0000 +++ b/glibc/stuff/glibc-2.28-CVE-2024-2961.patch Thu Apr 18 21:24:55 2024 +0000 @@ -1,3 +1,31 @@ +From 682ad4c8623e611a971839990ceef00346289cc9 Mon Sep 17 00:00:00 2001 +From: Charles Fol +Date: Thu, 28 Mar 2024 12:25:38 -0300 +Subject: [PATCH] iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing + escape sequence (CVE-2024-2961) + +ISO-2022-CN-EXT uses escape sequences to indicate character set changes +(as specified by RFC 1922). While the SOdesignation has the expected +bounds checks, neither SS2designation nor SS3designation have its; +allowing a write overflow of 1, 2, or 3 bytes with fixed values: +'$+I', '$+J', '$+K', '$+L', '$+M', or '$*H'. + +Checked on aarch64-linux-gnu. + +Co-authored-by: Adhemerval Zanella +Reviewed-by: Carlos O'Donell +Tested-by: Carlos O'Donell + +(cherry picked from commit f9dc609e06b1136bb0408be9605ce7973a767ada) +--- + iconvdata/Makefile | 5 +- + iconvdata/iso-2022-cn-ext.c | 12 +++ + iconvdata/tst-iconv-iso-2022-cn-ext.c | 128 ++++++++++++++++++++++++++ + 3 files changed, 144 insertions(+), 1 deletion(-) + create mode 100644 iconvdata/tst-iconv-iso-2022-cn-ext.c + +diff --git a/iconvdata/Makefile b/iconvdata/Makefile +index b67b4feeb4..8fc126c210 100644 --- a/iconvdata/Makefile +++ b/iconvdata/Makefile @@ -73,7 +73,7 @@ @@ -156,7 +184,7 @@ + + /* Same as before for SS3designation. */ + { -+ char inbuf[] = "å \xe5\x8a\x84"; ++ char inbuf[] = "劄 \xe5\x8a\x84"; + + for (int i = 0; i < 14; i++) + { @@ -182,5 +210,6 @@ +} + +#include --- +-- 2.39.3 +