wok-current rev 25700
Patch glibc CVE-2024-2961 again (wrong encode char on patch)
author | Stanislas Leduc <shann@slitaz.org> |
---|---|
date | Thu Apr 18 21:24:55 2024 +0000 (8 months ago) |
parents | 12b90a723e05 |
children | 9ec15db3af75 |
files | glibc/stuff/glibc-2.28-CVE-2024-2961.patch |
line diff
1.1 --- a/glibc/stuff/glibc-2.28-CVE-2024-2961.patch Thu Apr 18 21:07:29 2024 +0000 1.2 +++ b/glibc/stuff/glibc-2.28-CVE-2024-2961.patch Thu Apr 18 21:24:55 2024 +0000 1.3 @@ -1,3 +1,31 @@ 1.4 +From 682ad4c8623e611a971839990ceef00346289cc9 Mon Sep 17 00:00:00 2001 1.5 +From: Charles Fol <folcharles@gmail.com> 1.6 +Date: Thu, 28 Mar 2024 12:25:38 -0300 1.7 +Subject: [PATCH] iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing 1.8 + escape sequence (CVE-2024-2961) 1.9 + 1.10 +ISO-2022-CN-EXT uses escape sequences to indicate character set changes 1.11 +(as specified by RFC 1922). While the SOdesignation has the expected 1.12 +bounds checks, neither SS2designation nor SS3designation have its; 1.13 +allowing a write overflow of 1, 2, or 3 bytes with fixed values: 1.14 +'$+I', '$+J', '$+K', '$+L', '$+M', or '$*H'. 1.15 + 1.16 +Checked on aarch64-linux-gnu. 1.17 + 1.18 +Co-authored-by: Adhemerval Zanella <adhemerval.zanella@linaro.org> 1.19 +Reviewed-by: Carlos O'Donell <carlos@redhat.com> 1.20 +Tested-by: Carlos O'Donell <carlos@redhat.com> 1.21 + 1.22 +(cherry picked from commit f9dc609e06b1136bb0408be9605ce7973a767ada) 1.23 +--- 1.24 + iconvdata/Makefile | 5 +- 1.25 + iconvdata/iso-2022-cn-ext.c | 12 +++ 1.26 + iconvdata/tst-iconv-iso-2022-cn-ext.c | 128 ++++++++++++++++++++++++++ 1.27 + 3 files changed, 144 insertions(+), 1 deletion(-) 1.28 + create mode 100644 iconvdata/tst-iconv-iso-2022-cn-ext.c 1.29 + 1.30 +diff --git a/iconvdata/Makefile b/iconvdata/Makefile 1.31 +index b67b4feeb4..8fc126c210 100644 1.32 --- a/iconvdata/Makefile 1.33 +++ b/iconvdata/Makefile 1.34 @@ -73,7 +73,7 @@ 1.35 @@ -156,7 +184,7 @@ 1.36 + 1.37 + /* Same as before for SS3designation. */ 1.38 + { 1.39 -+ char inbuf[] = "å \xe5\x8a\x84"; 1.40 ++ char inbuf[] = "å \xe5\x8a\x84"; 1.41 + 1.42 + for (int i = 0; i < 14; i++) 1.43 + { 1.44 @@ -182,5 +210,6 @@ 1.45 +} 1.46 + 1.47 +#include <support/test-driver.c> 1.48 --- 1.49 +-- 1.50 2.39.3 1.51 +