|
 |
d5474c |
commit 9a99c682144bdbd40792ebf822fe9264e0376fb5
|
|
|
d5474c |
Author: Arjun Shankar <arjun@redhat.com>
|
|
|
d5474c |
Date: Wed Nov 4 12:19:38 2020 +0100
|
|
|
d5474c |
|
|
|
d5474c |
iconv: Accept redundant shift sequences in IBM1364 [BZ #26224]
|
|
|
d5474c |
|
|
|
d5474c |
The IBM1364, IBM1371, IBM1388, IBM1390 and IBM1399 character sets
|
|
|
d5474c |
share converter logic (iconvdata/ibm1364.c) which would reject
|
|
|
d5474c |
redundant shift sequences when processing input in these character
|
|
|
d5474c |
sets. This led to a hang in the iconv program (CVE-2020-27618).
|
|
|
d5474c |
|
|
|
d5474c |
This commit adjusts the converter to ignore redundant shift sequences
|
|
|
d5474c |
and adds test cases for iconv_prog hangs that would be triggered upon
|
|
|
d5474c |
their rejection. This brings the implementation in line with other
|
|
|
d5474c |
converters that also ignore redundant shift sequences (e.g. IBM930
|
|
|
d5474c |
etc., fixed in commit 692de4b3960d).
|
|
|
d5474c |
|
|
|
d5474c |
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
|
|
|
d5474c |
|
|
|
d5474c |
diff --git a/iconv/tst-iconv_prog.sh b/iconv/tst-iconv_prog.sh
|
|
|
d5474c |
index 8298136b7f45d855..d8db7b335c1fcca2 100644
|
|
|
d5474c |
--- a/iconv/tst-iconv_prog.sh
|
|
|
d5474c |
+++ b/iconv/tst-iconv_prog.sh
|
|
|
d5474c |
@@ -102,12 +102,16 @@ hangarray=(
|
|
|
d5474c |
"\x00\x80;-c;IBM1161;UTF-8//TRANSLIT//IGNORE"
|
|
|
d5474c |
"\x00\xdb;-c;IBM1162;UTF-8//TRANSLIT//IGNORE"
|
|
|
d5474c |
"\x00\x70;-c;IBM12712;UTF-8//TRANSLIT//IGNORE"
|
|
|
d5474c |
-# These are known hangs that are yet to be fixed:
|
|
|
d5474c |
-# "\x00\x0f;-c;IBM1364;UTF-8"
|
|
|
d5474c |
-# "\x00\x0f;-c;IBM1371;UTF-8"
|
|
|
d5474c |
-# "\x00\x0f;-c;IBM1388;UTF-8"
|
|
|
d5474c |
-# "\x00\x0f;-c;IBM1390;UTF-8"
|
|
|
d5474c |
-# "\x00\x0f;-c;IBM1399;UTF-8"
|
|
|
d5474c |
+"\x00\x0f;-c;IBM1364;UTF-8"
|
|
|
d5474c |
+"\x0e\x0e;-c;IBM1364;UTF-8"
|
|
|
d5474c |
+"\x00\x0f;-c;IBM1371;UTF-8"
|
|
|
d5474c |
+"\x0e\x0e;-c;IBM1371;UTF-8"
|
|
|
d5474c |
+"\x00\x0f;-c;IBM1388;UTF-8"
|
|
|
d5474c |
+"\x0e\x0e;-c;IBM1388;UTF-8"
|
|
|
d5474c |
+"\x00\x0f;-c;IBM1390;UTF-8"
|
|
|
d5474c |
+"\x0e\x0e;-c;IBM1390;UTF-8"
|
|
|
d5474c |
+"\x00\x0f;-c;IBM1399;UTF-8"
|
|
|
d5474c |
+"\x0e\x0e;-c;IBM1399;UTF-8"
|
|
|
d5474c |
"\x00\x53;-c;IBM16804;UTF-8//TRANSLIT//IGNORE"
|
|
|
d5474c |
"\x00\x41;-c;IBM274;UTF-8//TRANSLIT//IGNORE"
|
|
|
d5474c |
"\x00\x41;-c;IBM275;UTF-8//TRANSLIT//IGNORE"
|
|
|
d5474c |
diff --git a/iconvdata/ibm1364.c b/iconvdata/ibm1364.c
|
|
|
d5474c |
index 517fe60813be0472..ecc3f8ddddbdbc8c 100644
|
|
|
d5474c |
--- a/iconvdata/ibm1364.c
|
|
|
d5474c |
+++ b/iconvdata/ibm1364.c
|
|
|
d5474c |
@@ -158,24 +158,14 @@ enum
|
|
|
d5474c |
\
|
|
|
d5474c |
if (__builtin_expect (ch, 0) == SO) \
|
|
|
d5474c |
{ \
|
|
|
d5474c |
- /* Shift OUT, change to DBCS converter. */ \
|
|
|
d5474c |
- if (curcs == db) \
|
|
|
d5474c |
- { \
|
|
|
d5474c |
- result = __GCONV_ILLEGAL_INPUT; \
|
|
|
d5474c |
- break; \
|
|
|
d5474c |
- } \
|
|
|
d5474c |
+ /* Shift OUT, change to DBCS converter (redundant escape okay). */ \
|
|
|
d5474c |
curcs = db; \
|
|
|
d5474c |
++inptr; \
|
|
|
d5474c |
continue; \
|
|
|
d5474c |
} \
|
|
|
d5474c |
if (__builtin_expect (ch, 0) == SI) \
|
|
|
d5474c |
{ \
|
|
|
d5474c |
- /* Shift IN, change to SBCS converter. */ \
|
|
|
d5474c |
- if (curcs == sb) \
|
|
|
d5474c |
- { \
|
|
|
d5474c |
- result = __GCONV_ILLEGAL_INPUT; \
|
|
|
d5474c |
- break; \
|
|
|
d5474c |
- } \
|
|
|
d5474c |
+ /* Shift IN, change to SBCS converter (redundant escape okay). */ \
|
|
|
d5474c |
curcs = sb; \
|
|
|
d5474c |
++inptr; \
|
|
|
d5474c |
continue; \
|