rpms / glibc

Clone
Source Code
GIT

Blame SOURCES/glibc-rh1784525.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-armhfp c7-beta c8 c8-beta c8s c8s-sig-hyperscale-intel c9 c9-beta
  1.   c8
  2.   SOURCES
  3.   glibc-rh1784525.patch
Blob History Raw
a2cf7d 
commit ef21bd2d8c6805c0c186a01f7c5039189f51b8c4
a2cf7d 
Author: DJ Delorie <dj@redhat.com>
a2cf7d 
Date:   Fri Oct 18 17:15:52 2019 -0400
a2cf7d
a2cf7d 
    loadarchive: guard against locale-archive corruption (Bug #25115)
a2cf7d
a2cf7d 
    _nl_load_locale_from_archive() checks for a zero size, but
a2cf7d 
    divides by both (size) and (size-2).  Extend the check to
a2cf7d 
    guard against a size of two or less.
a2cf7d
a2cf7d 
    Tested by manually corrupting locale-archive and running a program
a2cf7d 
    that calls setlocale() with LOCPATH unset (size is typically very
a2cf7d 
    large).
a2cf7d
a2cf7d 
    Reviewed-by: Carlos O'Donell <carlos@redhat.com>
a2cf7d
a2cf7d 
diff --git a/locale/loadarchive.c b/locale/loadarchive.c
a2cf7d 
index 516d30d8d16bd578..b308fd886f44e1fd 100644
a2cf7d 
--- a/locale/loadarchive.c
a2cf7d 
+++ b/locale/loadarchive.c
a2cf7d 
@@ -274,7 +274,7 @@ _nl_load_locale_from_archive (int category, const char **namep)
a2cf7d 
 					+ head->namehash_offset);
a2cf7d
a2cf7d 
   /* Avoid division by 0 if the file is corrupted.  */
a2cf7d 
-  if (__glibc_unlikely (head->namehash_size == 0))
a2cf7d 
+  if (__glibc_unlikely (head->namehash_size <= 2))
a2cf7d 
     goto close_and_out;
a2cf7d
a2cf7d 
   idx = hval % head->namehash_size;

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation