Tree - rpms/glibc - CentOS Git server

rpms / glibc

Files

Commit: 00c0d4e1778d0a1e90045e3067b5812c858b9451

Blob Blame History Raw

 commit 9a99c682144bdbd40792ebf822fe9264e0376fb5
Author: Arjun Shankar <arjun@redhat.com>
Date:   Wed Nov 4 12:19:38 2020 +0100
 
    iconv: Accept redundant shift sequences in IBM1364 [BZ #26224]
    
    The IBM1364, IBM1371, IBM1388, IBM1390 and IBM1399 character sets
    share converter logic (iconvdata/ibm1364.c) which would reject
    redundant shift sequences when processing input in these character
    sets.  This led to a hang in the iconv program (CVE-2020-27618).
    
    This commit adjusts the converter to ignore redundant shift sequences
    and adds test cases for iconv_prog hangs that would be triggered upon
    their rejection.  This brings the implementation in line with other
    converters that also ignore redundant shift sequences (e.g. IBM930
    etc., fixed in commit 692de4b3960d).
    
    Reviewed-by: Carlos O'Donell <carlos@redhat.com>
 
diff --git a/iconv/tst-iconv_prog.sh b/iconv/tst-iconv_prog.sh
index 8298136b7f45d855..d8db7b335c1fcca2 100644
--- a/iconv/tst-iconv_prog.sh
+++ b/iconv/tst-iconv_prog.sh
@@ -102,12 +102,16 @@ hangarray=(
 "\x00\x80;-c;IBM1161;UTF-8//TRANSLIT//IGNORE"
 "\x00\xdb;-c;IBM1162;UTF-8//TRANSLIT//IGNORE"
 "\x00\x70;-c;IBM12712;UTF-8//TRANSLIT//IGNORE"
-# These are known hangs that are yet to be fixed:
-# "\x00\x0f;-c;IBM1364;UTF-8"
-# "\x00\x0f;-c;IBM1371;UTF-8"
-# "\x00\x0f;-c;IBM1388;UTF-8"
-# "\x00\x0f;-c;IBM1390;UTF-8"
-# "\x00\x0f;-c;IBM1399;UTF-8"
+"\x00\x0f;-c;IBM1364;UTF-8"
+"\x0e\x0e;-c;IBM1364;UTF-8"
+"\x00\x0f;-c;IBM1371;UTF-8"
+"\x0e\x0e;-c;IBM1371;UTF-8"
+"\x00\x0f;-c;IBM1388;UTF-8"
+"\x0e\x0e;-c;IBM1388;UTF-8"
+"\x00\x0f;-c;IBM1390;UTF-8"
+"\x0e\x0e;-c;IBM1390;UTF-8"
+"\x00\x0f;-c;IBM1399;UTF-8"
+"\x0e\x0e;-c;IBM1399;UTF-8"
 "\x00\x53;-c;IBM16804;UTF-8//TRANSLIT//IGNORE"
 "\x00\x41;-c;IBM274;UTF-8//TRANSLIT//IGNORE"
 "\x00\x41;-c;IBM275;UTF-8//TRANSLIT//IGNORE"
diff --git a/iconvdata/ibm1364.c b/iconvdata/ibm1364.c
index 517fe60813be0472..ecc3f8ddddbdbc8c 100644
--- a/iconvdata/ibm1364.c
+++ b/iconvdata/ibm1364.c
@@ -158,24 +158,14 @@ enum
 									      \
     if (__builtin_expect (ch, 0) == SO)					      \
       {									      \
-	/* Shift OUT, change to DBCS converter.  */			      \
-	if (curcs == db)						      \
-	  {								      \
-	    result = __GCONV_ILLEGAL_INPUT;				      \
-	    break;							      \
-	  }								      \
+	/* Shift OUT, change to DBCS converter (redundant escape okay).  */   \
 	curcs = db;							      \
 	++inptr;							      \
 	continue;							      \
       }									      \
     if (__builtin_expect (ch, 0) == SI)					      \
       {									      \
-	/* Shift IN, change to SBCS converter.  */			      \
-	if (curcs == sb)						      \
-	  {								      \
-	    result = __GCONV_ILLEGAL_INPUT;				      \
-	    break;							      \
-	  }								      \
+	/* Shift IN, change to SBCS converter (redundant escape okay).  */    \
 	curcs = sb;							      \
 	++inptr;							      \
 	continue;							      \

	commit 9a99c682144bdbd40792ebf822fe9264e0376fb5
	Author: Arjun Shankar <arjun@redhat.com>
	Date: Wed Nov 4 12:19:38 2020 +0100

	iconv: Accept redundant shift sequences in IBM1364 [BZ #26224]

	The IBM1364, IBM1371, IBM1388, IBM1390 and IBM1399 character sets
	share converter logic (iconvdata/ibm1364.c) which would reject
	redundant shift sequences when processing input in these character
	sets. This led to a hang in the iconv program (CVE-2020-27618).

	This commit adjusts the converter to ignore redundant shift sequences
	and adds test cases for iconv_prog hangs that would be triggered upon
	their rejection. This brings the implementation in line with other
	converters that also ignore redundant shift sequences (e.g. IBM930
	etc., fixed in commit 692de4b3960d).

	Reviewed-by: Carlos O'Donell <carlos@redhat.com>

	diff --git a/iconv/tst-iconv_prog.sh b/iconv/tst-iconv_prog.sh
	index 8298136b7f45d855..d8db7b335c1fcca2 100644
	--- a/iconv/tst-iconv_prog.sh
	+++ b/iconv/tst-iconv_prog.sh
	@@ -102,12 +102,16 @@ hangarray=(
	"\x00\x80;-c;IBM1161;UTF-8//TRANSLIT//IGNORE"
	"\x00\xdb;-c;IBM1162;UTF-8//TRANSLIT//IGNORE"
	"\x00\x70;-c;IBM12712;UTF-8//TRANSLIT//IGNORE"
	-# These are known hangs that are yet to be fixed:
	-# "\x00\x0f;-c;IBM1364;UTF-8"
	-# "\x00\x0f;-c;IBM1371;UTF-8"
	-# "\x00\x0f;-c;IBM1388;UTF-8"
	-# "\x00\x0f;-c;IBM1390;UTF-8"
	-# "\x00\x0f;-c;IBM1399;UTF-8"
	+"\x00\x0f;-c;IBM1364;UTF-8"
	+"\x0e\x0e;-c;IBM1364;UTF-8"
	+"\x00\x0f;-c;IBM1371;UTF-8"
	+"\x0e\x0e;-c;IBM1371;UTF-8"
	+"\x00\x0f;-c;IBM1388;UTF-8"
	+"\x0e\x0e;-c;IBM1388;UTF-8"
	+"\x00\x0f;-c;IBM1390;UTF-8"
	+"\x0e\x0e;-c;IBM1390;UTF-8"
	+"\x00\x0f;-c;IBM1399;UTF-8"
	+"\x0e\x0e;-c;IBM1399;UTF-8"
	"\x00\x53;-c;IBM16804;UTF-8//TRANSLIT//IGNORE"
	"\x00\x41;-c;IBM274;UTF-8//TRANSLIT//IGNORE"
	"\x00\x41;-c;IBM275;UTF-8//TRANSLIT//IGNORE"
	diff --git a/iconvdata/ibm1364.c b/iconvdata/ibm1364.c
	index 517fe60813be0472..ecc3f8ddddbdbc8c 100644
	--- a/iconvdata/ibm1364.c
	+++ b/iconvdata/ibm1364.c
	@@ -158,24 +158,14 @@ enum
	\
	if (__builtin_expect (ch, 0) == SO) \
	{ \
	- /* Shift OUT, change to DBCS converter. */ \
	- if (curcs == db) \
	- { \
	- result = __GCONV_ILLEGAL_INPUT; \
	- break; \
	- } \
	+ /* Shift OUT, change to DBCS converter (redundant escape okay). */ \
	curcs = db; \
	++inptr; \
	continue; \
	} \
	if (__builtin_expect (ch, 0) == SI) \
	{ \
	- /* Shift IN, change to SBCS converter. */ \
	- if (curcs == sb) \
	- { \
	- result = __GCONV_ILLEGAL_INPUT; \
	- break; \
	- } \
	+ /* Shift IN, change to SBCS converter (redundant escape okay). */ \
	curcs = sb; \
	++inptr; \
	continue; \

rpms / glibc

Source Code

Files