diff options
Diffstat (limited to 'meta/recipes-core/glibc/glibc/CVE-2020-27618.patch')
| -rw-r--r-- | meta/recipes-core/glibc/glibc/CVE-2020-27618.patch | 91 |
1 files changed, 0 insertions, 91 deletions
diff --git a/meta/recipes-core/glibc/glibc/CVE-2020-27618.patch b/meta/recipes-core/glibc/glibc/CVE-2020-27618.patch deleted file mode 100644 index bf32238357..0000000000 --- a/meta/recipes-core/glibc/glibc/CVE-2020-27618.patch +++ /dev/null @@ -1,91 +0,0 @@ -From 20e6c868c29f5a6121cbb88f3387bb9b884a4206 Mon Sep 17 00:00:00 2001 -From: Arjun Shankar <arjun@redhat.com> -Date: Wed, 4 Nov 2020 12:19:38 +0100 -Subject: [PATCH] iconv: Accept redundant shift sequences in IBM1364 [BZ - #26224] - -The IBM1364, IBM1371, IBM1388, IBM1390 and IBM1399 character sets -share converter logic (iconvdata/ibm1364.c) which would reject -redundant shift sequences when processing input in these character -sets. This led to a hang in the iconv program (CVE-2020-27618). - -This commit adjusts the converter to ignore redundant shift sequences -and adds test cases for iconv_prog hangs that would be triggered upon -their rejection. This brings the implementation in line with other -converters that also ignore redundant shift sequences (e.g. IBM930 -etc., fixed in commit 692de4b3960d). - -Reviewed-by: Carlos O'Donell <carlos@redhat.com> - -Upstream-Status: Backport -[https://sourceware.org/git/?p=glibc.git;a=commit; -h=9a99c682144bdbd40792ebf822fe9264e0376fb5] - -CVE: CVE-2020-27618 -Signed-off-by: Yi Fan Yu <yifan.yu@windriver.com> ---- - iconv/tst-iconv_prog.sh | 16 ++++++++++------ - iconvdata/ibm1364.c | 14 ++------------ - 2 files changed, 12 insertions(+), 18 deletions(-) - -diff --git a/iconv/tst-iconv_prog.sh b/iconv/tst-iconv_prog.sh -index 8298136b7f..d8db7b335c 100644 ---- a/iconv/tst-iconv_prog.sh -+++ b/iconv/tst-iconv_prog.sh -@@ -102,12 +102,16 @@ hangarray=( - "\x00\x80;-c;IBM1161;UTF-8//TRANSLIT//IGNORE" - "\x00\xdb;-c;IBM1162;UTF-8//TRANSLIT//IGNORE" - "\x00\x70;-c;IBM12712;UTF-8//TRANSLIT//IGNORE" --# These are known hangs that are yet to be fixed: --# "\x00\x0f;-c;IBM1364;UTF-8" --# "\x00\x0f;-c;IBM1371;UTF-8" --# "\x00\x0f;-c;IBM1388;UTF-8" --# "\x00\x0f;-c;IBM1390;UTF-8" --# "\x00\x0f;-c;IBM1399;UTF-8" -+"\x00\x0f;-c;IBM1364;UTF-8" -+"\x0e\x0e;-c;IBM1364;UTF-8" -+"\x00\x0f;-c;IBM1371;UTF-8" -+"\x0e\x0e;-c;IBM1371;UTF-8" -+"\x00\x0f;-c;IBM1388;UTF-8" -+"\x0e\x0e;-c;IBM1388;UTF-8" -+"\x00\x0f;-c;IBM1390;UTF-8" -+"\x0e\x0e;-c;IBM1390;UTF-8" -+"\x00\x0f;-c;IBM1399;UTF-8" -+"\x0e\x0e;-c;IBM1399;UTF-8" - "\x00\x53;-c;IBM16804;UTF-8//TRANSLIT//IGNORE" - "\x00\x41;-c;IBM274;UTF-8//TRANSLIT//IGNORE" - "\x00\x41;-c;IBM275;UTF-8//TRANSLIT//IGNORE" -diff --git a/iconvdata/ibm1364.c b/iconvdata/ibm1364.c -index 49e7267ab4..521f0825b7 100644 ---- a/iconvdata/ibm1364.c -+++ b/iconvdata/ibm1364.c -@@ -158,24 +158,14 @@ enum - \ - if (__builtin_expect (ch, 0) == SO) \ - { \ -- /* Shift OUT, change to DBCS converter. */ \ -- if (curcs == db) \ -- { \ -- result = __GCONV_ILLEGAL_INPUT; \ -- break; \ -- } \ -+ /* Shift OUT, change to DBCS converter (redundant escape okay). */ \ - curcs = db; \ - ++inptr; \ - continue; \ - } \ - if (__builtin_expect (ch, 0) == SI) \ - { \ -- /* Shift IN, change to SBCS converter. */ \ -- if (curcs == sb) \ -- { \ -- result = __GCONV_ILLEGAL_INPUT; \ -- break; \ -- } \ -+ /* Shift IN, change to SBCS converter (redundant escape okay). */ \ - curcs = sb; \ - ++inptr; \ - continue; \ --- -2.29.2 - |