diff options
author | Hongxu Jia <hongxu.jia@windriver.com> | 2019-06-16 22:17:41 -0400 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2019-06-18 11:23:48 +0100 |
commit | 57588174445781f0c1ca83faa4680612d728ff64 (patch) | |
tree | 5f49a21feec330854bbe173d823ea73e38c78f46 | |
parent | 27d60c5a812774f0e5c43161e5b514c4aebdf301 (diff) | |
download | poky-57588174445781f0c1ca83faa4680612d728ff64.tar.gz |
openssh: fix potential signed overflow in pointer arithmatic
Pointer arithmatic results in implementation defined signed integer
type, so that 'd - dst’ in strlcat may trigger signed overflow if
pointer ‘d’ is near 0x7fffffff in 32 bits system. In case of ompilation
by gcc or clang with -ftrapv option, the overflow would generate
program abort.
(From OE-Core rev: 1c4b8d797c76a08ebd1658066e9d32972b6abe58)
Signed-off-by: hguo3 <heng.guo@windriver.com>
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch | 26 |
1 files changed, 19 insertions, 7 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch b/meta/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch index 7e043a2db1..20036da931 100644 --- a/meta/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch +++ b/meta/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch | |||
@@ -11,14 +11,17 @@ would lead to program abort. | |||
11 | Upstream-Status: Submitted [http://bugzilla.mindrot.org/show_bug.cgi?id=2608] | 11 | Upstream-Status: Submitted [http://bugzilla.mindrot.org/show_bug.cgi?id=2608] |
12 | 12 | ||
13 | Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com> | 13 | Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com> |
14 | |||
15 | Complete the fix | ||
16 | Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> | ||
14 | --- | 17 | --- |
15 | openbsd-compat/strlcat.c | 8 ++++++-- | 18 | openbsd-compat/strlcat.c | 10 +++++++--- |
16 | openbsd-compat/strlcpy.c | 8 ++++++-- | 19 | openbsd-compat/strlcpy.c | 8 ++++++-- |
17 | openbsd-compat/strnlen.c | 8 ++++++-- | 20 | openbsd-compat/strnlen.c | 8 ++++++-- |
18 | 3 files changed, 18 insertions(+), 6 deletions(-) | 21 | 3 files changed, 19 insertions(+), 7 deletions(-) |
19 | 22 | ||
20 | diff --git a/openbsd-compat/strlcat.c b/openbsd-compat/strlcat.c | 23 | diff --git a/openbsd-compat/strlcat.c b/openbsd-compat/strlcat.c |
21 | index bcc1b61..e758ebf 100644 | 24 | index bcc1b61..124e1e3 100644 |
22 | --- a/openbsd-compat/strlcat.c | 25 | --- a/openbsd-compat/strlcat.c |
23 | +++ b/openbsd-compat/strlcat.c | 26 | +++ b/openbsd-compat/strlcat.c |
24 | @@ -23,6 +23,7 @@ | 27 | @@ -23,6 +23,7 @@ |
@@ -29,6 +32,15 @@ index bcc1b61..e758ebf 100644 | |||
29 | 32 | ||
30 | /* | 33 | /* |
31 | * Appends src to string dst of size siz (unlike strncat, siz is the | 34 | * Appends src to string dst of size siz (unlike strncat, siz is the |
35 | @@ -42,7 +43,7 @@ strlcat(char *dst, const char *src, size_t siz) | ||
36 | /* Find the end of dst and adjust bytes left but don't go past end */ | ||
37 | while (n-- != 0 && *d != '\0') | ||
38 | d++; | ||
39 | - dlen = d - dst; | ||
40 | + dlen = (uintptr_t)d - (uintptr_t)dst; | ||
41 | n = siz - dlen; | ||
42 | |||
43 | if (n == 0) | ||
32 | @@ -55,8 +56,11 @@ strlcat(char *dst, const char *src, size_t siz) | 44 | @@ -55,8 +56,11 @@ strlcat(char *dst, const char *src, size_t siz) |
33 | s++; | 45 | s++; |
34 | } | 46 | } |
@@ -70,7 +82,7 @@ index b4b1b60..b06f374 100644 | |||
70 | 82 | ||
71 | #endif /* !HAVE_STRLCPY */ | 83 | #endif /* !HAVE_STRLCPY */ |
72 | diff --git a/openbsd-compat/strnlen.c b/openbsd-compat/strnlen.c | 84 | diff --git a/openbsd-compat/strnlen.c b/openbsd-compat/strnlen.c |
73 | index 93d5155..9b8de5d 100644 | 85 | index 7ad3573..7040f1f 100644 |
74 | --- a/openbsd-compat/strnlen.c | 86 | --- a/openbsd-compat/strnlen.c |
75 | +++ b/openbsd-compat/strnlen.c | 87 | +++ b/openbsd-compat/strnlen.c |
76 | @@ -23,6 +23,7 @@ | 88 | @@ -23,6 +23,7 @@ |
@@ -95,5 +107,5 @@ index 93d5155..9b8de5d 100644 | |||
95 | } | 107 | } |
96 | #endif | 108 | #endif |
97 | -- | 109 | -- |
98 | 1.9.1 | 110 | 2.17.1 |
99 | 111 | ||