summaryrefslogtreecommitdiffstats
path: root/meta/recipes-core
diff options
context:
space:
mode:
authorYi Fan Yu <yifan.yu@windriver.com>2021-01-28 17:23:31 -0500
committerRichard Purdie <richard.purdie@linuxfoundation.org>2021-01-30 10:41:03 +0000
commitc679c1cac2af2ad1f1a2f8b2c75f3c5fde2b5ea2 (patch)
tree847c74c6360d8e701cb332f60086e3c1d77753eb /meta/recipes-core
parent36aef08dcd5e45c4138ccd72e8de01157f7213c4 (diff)
downloadpoky-c679c1cac2af2ad1f1a2f8b2c75f3c5fde2b5ea2.tar.gz
glibc: fix CVE-2020-27618
iconv: Accept redundant shift sequences in IBM1364 Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1893708 (From OE-Core rev: 78a381ec75e48283397a7fe9eaad2afbb070c235) Signed-off-by: Yi Fan Yu <yifan.yu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core')
-rw-r--r--meta/recipes-core/glibc/glibc/CVE-2020-27618.patch91
-rw-r--r--meta/recipes-core/glibc/glibc_2.32.bb1
2 files changed, 92 insertions, 0 deletions
diff --git a/meta/recipes-core/glibc/glibc/CVE-2020-27618.patch b/meta/recipes-core/glibc/glibc/CVE-2020-27618.patch
new file mode 100644
index 0000000000..bf32238357
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2020-27618.patch
@@ -0,0 +1,91 @@
1From 20e6c868c29f5a6121cbb88f3387bb9b884a4206 Mon Sep 17 00:00:00 2001
2From: Arjun Shankar <arjun@redhat.com>
3Date: Wed, 4 Nov 2020 12:19:38 +0100
4Subject: [PATCH] iconv: Accept redundant shift sequences in IBM1364 [BZ
5 #26224]
6
7The IBM1364, IBM1371, IBM1388, IBM1390 and IBM1399 character sets
8share converter logic (iconvdata/ibm1364.c) which would reject
9redundant shift sequences when processing input in these character
10sets. This led to a hang in the iconv program (CVE-2020-27618).
11
12This commit adjusts the converter to ignore redundant shift sequences
13and adds test cases for iconv_prog hangs that would be triggered upon
14their rejection. This brings the implementation in line with other
15converters that also ignore redundant shift sequences (e.g. IBM930
16etc., fixed in commit 692de4b3960d).
17
18Reviewed-by: Carlos O'Donell <carlos@redhat.com>
19
20Upstream-Status: Backport
21[https://sourceware.org/git/?p=glibc.git;a=commit;
22h=9a99c682144bdbd40792ebf822fe9264e0376fb5]
23
24CVE: CVE-2020-27618
25Signed-off-by: Yi Fan Yu <yifan.yu@windriver.com>
26---
27 iconv/tst-iconv_prog.sh | 16 ++++++++++------
28 iconvdata/ibm1364.c | 14 ++------------
29 2 files changed, 12 insertions(+), 18 deletions(-)
30
31diff --git a/iconv/tst-iconv_prog.sh b/iconv/tst-iconv_prog.sh
32index 8298136b7f..d8db7b335c 100644
33--- a/iconv/tst-iconv_prog.sh
34+++ b/iconv/tst-iconv_prog.sh
35@@ -102,12 +102,16 @@ hangarray=(
36 "\x00\x80;-c;IBM1161;UTF-8//TRANSLIT//IGNORE"
37 "\x00\xdb;-c;IBM1162;UTF-8//TRANSLIT//IGNORE"
38 "\x00\x70;-c;IBM12712;UTF-8//TRANSLIT//IGNORE"
39-# These are known hangs that are yet to be fixed:
40-# "\x00\x0f;-c;IBM1364;UTF-8"
41-# "\x00\x0f;-c;IBM1371;UTF-8"
42-# "\x00\x0f;-c;IBM1388;UTF-8"
43-# "\x00\x0f;-c;IBM1390;UTF-8"
44-# "\x00\x0f;-c;IBM1399;UTF-8"
45+"\x00\x0f;-c;IBM1364;UTF-8"
46+"\x0e\x0e;-c;IBM1364;UTF-8"
47+"\x00\x0f;-c;IBM1371;UTF-8"
48+"\x0e\x0e;-c;IBM1371;UTF-8"
49+"\x00\x0f;-c;IBM1388;UTF-8"
50+"\x0e\x0e;-c;IBM1388;UTF-8"
51+"\x00\x0f;-c;IBM1390;UTF-8"
52+"\x0e\x0e;-c;IBM1390;UTF-8"
53+"\x00\x0f;-c;IBM1399;UTF-8"
54+"\x0e\x0e;-c;IBM1399;UTF-8"
55 "\x00\x53;-c;IBM16804;UTF-8//TRANSLIT//IGNORE"
56 "\x00\x41;-c;IBM274;UTF-8//TRANSLIT//IGNORE"
57 "\x00\x41;-c;IBM275;UTF-8//TRANSLIT//IGNORE"
58diff --git a/iconvdata/ibm1364.c b/iconvdata/ibm1364.c
59index 49e7267ab4..521f0825b7 100644
60--- a/iconvdata/ibm1364.c
61+++ b/iconvdata/ibm1364.c
62@@ -158,24 +158,14 @@ enum
63 \
64 if (__builtin_expect (ch, 0) == SO) \
65 { \
66- /* Shift OUT, change to DBCS converter. */ \
67- if (curcs == db) \
68- { \
69- result = __GCONV_ILLEGAL_INPUT; \
70- break; \
71- } \
72+ /* Shift OUT, change to DBCS converter (redundant escape okay). */ \
73 curcs = db; \
74 ++inptr; \
75 continue; \
76 } \
77 if (__builtin_expect (ch, 0) == SI) \
78 { \
79- /* Shift IN, change to SBCS converter. */ \
80- if (curcs == sb) \
81- { \
82- result = __GCONV_ILLEGAL_INPUT; \
83- break; \
84- } \
85+ /* Shift IN, change to SBCS converter (redundant escape okay). */ \
86 curcs = sb; \
87 ++inptr; \
88 continue; \
89--
902.29.2
91
diff --git a/meta/recipes-core/glibc/glibc_2.32.bb b/meta/recipes-core/glibc/glibc_2.32.bb
index d43c8c56cb..edf196c428 100644
--- a/meta/recipes-core/glibc/glibc_2.32.bb
+++ b/meta/recipes-core/glibc/glibc_2.32.bb
@@ -47,6 +47,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
47 file://CVE-2020-29562.patch \ 47 file://CVE-2020-29562.patch \
48 file://CVE-2020-29573.patch \ 48 file://CVE-2020-29573.patch \
49 file://CVE-2019-25013.patch \ 49 file://CVE-2019-25013.patch \
50 file://CVE-2020-27618.patch \
50 " 51 "
51S = "${WORKDIR}/git" 52S = "${WORKDIR}/git"
52B = "${WORKDIR}/build-${TARGET_SYS}" 53B = "${WORKDIR}/build-${TARGET_SYS}"