packages/glibc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2021-35942. wordexp: Use strtoul instead of atoi so that overflow can be detected.

Browse Source 
(cherry picked from commit 63996cbba6b9e90caaa5b0cbdfe38f6998d49871)
This commit is contained in:
liqingqing_1229 2021-07-01 14:26:02 +08:00 committed by openeuler-sync-bot
parent f39c811fb4
commit 8840d34a7b
2 changed files with 49 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
backport-CVE-2021-35942-wordexp-handle-overflow-in-positional-parameter-numb.patch Normal file
View File

@ -0,0 +1,43 @@
From 5adda61f62b77384718b4c0d8336ade8f2b4b35c Mon Sep 17 00:00:00 2001
From: Andreas Schwab <schwab@linux-m68k.org>
Date: Fri, 25 Jun 2021 15:02:47 +0200
Subject: [PATCH] wordexp: handle overflow in positional parameter number (bug
28011)
Use strtoul instead of atoi so that overflow can be detected.
Conflict:NA
Reference:https://sourceware.org/git/?p=glibc.git;a=commitdiff_plain;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c
---
posix/wordexp-test.c | 1 +
posix/wordexp.c | 2 +-
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/posix/wordexp-test.c b/posix/wordexp-test.c
index f93a546d7e..9df02dbbb3 100644
--- a/posix/wordexp-test.c
+++ b/posix/wordexp-test.c
@@ -183,6 +183,7 @@ struct test_case_struct
{ 0, NULL, "$var", 0, 0, { NULL, }, IFS },
{ 0, NULL, "\"\\n\"", 0, 1, { "\\n", }, IFS },
{ 0, NULL, "", 0, 0, { NULL, }, IFS },
+ { 0, NULL, "${1234567890123456789012}", 0, 0, { NULL, }, IFS },
/* Flags not already covered (testit() has special handling for these) */
{ 0, NULL, "one two", WRDE_DOOFFS, 2, { "one", "two", }, IFS },
diff --git a/posix/wordexp.c b/posix/wordexp.c
index bcbe96e48d..1f3b09f721 100644
--- a/posix/wordexp.c
+++ b/posix/wordexp.c
@@ -1399,7 +1399,7 @@ envsubst:
/* Is it a numeric parameter? */
else if (isdigit (env[0]))
{
- int n = atoi (env);
+ unsigned long n = strtoul (env, NULL, 10);
if (n >= __libc_argc)
/* Substitute NULL. */
--
2.27.0

7
glibc.spec
View File

@ -59,7 +59,7 @@
##############################################################################
Name: glibc
Version: 2.28
Release: 71
Release: 72
Summary: The GNU libc libraries
License: %{all_license}
URL: http://www.gnu.org/software/glibc/
@ -129,6 +129,7 @@ Patch45: backport-CVE-2021-33574-0002-Fix-mq_notify-bug-27896.patch
Patch46: backport-aarch64-align-stack-in-clone-BZ-27939.patch
Patch47: backport-x86-64-Align-child-stack-to-16-bytes-BZ-27902.patch
Patch48: backport-ldconfig-handle-.dynstr-located-in-separate-segment-.patch
Patch49: backport-CVE-2021-35942-wordexp-handle-overflow-in-positional-parameter-numb.patch
Provides: ldconfig rtld(GNU_HASH) bundled(gnulib)
@ -1153,6 +1154,10 @@ fi
%doc hesiod/README.hesiod
%changelog
* Thu Jul 1 2021 QingqingLi<liqingqing3@huawei.com> - 2.28-72
- wordexp: Use strtoul instead of atoi so that overflow can be detected. (bug 28011)
https://sourceware.org/bugzilla/show_bug.cgi?id=28011
* Wed Jun 30 2021 lvying<lvying6@huawei.com> - 2.28-71
- ldconfig: handle .dynstr located in separate segment (bug 25087)
https://sourceware.org/git/?p=glibc.git;a=commit;h=58e8f5fd2ba47b6dc47fd4d0a35e4175c7c87aaa