This is the mail archive of the glibc-cvs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

GNU C Library master sources branch master updated. glibc-2.18-343-g977f4b3


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  977f4b31b7ca4a4e498c397f3fd70510694bbd86 (commit)
       via  66925c47793852d1a8423cd25ab78d7dabdf5924 (commit)
      from  7cb96fc8cd400460adee9703b2daded3590b6afe (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=977f4b31b7ca4a4e498c397f3fd70510694bbd86

commit 977f4b31b7ca4a4e498c397f3fd70510694bbd86
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date:   Wed Oct 30 16:13:37 2013 +0530

    Fix reads for sizes larger than INT_MAX in AF_INET lookup
    
    Currently for AF_INET lookups from the hosts file, buffer sizes larger
    than INT_MAX silently overflow and may result in access beyond bounds
    of a buffer.  This happens when the number of results in an AF_INET
    lookup in /etc/hosts are very large.
    
    There are two aspects to the problem.  One problem is that the size
    computed from the buffer size is stored into an int, which results in
    overflow for large sizes.  Additionally, even if this size was
    expanded, the function used to read content into the buffer (fgets)
    accepts only int sizes.  As a result, the fix is to have a function
    wrap around fgets that calls it multiple times with int sizes if
    necessary.

diff --git a/ChangeLog b/ChangeLog
index 32f0d5f..b319735 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2013-10-30  Siddhesh Poyarekar  <siddhesh@redhat.com>
+
+	[BZ #16071]
+	* nss/nss_files/files-XXX.c (get_contents_ret): New
+	enumerator.
+	(get_contents): New function.
+	(internal_getent): Use it.  Expand size of LINEBUFLEN.
+
 2013-10-30  Mike Frysinger  <vapier@gentoo.org>
 
 	* configure.in: Moved to ...
diff --git a/NEWS b/NEWS
index fa24d9b..87d183a 100644
--- a/NEWS
+++ b/NEWS
@@ -16,7 +16,7 @@ Version 2.19
   15760, 15764, 15797, 15825, 15844, 15847, 15849, 15855, 15856, 15857,
   15859, 15867, 15886, 15887, 15890, 15892, 15893, 15895, 15897, 15905,
   15909, 15919, 15921, 15923, 15939, 15948, 15963, 15966, 15988, 16032,
-  16034, 16036, 16041, 16072, 16074, 16078.
+  16034, 16036, 16041, 16071, 16072, 16074, 16078.
 
 * CVE-2012-4412 The strcoll implementation caches indices and rules for
   large collation sequences to optimize multiple passes.  This cache
diff --git a/nss/nss_files/files-XXX.c b/nss/nss_files/files-XXX.c
index 082d1ea..b62208c 100644
--- a/nss/nss_files/files-XXX.c
+++ b/nss/nss_files/files-XXX.c
@@ -179,8 +179,51 @@ CONCAT(_nss_files_end,ENTNAME) (void)
   return NSS_STATUS_SUCCESS;
 }
 
-/* Parsing the database file into `struct STRUCTURE' data structures.  */
 
+typedef enum
+{
+  gcr_ok = 0,
+  gcr_error = -1,
+  gcr_overflow = -2
+} get_contents_ret;
+
+/* Hack around the fact that fgets only accepts int sizes.  */
+static get_contents_ret
+get_contents (char *linebuf, size_t len, FILE *stream)
+{
+  size_t remaining_len = len;
+  char *curbuf = linebuf;
+
+  do
+    {
+      int curlen = ((remaining_len > (size_t) INT_MAX) ? INT_MAX
+		    : remaining_len);
+      char *p = fgets_unlocked (curbuf, curlen, stream);
+
+      ((unsigned char *) curbuf)[curlen - 1] = 0xff;
+
+      /* EOF or read error.  */
+      if (p == NULL)
+        return gcr_error;
+
+      /* Done reading in the line.  */
+      if (((unsigned char *) curbuf)[curlen - 1] == 0xff)
+        return gcr_ok;
+
+      /* Drop the terminating '\0'.  */
+      remaining_len -= curlen - 1;
+      curbuf += curlen - 1;
+    }
+  /* fgets copies one less than the input length.  Our last iteration is of
+     REMAINING_LEN and once that is done, REMAINING_LEN is decremented by
+     REMAINING_LEN - 1, leaving the result as 1.  */
+  while (remaining_len > 1);
+
+  /* This means that the current buffer was not large enough.  */
+  return gcr_overflow;
+}
+
+/* Parsing the database file into `struct STRUCTURE' data structures.  */
 static enum nss_status
 internal_getent (struct STRUCTURE *result,
 		 char *buffer, size_t buflen, int *errnop H_ERRNO_PROTO
@@ -188,7 +231,7 @@ internal_getent (struct STRUCTURE *result,
 {
   char *p;
   struct parser_data *data = (void *) buffer;
-  int linebuflen = buffer + buflen - data->linebuffer;
+  size_t linebuflen = buffer + buflen - data->linebuffer;
   int parse_result;
 
   if (buflen < sizeof *data + 2)
@@ -200,17 +243,16 @@ internal_getent (struct STRUCTURE *result,
 
   do
     {
-      /* Terminate the line so that we can test for overflow.  */
-      ((unsigned char *) data->linebuffer)[linebuflen - 1] = '\xff';
+      get_contents_ret r = get_contents (data->linebuffer, linebuflen, stream);
 
-      p = fgets_unlocked (data->linebuffer, linebuflen, stream);
-      if (p == NULL)
+      if (r == gcr_error)
 	{
 	  /* End of file or read error.  */
 	  H_ERRNO_SET (HOST_NOT_FOUND);
 	  return NSS_STATUS_NOTFOUND;
 	}
-      else if (((unsigned char *) data->linebuffer)[linebuflen - 1] != 0xff)
+
+      if (r == gcr_overflow)
 	{
 	  /* The line is too long.  Give the user the opportunity to
 	     enlarge the buffer.  */
@@ -219,7 +261,8 @@ internal_getent (struct STRUCTURE *result,
 	  return NSS_STATUS_TRYAGAIN;
 	}
 
-      /* Skip leading blanks.  */
+      /* Everything OK.  Now skip leading blanks.  */
+      p = data->linebuffer;
       while (isspace (*p))
 	++p;
     }

http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=66925c47793852d1a8423cd25ab78d7dabdf5924

commit 66925c47793852d1a8423cd25ab78d7dabdf5924
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date:   Wed Oct 30 16:12:08 2013 +0530

    Add ChangeLog entry and fix NEWS for #16078

diff --git a/NEWS b/NEWS
index 68c284f..fa24d9b 100644
--- a/NEWS
+++ b/NEWS
@@ -16,7 +16,7 @@ Version 2.19
   15760, 15764, 15797, 15825, 15844, 15847, 15849, 15855, 15856, 15857,
   15859, 15867, 15886, 15887, 15890, 15892, 15893, 15895, 15897, 15905,
   15909, 15919, 15921, 15923, 15939, 15948, 15963, 15966, 15988, 16032,
-  16034, 16036, 16041, 16078, 16072, 16074.
+  16034, 16036, 16041, 16072, 16074, 16078.
 
 * CVE-2012-4412 The strcoll implementation caches indices and rules for
   large collation sequences to optimize multiple passes.  This cache
diff --git a/localedata/ChangeLog b/localedata/ChangeLog
index b59acec..7719e46 100644
--- a/localedata/ChangeLog
+++ b/localedata/ChangeLog
@@ -1,3 +1,9 @@
+2013-10-29  Chris Leonard  <cjl@sugarlabs.org>
+
+	[BZ #16078]
+	* locales/anp_IN: New locale for anp_IN.
+	* SUPPORTED: Add anp_IN.
+
 2013-10-24  Chris Leonard  <cjl@sugarlabs.org>
 
 	* locales/ja_JP: Adjust language-code fields of LC_ADDRESS.

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog                 |    8 ++++++
 NEWS                      |    2 +-
 localedata/ChangeLog      |    6 ++++
 nss/nss_files/files-XXX.c |   59 ++++++++++++++++++++++++++++++++++++++------
 4 files changed, 66 insertions(+), 9 deletions(-)


hooks/post-receive
-- 
GNU C Library master sources


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]