This is the mail archive of the glibc-cvs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

GNU C Library master sources branch, master, updated. glibc-2.15-529-gb8dc394


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  b8dc394ddfd58bc5d0fe9ecfc970fc42b789a9df (commit)
      from  966977f1b72123bdd5187a60e9b50eaa70312d90 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://sources.redhat.com/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b8dc394ddfd58bc5d0fe9ecfc970fc42b789a9df

commit b8dc394ddfd58bc5d0fe9ecfc970fc42b789a9df
Author: Jeff Law <law@redhat.com>
Date:   Fri Mar 30 09:45:44 2012 -0600

    2012-03-29  Jeff Law  <law@redhat.com>
    
    	* crypt/md5-crypt.c (__md5_crypt_r): Avoid unbounded alloca uses
    	due to long keys.
    	* crypt/sha256-crypt.c (__sha256_crypt_r): Likewise.
    	* crypt/sha512-crypt.c (__sha512_crypt_r): Likewise.

diff --git a/ChangeLog b/ChangeLog
index 2dd220e..75045e3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2012-03-30  Jeff Law  <law@redhat.com>
+
+	* crypt/md5-crypt.c (__md5_crypt_r): Avoid unbounded alloca uses
+	due to long keys.
+	* crypt/sha256-crypt.c (__sha256_crypt_r): Likewise.
+	* crypt/sha512-crypt.c (__sha512_crypt_r): Likewise.
+
 2012-03-30  Ulrich Drepper  <drepper@gmail.com>
 
 	* resolv/res_send.c (send_dg): Use sendmmsg if we have to write two
diff --git a/crypt/md5-crypt.c b/crypt/md5-crypt.c
index ba606bb..db4ea9c 100644
--- a/crypt/md5-crypt.c
+++ b/crypt/md5-crypt.c
@@ -1,6 +1,6 @@
 /* One way encryption based on MD5 sum.
    Compatible with the behavior of MD5 crypt introduced in FreeBSD 2.0.
-   Copyright (C) 1996, 1997, 1999, 2000, 2001, 2002, 2004, 2009
+   Copyright (C) 1996, 1997, 1999, 2000, 2001, 2002, 2004, 2009, 2012
    Free Software Foundation, Inc.
    This file is part of the GNU C Library.
    Contributed by Ulrich Drepper <drepper@cygnus.com>, 1996.
@@ -107,6 +107,8 @@ __md5_crypt_r (key, salt, buffer, buflen)
   char *cp;
   char *copied_key = NULL;
   char *copied_salt = NULL;
+  char *free_key = NULL;
+  size_t alloca_used = 0;
 
   /* Find beginning of salt string.  The prefix should normally always
      be present.  Just in case it is not.  */
@@ -119,7 +121,17 @@ __md5_crypt_r (key, salt, buffer, buflen)
 
   if ((key - (char *) 0) % __alignof__ (md5_uint32) != 0)
     {
-      char *tmp = (char *) alloca (key_len + __alignof__ (md5_uint32));
+      char *tmp;
+
+      if (__libc_use_alloca (alloca_used + key_len + __alignof__ (md5_uint32)))
+	tmp = (char *) alloca (key_len + __alignof__ (md5_uint32));
+      else
+	{
+	  free_key = tmp = (char *) malloc (key_len + __alignof__ (md5_uint32));
+	  if (tmp == NULL)
+	    return NULL;
+	}
+
       key = copied_key =
 	memcpy (tmp + __alignof__ (md5_uint32)
 		- (tmp - (char *) 0) % __alignof__ (md5_uint32),
@@ -141,7 +153,10 @@ __md5_crypt_r (key, salt, buffer, buflen)
   /* Initialize libfreebl3.  */
   NSSLOWInitContext *nss_ictx = NSSLOW_Init ();
   if (nss_ictx == NULL)
-    return NULL;
+    {
+      free (free_key);
+      return NULL;
+    }
   NSSLOWHASHContext *nss_ctx = NULL;
   NSSLOWHASHContext *nss_alt_ctx = NULL;
 #else
@@ -295,6 +310,7 @@ __md5_crypt_r (key, salt, buffer, buflen)
   if (copied_salt != NULL)
     memset (copied_salt, '\0', salt_len);
 
+  free (free_key);
   return buffer;
 }
 
diff --git a/crypt/sha256-crypt.c b/crypt/sha256-crypt.c
index eb2585b..440933a 100644
--- a/crypt/sha256-crypt.c
+++ b/crypt/sha256-crypt.c
@@ -1,5 +1,5 @@
 /* One way encryption based on SHA256 sum.
-   Copyright (C) 2007, 2009 Free Software Foundation, Inc.
+   Copyright (C) 2007, 2009, 2012 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
    Contributed by Ulrich Drepper <drepper@redhat.com>, 2007.
 
@@ -122,6 +122,9 @@ __sha256_crypt_r (key, salt, buffer, buflen)
   /* Default number of rounds.  */
   size_t rounds = ROUNDS_DEFAULT;
   bool rounds_custom = false;
+  size_t alloca_used = 0;
+  char *free_key = NULL;
+  char *free_pbytes = NULL;
 
   /* Find beginning of salt string.  The prefix should normally always
      be present.  Just in case it is not.  */
@@ -148,7 +151,17 @@ __sha256_crypt_r (key, salt, buffer, buflen)
 
   if ((key - (char *) 0) % __alignof__ (uint32_t) != 0)
     {
-      char *tmp = (char *) alloca (key_len + __alignof__ (uint32_t));
+      char *tmp;
+
+      if (__libc_use_alloca (alloca_used + key_len + __alignof__ (uint32_t)))
+	tmp = alloca_account (key_len + __alignof__ (uint32_t), alloca_used);
+      else
+	{
+	  free_key = tmp = (char *) malloc (key_len + __alignof__ (uint32_t));
+	  if (tmp == NULL)
+	    return NULL;
+	}
+
       key = copied_key =
 	memcpy (tmp + __alignof__ (uint32_t)
 		- (tmp - (char *) 0) % __alignof__ (uint32_t),
@@ -159,6 +172,7 @@ __sha256_crypt_r (key, salt, buffer, buflen)
   if ((salt - (char *) 0) % __alignof__ (uint32_t) != 0)
     {
       char *tmp = (char *) alloca (salt_len + __alignof__ (uint32_t));
+      alloca_used += salt_len + __alignof__ (uint32_t);
       salt = copied_salt =
 	memcpy (tmp + __alignof__ (uint32_t)
 		- (tmp - (char *) 0) % __alignof__ (uint32_t),
@@ -170,7 +184,10 @@ __sha256_crypt_r (key, salt, buffer, buflen)
   /* Initialize libfreebl3.  */
   NSSLOWInitContext *nss_ictx = NSSLOW_Init ();
   if (nss_ictx == NULL)
-    return NULL;
+    {
+      free (free_key);
+      return NULL;
+    }
   NSSLOWHASHContext *nss_ctx = NULL;
   NSSLOWHASHContext *nss_alt_ctx = NULL;
 #else
@@ -233,7 +250,18 @@ __sha256_crypt_r (key, salt, buffer, buflen)
   sha256_finish_ctx (&alt_ctx, nss_alt_ctx, temp_result);
 
   /* Create byte sequence P.  */
-  cp = p_bytes = alloca (key_len);
+  if (__libc_use_alloca (alloca_used + key_len))
+    cp = p_bytes = (char *) alloca (key_len);
+  else
+    {
+      free_pbytes = cp = p_bytes = (char *)malloc (key_len);
+      if (free_pbytes == NULL)
+	{
+	  free (free_key);
+	  return NULL;
+	}
+    }
+
   for (cnt = key_len; cnt >= 32; cnt -= 32)
     cp = mempcpy (cp, temp_result, 32);
   memcpy (cp, temp_result, cnt);
@@ -361,6 +389,8 @@ __sha256_crypt_r (key, salt, buffer, buflen)
   if (copied_salt != NULL)
     memset (copied_salt, '\0', salt_len);
 
+  free (free_key);
+  free (free_pbytes);
   return buffer;
 }
 
diff --git a/crypt/sha512-crypt.c b/crypt/sha512-crypt.c
index 8f8ed33..e5d9cac 100644
--- a/crypt/sha512-crypt.c
+++ b/crypt/sha512-crypt.c
@@ -1,5 +1,5 @@
 /* One way encryption based on SHA512 sum.
-   Copyright (C) 2007, 2009 Free Software Foundation, Inc.
+   Copyright (C) 2007, 2009, 2012 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
    Contributed by Ulrich Drepper <drepper@redhat.com>, 2007.
 
@@ -122,6 +122,9 @@ __sha512_crypt_r (key, salt, buffer, buflen)
   /* Default number of rounds.  */
   size_t rounds = ROUNDS_DEFAULT;
   bool rounds_custom = false;
+  size_t alloca_used = 0;
+  char *free_key = NULL;
+  char *free_pbytes = NULL;
 
   /* Find beginning of salt string.  The prefix should normally always
      be present.  Just in case it is not.  */
@@ -148,7 +151,17 @@ __sha512_crypt_r (key, salt, buffer, buflen)
 
   if ((key - (char *) 0) % __alignof__ (uint64_t) != 0)
     {
-      char *tmp = (char *) alloca (key_len + __alignof__ (uint64_t));
+      char *tmp;
+
+      if (__libc_use_alloca (alloca_used + key_len + __alignof__ (uint64_t)))
+	tmp = alloca_account (key_len + __alignof__ (uint64_t), alloca_used);
+      else
+	{
+	  free_key = tmp = (char *) malloc (key_len + __alignof__ (uint64_t));
+	  if (tmp == NULL)
+	    return NULL;
+	}
+
       key = copied_key =
 	memcpy (tmp + __alignof__ (uint64_t)
 		- (tmp - (char *) 0) % __alignof__ (uint64_t),
@@ -170,7 +183,10 @@ __sha512_crypt_r (key, salt, buffer, buflen)
   /* Initialize libfreebl3.  */
   NSSLOWInitContext *nss_ictx = NSSLOW_Init ();
   if (nss_ictx == NULL)
-    return NULL;
+    {
+      free (free_key);
+      return NULL;
+    }
   NSSLOWHASHContext *nss_ctx = NULL;
   NSSLOWHASHContext *nss_alt_ctx = NULL;
 #else
@@ -233,7 +249,18 @@ __sha512_crypt_r (key, salt, buffer, buflen)
   sha512_finish_ctx (&alt_ctx, nss_alt_ctx, temp_result);
 
   /* Create byte sequence P.  */
-  cp = p_bytes = alloca (key_len);
+  if (__libc_use_alloca (alloca_used + key_len))
+    cp = p_bytes = (char *) alloca (key_len);
+  else
+    {
+      free_pbytes = cp = p_bytes = (char *)malloc (key_len);
+      if (free_pbytes == NULL)
+	{
+	  free (free_key);
+	  return NULL;
+	}
+    }
+
   for (cnt = key_len; cnt >= 64; cnt -= 64)
     cp = mempcpy (cp, temp_result, 64);
   memcpy (cp, temp_result, cnt);
@@ -373,6 +400,8 @@ __sha512_crypt_r (key, salt, buffer, buflen)
   if (copied_salt != NULL)
     memset (copied_salt, '\0', salt_len);
 
+  free (free_key);
+  free (free_pbytes);
   return buffer;
 }
 

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog            |    7 +++++++
 crypt/md5-crypt.c    |   22 +++++++++++++++++++---
 crypt/sha256-crypt.c |   38 ++++++++++++++++++++++++++++++++++----
 crypt/sha512-crypt.c |   37 +++++++++++++++++++++++++++++++++----
 4 files changed, 93 insertions(+), 11 deletions(-)


hooks/post-receive
-- 
GNU C Library master sources


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]