slackware-current/source/l/glibc/patches/CVE-2023-25139.patch

82 lines
2.6 KiB
Diff
Raw Normal View History

Fri Feb 3 20:04:33 UTC 2023 a/aaa_glibc-solibs-2.37-x86_64-2.txz: Rebuilt. a/e2fsprogs-1.46.6-x86_64-1.txz: Upgraded. a/hwdata-0.367-noarch-1.txz: Upgraded. l/glibc-2.37-x86_64-2.txz: Rebuilt. [PATCH] Account for grouping in printf width (bug 23432). This issue could cause a overflow with sprintf in the corner case where an application computes the size of buffer to be exactly enough to fit the digits in question, but sprintf ends up writing a couple of extra bytes. Thanks to marav for the heads-up. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-25139 (* Security fix *) l/glibc-i18n-2.37-x86_64-2.txz: Rebuilt. l/glibc-profile-2.37-x86_64-2.txz: Rebuilt. l/libcap-2.67-x86_64-1.txz: Upgraded. l/poppler-data-0.4.12-noarch-1.txz: Upgraded. extra/php81/php81-8.1.15-x86_64-1.txz: Upgraded. testing/packages/samba-4.17.5-x86_64-2.txz: Rebuilt. Build with the bundled Heimdal instead of the system MIT Kerberos, since MIT Kerberos has more issues when Samba is used as an AD DC. I'd appreciate any feedback on the "Samba on Slackware 15" thread on LQ about how well this works. Although it's not the sort of change I'd normally make in a -stable release such as Slackware 15.0, in this case I'm considering it if it can be done painlessly for any existing users... but I'll need to see some reports about this. I'd like to note that yes, of course we saw the "experimental" label in the configure flag we used to build Samba, but we also saw another prominent Linux distribution go ahead and use it anyway. :) And the Samba package built against MIT Kerberos cooked in the previous -current development cycle for a couple of years without any objections. Anyway, hopefully we'll get some testing from folks out there with networks that use AD and go from there. Thanks to Rowland Penny of the Samba team for clarifying this situation.
2023-02-03 21:04:33 +01:00
This is a partial fix for mishandling of grouping when formatting
integers. It properly computes the width in presence of grouping
characteres when the precision is larger than the number of significant
digits.
---
stdio-common/Makefile | 1 +
stdio-common/tst-grouping3.c | 37 +++++++++++++++++++++++++++++
stdio-common/vfprintf-process-arg.c | 2 +-
3 files changed, 39 insertions(+), 1 deletion(-)
create mode 100644 stdio-common/tst-grouping3.c
diff --git a/stdio-common/Makefile b/stdio-common/Makefile
index 6e9d104524..b46d932a20 100644
--- a/stdio-common/Makefile
+++ b/stdio-common/Makefile
@@ -195,6 +195,7 @@ tests := \
tst-gets \
tst-grouping \
tst-grouping2 \
+ tst-grouping3 \
tst-long-dbl-fphex \
tst-memstream-string \
tst-obprintf \
diff --git a/stdio-common/tst-grouping3.c b/stdio-common/tst-grouping3.c
new file mode 100644
index 0000000000..0031ad4010
--- /dev/null
+++ b/stdio-common/tst-grouping3.c
@@ -0,0 +1,37 @@
+/* Test printf with grouping and padding (bug 23432)
+ Copyright (C) 2023 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <https://www.gnu.org/licenses/>. */
+
+#include <locale.h>
+#include <stdio.h>
+#include <support/check.h>
+#include <support/support.h>
+
+static int
+do_test (void)
+{
+ char buf[80];
+
+ xsetlocale (LC_NUMERIC, "de_DE.UTF-8");
+
+ sprintf (buf, "%+-'13.9d", 1234567);
+ TEST_COMPARE_STRING (buf, "+001.234.567 ");
+
+ return 0;
+}
+
+#include <support/test-driver.c>
diff --git a/stdio-common/vfprintf-process-arg.c b/stdio-common/vfprintf-process-arg.c
index 2c651946df..cd3eaf5c0c 100644
--- a/stdio-common/vfprintf-process-arg.c
+++ b/stdio-common/vfprintf-process-arg.c
@@ -257,7 +257,7 @@ LABEL (unsigned_number): /* Unsigned number of base BASE. */
width -= 2;
}
- width -= workend - string + prec;
+ width -= number_length + prec;
Xprintf_buffer_pad (buf, L_('0'), prec);
--
2.39.1