packages/byacc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:1327358f0993efebc0cf07f44f8f955875ba092e
Branches Tags
packages:main
..
compare: packages:1f6bbcd187136e22f83b9e072d9957714d15efbb
Branches Tags
packages:main

No commits in common. "1327358f0993efebc0cf07f44f8f955875ba092e" and "1f6bbcd187136e22f83b9e072d9957714d15efbb" have entirely different histories.
1327358f09 ... 1f6bbcd187

5 changed files with 6 additions and 123 deletions
Show Stats Expand all files Collapse all files

55
CVE-2021-33641.patch
View File

@ -1,55 +0,0 @@
From 162549f599c4460bcefc1526cfa014fec626ebc5 Mon Sep 17 00:00:00 2001
From: zhoupengcheng <zhoupengcheng11@huawei.com>
Date: Sat, 26 Nov 2022 18:27:48 +0800
Subject: [PATCH] fix CVE-2021-33641
the global variable:cptr use-after-free in more_curly(),
save original line in more_curly() in case get new line to fix
CVE-2021-33641.
---
reader.c | 19 +++++++++++++++++--
1 file changed, 17 insertions(+), 2 deletions(-)
diff --git a/reader.c b/reader.c
index 37dc2cb..2a1dfe5 100644
--- a/reader.c
+++ b/reader.c
@@ -1027,9 +1027,16 @@ trim_blanks(char *buffer)
static int
more_curly(void)
{
- char *save = cptr;
+
int result = 0;
int finish = 0;
+ FILE *f = input_file;
+ long int old_pos = ftell(f);
+ int save_linesize = linesize;
+ char *save_line = TMALLOC(char, linesize);
+ NO_SPACE(save_line);
+ char *save_cptr = save_line + (cptr - line);
+ memcpy(save_line, line, linesize);
do
{
switch (next_inline())
@@ -1046,7 +1053,15 @@ more_curly(void)
++cptr;
}
while (!finish);
- cptr = save;
+
+ // in case of next_inline malloc new line space
+ free(line);
+ cptr = save_cptr;
+ line = save_line;
+ linesize = save_linesize;
+ // Since get_line also move the postion in file forward
+ // we need to move it back
+ fseek(f, old_pos, SEEK_SET);
return result;
}
--
2.27.0

44
CVE-2021-33642.patch
View File

@ -1,44 +0,0 @@
From ab5ee87cbbe1b94a45d5c7974b321e2ee78d1238 Mon Sep 17 00:00:00 2001
From: zhoupengcheng <zhoupengcheng11@huawei.com>
Date: Sat, 26 Nov 2022 18:27:48 +0800
Subject: [PATCH] fix CVE-2021-33642
next_inline() return EOF cause infinite loop in more_curly(),
Add EOF case in more_curly(), don't allow multiple line.
---
reader.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/reader.c b/reader.c
index 2a1dfe5..6a9bb7c 100644
--- a/reader.c
+++ b/reader.c
@@ -1030,8 +1030,10 @@ more_curly(void)
int result = 0;
int finish = 0;
+ int c;
FILE *f = input_file;
long int old_pos = ftell(f);
+ long int new_pos = old_pos;
int save_linesize = linesize;
char *save_line = TMALLOC(char, linesize);
NO_SPACE(save_line);
@@ -1039,7 +1041,13 @@ more_curly(void)
memcpy(save_line, line, linesize);
do
{
- switch (next_inline())
+ c = next_inline();
+ // Don't allow multiple line, so we use file position to check
+ // Only get_line() will move file postion forward
+ new_pos = ftell(f);
+ if (c == (EOF) || old_pos != new_pos)
+ break;
+ switch (c)
{
case 0:
case '\n':
--
2.27.0

BIN
byacc-20210808.tgz Normal file
View File

Binary file not shown.

BIN
byacc-20230219.tgz
View File

Binary file not shown.

30
byacc.spec
View File

@ -1,4 +1,4 @@
%define byaccdate 20230219 %define byaccdate 20210808
Name: byacc Name: byacc
Version: 2.0.%{byaccdate} Version: 2.0.%{byaccdate}
@ -6,10 +6,7 @@ Release: 1
Summary: A parser generator Summary: A parser generator
License: public domain License: public domain
URL: https://invisible-island.net/byacc/byacc.html URL: https://invisible-island.net/byacc/byacc.html
Source0: https://invisible-mirror.net/archives/byacc/byacc-%{byaccdate}.tgz Source0: https://invisible-island.net/datafiles/release/byacc-%{byaccdate}.tgz
Patch9000: CVE-2021-33641.patch
Patch9001: CVE-2021-33642.patch
BuildRequires: gcc BuildRequires: gcc
@ -23,7 +20,7 @@ rejected.
%package_help %package_help
%prep %prep
%autosetup -n byacc-%{byaccdate} -p1 %autosetup -n byacc-20210808 -p1
find . -type f -name \*.c -print0 | xargs -0 sed -i 's/YYSTACKSIZE 500/YYSTACKSIZE 10000/g' find . -type f -name \*.c -print0 | xargs -0 sed -i 's/YYSTACKSIZE 500/YYSTACKSIZE 10000/g'
%build %build
@ -36,10 +33,10 @@ ln -s yacc %{buildroot}%{_bindir}/byacc
ln -s yacc.1 %{buildroot}%{_mandir}/man1/byacc.1 ln -s yacc.1 %{buildroot}%{_mandir}/man1/byacc.1
%check %check
%make_build check #make check
%files %files
%doc ACKNOWLEDGEMENTS NEW_FEATURES NO_WARRANTY README %doc ACKNOWLEDGEMENTS README* NO_WARRANTY
%license AUTHORS %license AUTHORS
%{_bindir}/* %{_bindir}/*
@ -48,28 +45,13 @@ ln -s yacc.1 %{buildroot}%{_mandir}/man1/byacc.1
%{_mandir}/man1/* %{_mandir}/man1/*
%changelog %changelog
* Fri Jun 16 2023 chenchen <chen_aka_jan@163.com> - 2.0.20230219-1
- Upgrade to version 2.0.20230219
* Mon Dec 26 2022 zhoupengcheng <zhoupengcheng11@huawei.com> - 2.0.20210808-5
- fix CVE-2021-33641 and CVE-2021-33642
* Sat Dec 24 2022 chenmaodong <chenmaodong@xfusion.com> - 2.0.20210808-4
- Modify changelog error
* Mon Nov 21 2022 yaoxin <yaoxin30@h-partners.com> - 2.0.20210808-3
- Modify invalid Source
* Wed Jun 29 2022 wangjiang <wangjiang37@h-partners.com> - 2.0.20210808-2
- DESC:enable check test suite
* Sat Dec 25 2021 tianwei<tianwei12@huawei.com> - 2.0.20210808 * Sat Dec 25 2021 tianwei<tianwei12@huawei.com> - 2.0.20210808
- DESC:upgrade to 2.0.20210808 - DESC:upgrade to 2.0.20210808
* Mon Feb 1 2021 wangjie<wangjie294@huawei.com> - 2.0.20210109 * Mon Feb 1 2021 wangjie<wangjie294@huawei.com> - 2.0.20210109
- DESC:upgrade 2.0.20210109 - DESC:upgrade 2.0.20210109
* Sat Jul 25 2020 xinghe <xinghe1@huawei.com> - 1.9.20200330-1 * Sta Jul 25 2020 xinghe <xinghe1@huawei.com> - 1.9.20200330-1
- update version to 1.9.20200330 - update version to 1.9.20200330
* Wed Jan 22 2020 gulining<gulining1@huawei.com> - 1.9.20170709-9 * Wed Jan 22 2020 gulining<gulining1@huawei.com> - 1.9.20170709-9