!162 wordexp: Use strtoul instead of atoi so that overflow can be detected.
From: @liqingqing_1229 Reviewed-by: @wangbin224 Signed-off-by: @wangbin224
This commit is contained in:
openeuler-ci-bot
Gitee
commit
3bdc13a4b4
@ -0,0 +1,43 @@
|
||||
From 5adda61f62b77384718b4c0d8336ade8f2b4b35c Mon Sep 17 00:00:00 2001
|
||||
From: Andreas Schwab <schwab@linux-m68k.org>
|
||||
Date: Fri, 25 Jun 2021 15:02:47 +0200
|
||||
Subject: [PATCH] wordexp: handle overflow in positional parameter number (bug
|
||||
28011)
|
||||
|
||||
Use strtoul instead of atoi so that overflow can be detected.
|
||||
|
||||
Conflict:NA
|
||||
Reference:https://sourceware.org/git/?p=glibc.git;a=commitdiff_plain;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c
|
||||
---
|
||||
posix/wordexp-test.c | 1 +
|
||||
posix/wordexp.c | 2 +-
|
||||
2 files changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/posix/wordexp-test.c b/posix/wordexp-test.c
|
||||
index f93a546d7e..9df02dbbb3 100644
|
||||
--- a/posix/wordexp-test.c
|
||||
+++ b/posix/wordexp-test.c
|
||||
@@ -183,6 +183,7 @@ struct test_case_struct
|
||||
{ 0, NULL, "$var", 0, 0, { NULL, }, IFS },
|
||||
{ 0, NULL, "\"\\n\"", 0, 1, { "\\n", }, IFS },
|
||||
{ 0, NULL, "", 0, 0, { NULL, }, IFS },
|
||||
+ { 0, NULL, "${1234567890123456789012}", 0, 0, { NULL, }, IFS },
|
||||
|
||||
/* Flags not already covered (testit() has special handling for these) */
|
||||
{ 0, NULL, "one two", WRDE_DOOFFS, 2, { "one", "two", }, IFS },
|
||||
diff --git a/posix/wordexp.c b/posix/wordexp.c
|
||||
index bcbe96e48d..1f3b09f721 100644
|
||||
--- a/posix/wordexp.c
|
||||
+++ b/posix/wordexp.c
|
||||
@@ -1399,7 +1399,7 @@ envsubst:
|
||||
/* Is it a numeric parameter? */
|
||||
else if (isdigit (env[0]))
|
||||
{
|
||||
- int n = atoi (env);
|
||||
+ unsigned long n = strtoul (env, NULL, 10);
|
||||
|
||||
if (n >= __libc_argc)
|
||||
/* Substitute NULL. */
|
||||
--
|
||||
2.27.0
|
||||
|
||||
@ -60,7 +60,7 @@
|
||||
##############################################################################
|
||||
Name: glibc
|
||||
Version: 2.33
|
||||
Release: 4
|
||||
Release: 5
|
||||
Summary: The GNU libc libraries
|
||||
License: %{all_license}
|
||||
URL: http://www.gnu.org/software/glibc/
|
||||
@ -81,6 +81,7 @@ Patch2: Fix-the-inaccuracy-of-j0f-j1f-y0f-y1f-BZ.patch
|
||||
Patch6000: backport-posix-tst-rfc3484-Fix-compile-failure-linking-to-loc.patch
|
||||
Patch6001: backport-Use-__pthread_attr_copy-in-mq_notify-bug-27896.patch
|
||||
Patch6002: backport-Fix-use-of-__pthread_attr_copy-in-mq_notify-bug-27896.patch
|
||||
Patch6003: backport-CVE-2021-35942-wordexp-handle-overflow-in-positional-parameter-numb.patch
|
||||
|
||||
Patch9000: turn-REP_STOSB_THRESHOLD-from-2k-to-1M.patch
|
||||
Patch9001: delete-no-hard-link-to-avoid-all_language-package-to.patch
|
||||
@ -1172,6 +1173,10 @@ fi
|
||||
%doc hesiod/README.hesiod
|
||||
|
||||
%changelog
|
||||
* Thu Jul 1 2021 QingqingLi<liqingqing3@huawei.com> - 2.33-5
|
||||
- wordexp: Use strtoul instead of atoi so that overflow can be detected. (bug 28011)
|
||||
https://sourceware.org/bugzilla/show_bug.cgi?id=28011
|
||||
|
||||
* Fri Jun 18 2021 Qingqing Li<liqingqing3@huawei.com> - 2.33-4
|
||||
- fix CVE-2021-33574(bug 27896)
|
||||
https://sourceware.org/bugzilla/show_bug.cgi?id=27896
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user