Fix CVE-2019-14274

2021-01-05 16:13:43 +08:00 · 2021-01-05 16:13:43 +08:00 · 426dd5b245
commit 426dd5b245
parent ab301827ba
3 changed files with 61 additions and 2 deletions
--- a/backport-CVE-2019-14274-05-gniibe-fix-13.patch
+++ b/backport-CVE-2019-14274-05-gniibe-fix-13.patch
@ -0,0 +1,52 @@
+Description: Fix for a bug reported to sourceforge.net #13
+   by fixing error messages.
+   Also, fix erroneous messages.
+Author: NIIBE Yutaka
+
+Index: mcpp/src/support.c
+===================================================================
+--- mcpp.orig/src/support.c
+++ mcpp/src/support.c
+@@ -822,7 +822,7 @@ escape:
+         if (diag && iscntrl( c) && ((char_type[ c] & SPA) == 0)
+                 && (warn_level & 1))
+             cwarn(
+-            "Illegal control character %.0s0lx%02x in quotation"    /* _W1_ */
+            "Illegal control character %.0s0x%02x in quotation"    /* _W1_ */
+                     , NULL, (long) c, NULL);
+         *out_p++ = c;
+ chk_limit:
+@@ -861,10 +861,10 @@ chk_limit:
+                 if (mcpp_mode != POST_STD && option_flags.lang_asm) {
+                     /* STD, KR      */
+                     if (warn_level & 1)
+-                        cwarn( unterm_char, out, 0L, NULL); /* _W1_ */
+                        cwarn( unterm_char, NULL, (long)delim, NULL); /* _W1_ */
+                     goto  done;
+                 } else {
+-                    cerror( unterm_char, out, 0L, skip);    /* _E_  */
+                    cerror( unterm_char, NULL, (long)delim, skip);    /* _E_  */
+                 }
+             } else {
+                 cerror( "Unterminated header name %s%.0ld%s"        /* _E_  */
+@@ -875,9 +875,9 @@ chk_limit:
+             if (mcpp_mode != POST_STD && option_flags.lang_asm) {
+                 /* STD, KR      */
+                 if (warn_level & 1)
+-                    cwarn( empty_const, out, 0L, skip);     /* _W1_ */
+                    cwarn( empty_const, NULL, (long)delim, skip);     /* _W1_ */
+             } else {
+-                cerror( empty_const, out, 0L, skip);        /* _E_  */
+                cerror( empty_const, NULL, (long)delim, skip);        /* _E_  */
+                 out_p = NULL;
+                 goto  done;
+             }
+@@ -1774,7 +1774,7 @@ not_comment:
+         default:
+             if (iscntrl( c)) {
+                 cerror(             /* Skip the control character   */
+-    "Illegal control character %.0s0x%lx, skipped the character"    /* _E_  */
+    "Illegal control character %.0s0x%02x, skipped the character"    /* _E_  */
+                         , NULL, (long) c, NULL);
+             } else {                        /* Any valid character  */
+                 *tp++ = c;
--- a/backport-mcpp.2.7.2.patch
+++ b/backport-mcpp.2.7.2.patch
--- a/mcpp.spec
+++ b/mcpp.spec
@ -1,11 +1,12 @@
 Name:           mcpp
 Version:	2.7.2
-Release:	25
+Release:	26
 Summary:	A portable C preprocessor
 License:	BSD
 URL:		http://mcpp.sourceforge.net/
 Source0:	http://prdownloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
-Patch0:         patch.mcpp.2.7.2
+Patch0:         backport-mcpp.2.7.2.patch
+Patch1:         backport-CVE-2019-14274-05-gniibe-fix-13.patch

 BuildRequires:  gcc gdb

@ -76,6 +77,12 @@ make check
 %{_mandir}/man1/%{name}.1.gz

 %changelog
+* Tue Jan 5 2021 zoulin<zoulin13@huawei.com> - 2.7.2-26
+- Type:CVE
+- ID:NA
+- SUG:NA
+- DESC:fix CVE-2019-14274
+
 * Wed Mar 18 2020 openEuler Buildteam <buildteam@openeuler.org> - 2.7.2-25
 - Type:bugfix
 - ID:NA