From: Robert Kuban Date: Thu, 18 Aug 2022 16:40:34 +0000 (+0200) Subject: Add patch for CVE-2020-28928 X-Git-Tag: RELEASE-0.11.0~11 X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=75e292944b2e65a54e4f6b78510ed9bf996c7438;p=unikraft%2Flibs%2Fmusl.git Add patch for CVE-2020-28928 This commit patches CVE-2020-28928, which is fixed in v1.2.2 of musl. Imported from: https://www.openwall.com/lists/musl/2020/11/19/1/1 Signed-off-by: Robert Kuban Reviewed-by: Sergiu Moga Reviewed-by: Razvan Deaconescu Approved-by: Razvan Deaconescu Tested-by: Unikraft CI GitHub-Closes: #11 --- diff --git a/patches/0016-wcsnrtombs-cve-2020-28928.patch b/patches/0016-wcsnrtombs-cve-2020-28928.patch new file mode 100644 index 0000000..ef6c07c --- /dev/null +++ b/patches/0016-wcsnrtombs-cve-2020-28928.patch @@ -0,0 +1,66 @@ +diff --git a/src/multibyte/wcsnrtombs.c b/src/multibyte/wcsnrtombs.c +index 676932b5..95e25e70 100644 +--- a/src/multibyte/wcsnrtombs.c ++++ b/src/multibyte/wcsnrtombs.c +@@ -1,41 +1,33 @@ + #include ++#include ++#include + + size_t wcsnrtombs(char *restrict dst, const wchar_t **restrict wcs, size_t wn, size_t n, mbstate_t *restrict st) + { +- size_t l, cnt=0, n2; +- char *s, buf[256]; + const wchar_t *ws = *wcs; +- const wchar_t *tmp_ws; +- +- if (!dst) s = buf, n = sizeof buf; +- else s = dst; +- +- while ( ws && n && ( (n2=wn)>=n || n2>32 ) ) { +- if (n2>=n) n2=n; +- tmp_ws = ws; +- l = wcsrtombs(s, &ws, n2, 0); +- if (!(l+1)) { +- cnt = l; +- n = 0; ++ size_t cnt = 0; ++ if (!dst) n=0; ++ while (ws && wn) { ++ char tmp[MB_LEN_MAX]; ++ size_t l = wcrtomb(nn) break; ++ memcpy(dst, tmp, l); ++ } ++ dst += l; + n -= l; + } +- wn = ws ? wn - (ws - tmp_ws) : 0; +- cnt += l; +- } +- if (ws) while (n && wn) { +- l = wcrtomb(s, *ws, 0); +- if ((l+1)<=1) { +- if (!l) ws = 0; +- else cnt = l; ++ if (!*ws) { ++ ws = 0; + break; + } +- ws++; wn--; +- /* safe - this loop runs fewer than sizeof(buf) times */ +- s+=l; n-=l; ++ ws++; ++ wn--; + cnt += l; + } + if (dst) *wcs = ws; +