diff options
author | Przemyslaw Pawelczyk <przemoc@zoho.com> | 2017-01-03 02:26:42 +0100 |
---|---|---|
committer | Timo Teräs <timo.teras@iki.fi> | 2017-01-03 05:14:57 +0000 |
commit | 26ff2ca6f000c272317886778f7e1bcb7084b0f8 (patch) | |
tree | 4c858a55ea92eca8cd65ef27d559fb6b33e78399 /main/musl/0002-make-globfree-safe-after-failed-glob-from-over-lengt.patch | |
parent | e0d1db84c534ba45f381662e492b9bd388c03b9d (diff) | |
download | aports-26ff2ca6f000c272317886778f7e1bcb7084b0f8.tar.bz2 aports-26ff2ca6f000c272317886778f7e1bcb7084b0f8.tar.xz |
main/musl: apply upstream fixes
Second one (safe globfree() after failed glob()) is especially important
in case of recently updated busybox, because ash since 1.26 supports
libc's glob() and AL's busyboxconfig does not set
CONFIG_ASH_INTERNAL_GLOB.
musl's glob() still needs to be fixed to work for long inputs.
At least ash: out of memory instead of Segmentation fault is nicer.
Diffstat (limited to 'main/musl/0002-make-globfree-safe-after-failed-glob-from-over-lengt.patch')
-rw-r--r-- | main/musl/0002-make-globfree-safe-after-failed-glob-from-over-lengt.patch | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/main/musl/0002-make-globfree-safe-after-failed-glob-from-over-lengt.patch b/main/musl/0002-make-globfree-safe-after-failed-glob-from-over-lengt.patch new file mode 100644 index 0000000000..db1083531b --- /dev/null +++ b/main/musl/0002-make-globfree-safe-after-failed-glob-from-over-lengt.patch @@ -0,0 +1,44 @@ +From 769f53598e781ffc89191520f3f8a93cb58db91f Mon Sep 17 00:00:00 2001 +From: Rich Felker <dalias@aerifal.cx> +Date: Mon, 2 Jan 2017 19:47:12 -0500 +Subject: [PATCH 2/2] make globfree safe after failed glob from over-length + argument + +commit 0dc99ac413d8bc054a2e95578475c7122455eee8 added input length +checking to avoid unsafe VLA allocation, but put it in the wrong +place, before the glob_t structure was zeroed out. while POSIX isn't +clear on whether it's permitted to call globfree after glob failed +with GLOB_NOSPACE, making it safe is clearly better than letting +uninitialized pointers get passed to free in non-conforming callers. + +while we're fixing this, change strlen check to the idiomatic strnlen +version to avoid unbounded input scanning before returning an error. +--- + src/regex/glob.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/regex/glob.c b/src/regex/glob.c +index 6affee040c31..5b6ff1247f43 100644 +--- a/src/regex/glob.c ++++ b/src/regex/glob.c +@@ -169,8 +169,6 @@ int glob(const char *restrict pat, int flags, int (*errfunc)(const char *path, i + d = ""; + } + +- if (strlen(p) > PATH_MAX) return GLOB_NOSPACE; +- + if (!errfunc) errfunc = ignore_err; + + if (!(flags & GLOB_APPEND)) { +@@ -179,6 +177,8 @@ int glob(const char *restrict pat, int flags, int (*errfunc)(const char *path, i + g->gl_pathv = NULL; + } + ++ if (strnlen(p, PATH_MAX+1) > PATH_MAX) return GLOB_NOSPACE; ++ + if (*p) error = match_in_dir(d, p, flags, errfunc, &tail); + if (error == GLOB_NOSPACE) { + freelist(&head); +-- +2.8.3 + |