diff options
author | Leo Famulari <leo@famulari.name> | 2017-12-21 13:58:35 -0500 |
---|---|---|
committer | Leo Famulari <leo@famulari.name> | 2017-12-21 13:58:35 -0500 |
commit | f76fc968669721e3baa6a0662da8e9e9f5da66cf (patch) | |
tree | ae58b84d89f144fbec974b7e75b24574f99b2e33 /gnu/packages/patches/links-CVE-2017-11114.patch | |
parent | 24ee3b28c6def91e4e41dd46441a029ab01b6d00 (diff) | |
parent | 5dc0e0b055ce2ab12c40066cee34511cd7a5cf03 (diff) | |
download | guix-f76fc968669721e3baa6a0662da8e9e9f5da66cf.tar guix-f76fc968669721e3baa6a0662da8e9e9f5da66cf.tar.gz |
Merge branch 'master' into core-updates
Diffstat (limited to 'gnu/packages/patches/links-CVE-2017-11114.patch')
-rw-r--r-- | gnu/packages/patches/links-CVE-2017-11114.patch | 99 |
1 files changed, 99 insertions, 0 deletions
diff --git a/gnu/packages/patches/links-CVE-2017-11114.patch b/gnu/packages/patches/links-CVE-2017-11114.patch new file mode 100644 index 0000000000..c5ac9884b5 --- /dev/null +++ b/gnu/packages/patches/links-CVE-2017-11114.patch @@ -0,0 +1,99 @@ +Fix CVE-2017-11114: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11114 +http://seclists.org/fulldisclosure/2017/Jul/76 + +Patch copied from Debian: + +https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870299#12 + +Origin: upstream, commit: fee5dca79a93a37024e494b985386a5fe60bc1b7 +Origin: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870299#12 +Author: Mikulas Patocka <mikulas@twibright.com> +Date: Wed Aug 2 20:13:29 2017 +0200 +Subject: Fix read out of memory in case of corrupted UTF-8 data + +--- + charsets.c | 37 +------------------------------------ + links.h | 9 ++++----- + 2 files changed, 5 insertions(+), 41 deletions(-) + +Index: links-2.14/charsets.c +=================================================================== +--- links-2.14.orig/charsets.c ++++ links-2.14/charsets.c +@@ -215,41 +215,6 @@ static struct conv_table *get_translatio + return utf_table; + } + +-unsigned short int utf8_2_uni_table[0x200] = { +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 128, 0, 0, 0, 192, 0, +- 0, 0, 256, 0, 0, 0, 320, 0, 0, 0, 384, 0, 0, 0, 448, 0, +- 0, 0, 512, 0, 0, 0, 576, 0, 0, 0, 640, 0, 0, 0, 704, 0, +- 0, 0, 768, 0, 0, 0, 832, 0, 0, 0, 896, 0, 0, 0, 960, 0, +- 0, 0, 1024, 0, 0, 0, 1088, 0, 0, 0, 1152, 0, 0, 0, 1216, 0, +- 0, 0, 1280, 0, 0, 0, 1344, 0, 0, 0, 1408, 0, 0, 0, 1472, 0, +- 0, 0, 1536, 0, 0, 0, 1600, 0, 0, 0, 1664, 0, 0, 0, 1728, 0, +- 0, 0, 1792, 0, 0, 0, 1856, 0, 0, 0, 1920, 0, 0, 0, 1984, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +-}; +- + unsigned char utf_8_1[256] = { + 6, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, + 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, +@@ -269,7 +234,7 @@ unsigned char utf_8_1[256] = { + 3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 1, 1, 6, 6, + }; + +-static_const unsigned min_utf_8[9] = { ++static_const unsigned min_utf_8[8] = { + 0, 0x4000000, 0x200000, 0x10000, 0x800, 0x80, 0x100, 0x1, + }; + +Index: links-2.14/links.h +=================================================================== +--- links-2.14.orig/links.h ++++ links-2.14/links.h +@@ -3906,15 +3906,14 @@ unsigned char *cp_strchr(int charset, un + void init_charset(void); + + unsigned get_utf_8(unsigned char **p); +-extern unsigned short int utf8_2_uni_table[0x200]; + #define GET_UTF_8(s, c) \ + do { \ + if ((unsigned char)(s)[0] < 0x80) \ + (c) = (s)++[0]; \ +- else if (((c) = utf8_2_uni_table[((unsigned char)(s)[0] << 2) + \ +- ((unsigned char)(s)[1] >> 6) - 0x200])) \ +- (c) += (unsigned char)(s)[1] & 0x3f, (s) += 2; \ +- else \ ++ else if ((unsigned char)(s)[0] >= 0xc2 && (unsigned char)(s)[0] < 0xe0 &&\ ++ ((unsigned char)(s)[1] & 0xc0) == 0x80) { \ ++ (c) = (unsigned char)(s)[0] * 0x40 + (unsigned char)(s)[1], (c) -= 0x3080, (s) += 2;\ ++ } else \ + (c) = get_utf_8(&(s)); \ + } while (0) + #define FWD_UTF_8(s) \ |