aboutsummaryrefslogtreecommitdiff
path: root/core
diff options
context:
space:
mode:
authorCem Keylan <cem@ckyln.com>2020-12-14 22:33:28 +0300
committerCem Keylan <cem@ckyln.com>2020-12-14 22:33:28 +0300
commit52a3c84d4794af5fd4a5963790c5fa5f22dd4571 (patch)
tree163e3024f13059685f88960bfe62545b73e4906d /core
parent265b5e8537db76137ff51cd9c544e0543793add2 (diff)
downloadrepository-52a3c84d4794af5fd4a5963790c5fa5f22dd4571.tar.gz
musl: add patch fixing CVE2020-28928
Diffstat (limited to 'core')
-rwxr-xr-xcore/musl/build2
-rw-r--r--core/musl/patches/CVE-2020-28928.patch64
-rw-r--r--core/musl/sources1
-rw-r--r--core/musl/version2
4 files changed, 68 insertions, 1 deletions
diff --git a/core/musl/build b/core/musl/build
index e48ce47f..44b80ec1 100755
--- a/core/musl/build
+++ b/core/musl/build
@@ -16,6 +16,8 @@ kinstall_t() {
done
}
+patch -p0 < CVE-2020-28928.patch
+
./configure \
--prefix=/usr \
--syslibdir=/usr/lib
diff --git a/core/musl/patches/CVE-2020-28928.patch b/core/musl/patches/CVE-2020-28928.patch
new file mode 100644
index 00000000..9075ae1f
--- /dev/null
+++ b/core/musl/patches/CVE-2020-28928.patch
@@ -0,0 +1,64 @@
+--- src/multibyte/wcsnrtombs.c
++++ src/multibyte/wcsnrtombs.c
+@@ -1,41 +1,33 @@
+ #include <wchar.h>
++#include <limits.h>
++#include <string.h>
+
+ size_t wcsnrtombs(char *restrict dst, const wchar_t **restrict wcs, size_t wn, size_t n, mbstate_t *restrict st)
+ {
+- size_t l, cnt=0, n2;
+- char *s, buf[256];
+ const wchar_t *ws = *wcs;
+- const wchar_t *tmp_ws;
+-
+- if (!dst) s = buf, n = sizeof buf;
+- else s = dst;
+-
+- while ( ws && n && ( (n2=wn)>=n || n2>32 ) ) {
+- if (n2>=n) n2=n;
+- tmp_ws = ws;
+- l = wcsrtombs(s, &ws, n2, 0);
+- if (!(l+1)) {
+- cnt = l;
+- n = 0;
++ size_t cnt = 0;
++ if (!dst) n=0;
++ while (ws && wn) {
++ char tmp[MB_LEN_MAX];
++ size_t l = wcrtomb(n<MB_LEN_MAX ? tmp : dst, *ws, 0);
++ if (l==-1) {
++ cnt = -1;
+ break;
+ }
+- if (s != buf) {
+- s += l;
++ if (dst) {
++ if (n<MB_LEN_MAX) {
++ if (l>n) break;
++ memcpy(dst, tmp, l);
++ }
++ dst += l;
+ n -= l;
+ }
+- wn = ws ? wn - (ws - tmp_ws) : 0;
+- cnt += l;
+- }
+- if (ws) while (n && wn) {
+- l = wcrtomb(s, *ws, 0);
+- if ((l+1)<=1) {
+- if (!l) ws = 0;
+- else cnt = l;
++ if (!*ws) {
++ ws = 0;
+ break;
+ }
+- ws++; wn--;
+- /* safe - this loop runs fewer than sizeof(buf) times */
+- s+=l; n-=l;
++ ws++;
++ wn--;
+ cnt += l;
+ }
+ if (dst) *wcs = ws;
+
diff --git a/core/musl/sources b/core/musl/sources
index 82fcf877..c23268c7 100644
--- a/core/musl/sources
+++ b/core/musl/sources
@@ -5,3 +5,4 @@ files/tree.h
files/getconf.c
files/getent
files/__stack_chk_fail_local.c
+patches/CVE-2020-28928.patch
diff --git a/core/musl/version b/core/musl/version
index cd3d02bc..28527bea 100644
--- a/core/musl/version
+++ b/core/musl/version
@@ -1 +1 @@
-1.2.1 1
+1.2.1 2