~alpine/aports

This thread contains a patchset. You're looking at the original emails, but you may wish to use the patch review UI. Review patch

[alpine-aports] [PATCH] main/musl: Apply upstream fixes.

Przemyslaw Pawelczyk <przemoc@zoho.com>
Details
Message ID
<20170103012642.2750-1-przemoc@zoho.com>
Sender timestamp
1483406802
DKIM signature
missing
Download raw message
Patch: +87 -1
Second one (safe globfree() after failed glob()) is especially important
in case of recently updated busybox, because ash since 1.26 supports
libc's glob() and AL's busyboxconfig does not set
CONFIG_ASH_INTERNAL_GLOB.
musl's glob() still needs to be fixed to work for long inputs.

At least  ash: out of memory  instead of  Segmentation fault  is nicer.
---
 .../0001-fix-strftime-y-for-negative-years.patch   | 34 +++++++++++++++++
 ...ee-safe-after-failed-glob-from-over-lengt.patch | 44 ++++++++++++++++++++++
 main/musl/APKBUILD                                 | 10 ++++-
 3 files changed, 87 insertions(+), 1 deletion(-)
 create mode 100644 main/musl/0001-fix-strftime-y-for-negative-years.patch
 create mode 100644 main/musl/0002-make-globfree-safe-after-failed-glob-from-over-lengt.patch

diff --git a/main/musl/0001-fix-strftime-y-for-negative-years.patch b/main/musl/0001-fix-strftime-y-for-negative-years.patch
new file mode 100644
index 000000000000..85d21c7e3f05
--- /dev/null
+++ b/main/musl/0001-fix-strftime-y-for-negative-years.patch
@@ -0,0 +1,34 @@
From 61fb81e3959ecf0848eef8d2767bb80ae5d1a68e Mon Sep 17 00:00:00 2001
From: Rich Felker <dalias@aerifal.cx>
Date: Mon, 2 Jan 2017 17:30:40 -0500
Subject: [PATCH 1/2] fix strftime %y for negative years

commit 583ea83541dcc6481c7a1bd1a9b485526bad84a1 fixed the case where
tm_year is negative but the resulting year (offset by 1900) was still
positive, which is always the case for time_t values that fit in 32
bits, but not for arbitrary inputs.

based on an earlier patch by Julien Ramseier which was overlooked at
the time the previous fix was applied.
---
 src/time/strftime.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/time/strftime.c b/src/time/strftime.c
index e103e02b7204..a30392044bf8 100644
--- a/src/time/strftime.c
+++ b/src/time/strftime.c
@@ -166,8 +166,8 @@ const char *__strftime_fmt_1(char (*s)[100], size_t *l, int f, const struct tm *
 		item = T_FMT;
 		goto nl_strftime;
 	case 'y':
-		val = tm->tm_year % 100;
-		if (val<0) val += 100;
+		val = (tm->tm_year + 1900LL) % 100;
+		if (val < 0) val = -val;
 		goto number;
 	case 'Y':
 		val = tm->tm_year + 1900LL;
-- 
2.8.3

diff --git a/main/musl/0002-make-globfree-safe-after-failed-glob-from-over-lengt.patch b/main/musl/0002-make-globfree-safe-after-failed-glob-from-over-lengt.patch
new file mode 100644
index 000000000000..db1083531b8c
--- /dev/null
+++ b/main/musl/0002-make-globfree-safe-after-failed-glob-from-over-lengt.patch
@@ -0,0 +1,44 @@
From 769f53598e781ffc89191520f3f8a93cb58db91f Mon Sep 17 00:00:00 2001
From: Rich Felker <dalias@aerifal.cx>
Date: Mon, 2 Jan 2017 19:47:12 -0500
Subject: [PATCH 2/2] make globfree safe after failed glob from over-length
 argument

commit 0dc99ac413d8bc054a2e95578475c7122455eee8 added input length
checking to avoid unsafe VLA allocation, but put it in the wrong
place, before the glob_t structure was zeroed out. while POSIX isn't
clear on whether it's permitted to call globfree after glob failed
with GLOB_NOSPACE, making it safe is clearly better than letting
uninitialized pointers get passed to free in non-conforming callers.

while we're fixing this, change strlen check to the idiomatic strnlen
version to avoid unbounded input scanning before returning an error.
---
 src/regex/glob.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/regex/glob.c b/src/regex/glob.c
index 6affee040c31..5b6ff1247f43 100644
--- a/src/regex/glob.c
+++ b/src/regex/glob.c
@@ -169,8 +169,6 @@ int glob(const char *restrict pat, int flags, int (*errfunc)(const char *path, i
 		d = "";
 	}
 
-	if (strlen(p) > PATH_MAX) return GLOB_NOSPACE;
-
 	if (!errfunc) errfunc = ignore_err;
 
 	if (!(flags & GLOB_APPEND)) {
@@ -179,6 +177,8 @@ int glob(const char *restrict pat, int flags, int (*errfunc)(const char *path, i
 		g->gl_pathv = NULL;
 	}
 
+	if (strnlen(p, PATH_MAX+1) > PATH_MAX) return GLOB_NOSPACE;
+
 	if (*p) error = match_in_dir(d, p, flags, errfunc, &tail);
 	if (error == GLOB_NOSPACE) {
 		freelist(&head);
-- 
2.8.3

diff --git a/main/musl/APKBUILD b/main/musl/APKBUILD
index dd3dccf417ac..233908e4e9ab 100644
--- a/main/musl/APKBUILD
+++ b/main/musl/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Timo Teräs <timo.teras@iki.fi>
pkgname=musl
pkgver=1.1.16
pkgrel=0
pkgrel=1
pkgdesc="the musl c library (libc) implementation"
url="http://www.musl-libc.org/"
arch="all"
@@ -13,6 +13,8 @@ makedepends="$depends_dev"
subpackages="$pkgname-dev $pkgname-dbg libc6-compat:compat:noarch"
[ "$BOOTSTRAP" != "nolibc" ] && subpackages="$subpackages $pkgname-utils"
source="http://www.musl-libc.org/releases/musl-$pkgver.tar.gz
	0001-fix-strftime-y-for-negative-years.patch
	0002-make-globfree-safe-after-failed-glob-from-over-lengt.patch

	ldconfig
	__stack_chk_fail_local.c
@@ -125,18 +127,24 @@ compat() {
}

md5sums="ac52ccaec6b06ab0f289d37e8436859b  musl-1.1.16.tar.gz
d9da36992a9ccd200242b38b67823b95  0001-fix-strftime-y-for-negative-years.patch
93a7dfa98dff324f2242d10f7c2d68f8  0002-make-globfree-safe-after-failed-glob-from-over-lengt.patch
830d01f7821b978df770b06db3790921  ldconfig
0df687757221bbb0fc1aa67f1bd646f9  __stack_chk_fail_local.c
57ef2c63b9ec6a2041694ace97d4ffa2  getconf.c
eadc8794eadb79dbc383b2b91a32084d  getent.c
45f92f8d59cf84d765de698a9578dbf4  iconv.c"
sha256sums="937185a5e5d721050306cf106507a006c3f1f86d86cd550024ea7be909071011  musl-1.1.16.tar.gz
ec5209fe48aa54a859cc034557b7cca8307adaf345b3f7c061e0b284eee00ccc  0001-fix-strftime-y-for-negative-years.patch
b8c92e4c6c60b67fde4eab3465041c12a942a319501710babaf3b6ead381bd95  0002-make-globfree-safe-after-failed-glob-from-over-lengt.patch
b4a2c06db38742e8c42c3c9838b285a7d8cdac6c091ff3df5ff9a15f1e41b9c7  ldconfig
299a7d75a09de3e2e11e7fb4acc3182e4a14e868093d2f30938fce9bfcff13da  __stack_chk_fail_local.c
d87d0cbb3690ae2c5d8cc218349fd8278b93855dd625deaf7ae50e320aad247c  getconf.c
b323f20c9bf560a13c877eb05428bc4a203383697bac763e7b12865db5c5922c  getent.c
f79a2930a2e5bb0624321589edf8b889d1e9b603e01e6b7ae214616605b3fdd7  iconv.c"
sha512sums="47c00e50b7605102fb4aebe1f9ba9db94d26fac64805f6d744c9c557a05b8a58dff7f9558ff7c8d66b5d7c43740cdc2dd79448bacac47f1414e6ada99c210140  musl-1.1.16.tar.gz
74e95ab3a74513e7a0513e004c376d4055eca0e21162e717dfcab249302a9060d3ac3eb88b562dea14b71b475b4dd2f703e355e2f5050b58891a848c5093c5f6  0001-fix-strftime-y-for-negative-years.patch
04805970e7dc11f84a86df49688f3b7670933860192e99637e189494c261e49b3cce1d80019d69341452062df03d5a349450015076c947296ac4a0d40e5789f4  0002-make-globfree-safe-after-failed-glob-from-over-lengt.patch
8d3a2d5315fc56fee7da9abb8b89bb38c6046c33d154c10d168fb35bfde6b0cf9f13042a3bceee34daf091bc409d699223735dcf19f382eeee1f6be34154f26f  ldconfig
062bb49fa54839010acd4af113e20f7263dde1c8a2ca359b5fb2661ef9ed9d84a0f7c3bc10c25dcfa10bb3c5a4874588dff636ac43d5dbb3d748d75400756d0b  __stack_chk_fail_local.c
0d80f37b34a35e3d14b012257c50862dfeb9d2c81139ea2dfa101d981d093b009b9fa450ba27a708ac59377a48626971dfc58e20a3799084a65777a0c32cbc7d  getconf.c
-- 
2.8.3




---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---
Reply to thread Export thread (mbox)