Which license is this patch under?
On 3 February 2014 13:26:41 GMT+00:00, Sebastian Trahm <ba...@schleifi.com>
wrote:
>Hello,
>
>the following diff addresses CVE-2012-3509
>(libiberty: integer overflow, leading to heap-buffer overflow).
>
>
>Index: include/objalloc.h
>===================================================================
>RCS file: /cvs/src/gnu/lib/libiberty/include/objalloc.h,v
>retrieving revision 1.1.1.3
>diff -u -p -u -p -r1.1.1.3 objalloc.h
>--- include/objalloc.h 27 May 2008 18:46:00 -0000 1.1.1.3
>+++ include/objalloc.h 3 Feb 2014 13:24:24 -0000
>@@ -91,7 +91,7 @@ extern void *_objalloc_alloc (struct obj
> if (__len == 0) \
> __len = 1; \
> __len = (__len + OBJALLOC_ALIGN - 1) &~ (OBJALLOC_ALIGN - 1); \
>- (__len <= __o->current_space \
>+ (__len != 0 && __len <= __o->current_space \
> ? (__o->current_ptr += __len, \
> __o->current_space -= __len, \
> (void *) (__o->current_ptr - __len)) \
>Index: src/objalloc.c
>===================================================================
>RCS file: /cvs/src/gnu/lib/libiberty/src/objalloc.c,v
>retrieving revision 1.4
>diff -u -p -u -p -r1.4 objalloc.c
>--- src/objalloc.c 27 May 2008 18:52:44 -0000 1.4
>+++ src/objalloc.c 3 Feb 2014 13:24:24 -0000
>@@ -112,14 +112,21 @@ objalloc_create (void)
> /* Allocate space from an objalloc structure. */
>
> PTR
>-_objalloc_alloc (struct objalloc *o, unsigned long len)
>+_objalloc_alloc (struct objalloc *o, unsigned long original_len)
> {
>+ unsigned long len = original_len;
>+
> /* We avoid confusion from zero sized objects by always allocating
> at least 1 byte. */
> if (len == 0)
> len = 1;
>
> len = (len + OBJALLOC_ALIGN - 1) &~ (OBJALLOC_ALIGN - 1);
>+
>+ /* CVE-2012-3509: Check for overflow in the alignment operation
>above
>+ * and then malloc argument below. */
>+ if (len + CHUNK_HEADER_SIZE < original_len)
>+ return NULL;
>
> if (len <= o->current_space)
> {
>
>
>
>
>No functional changes, therefore no bump of "shlib_version".
>
>Cheers,
>
>Sebastian
>
>[1] http://www.openwall.com/lists/oss-security/2012/08/29/3
>[2] http://gcc.gnu.org/viewcvs/gcc?view=revision&revision=191413