logo

oasis

Own branch of Oasis Linux (upstream: <https://git.sr.ht/~mcf/oasis/>) git clone https://anongit.hacktivis.me/git/oasis.git

0003-iconv-fix-erroneous-input-validation-in-EUC-KR-decod.patch (1394B)


  1. From 68480ab0b8c0477929f92387a8880d941917df49 Mon Sep 17 00:00:00 2001
  2. From: Rich Felker <dalias@aerifal.cx>
  3. Date: Sun, 9 Feb 2025 10:07:19 -0500
  4. Subject: [PATCH] iconv: fix erroneous input validation in EUC-KR decoder
  5. as a result of incorrect bounds checking on the lead byte being
  6. decoded, certain invalid inputs which should produce an encoding
  7. error, such as "\xc8\x41", instead produced out-of-bounds loads from
  8. the ksc table.
  9. in a worst case, the loaded value may not be a valid unicode scalar
  10. value, in which case, if the output encoding was UTF-8, wctomb would
  11. return (size_t)-1, causing an overflow in the output pointer and
  12. remaining buffer size which could clobber memory outside of the output
  13. buffer.
  14. bug report was submitted in private by Nick Wellnhofer on account of
  15. potential security implications.
  16. ---
  17. src/locale/iconv.c | 2 +-
  18. 1 file changed, 1 insertion(+), 1 deletion(-)
  19. diff --git a/src/locale/iconv.c b/src/locale/iconv.c
  20. index 175def1c..25743a20 100644
  21. --- a/src/locale/iconv.c
  22. +++ b/src/locale/iconv.c
  23. @@ -495,7 +495,7 @@ size_t iconv(iconv_t cd, char **restrict in, size_t *restrict inb, char **restri
  24. if (c >= 93 || d >= 94) {
  25. c += (0xa1-0x81);
  26. d += 0xa1;
  27. - if (c >= 93 || c>=0xc6-0x81 && d>0x52)
  28. + if (c > 0xc6-0x81 || c==0xc6-0x81 && d>0x52)
  29. goto ilseq;
  30. if (d-'A'<26) d = d-'A';
  31. else if (d-'a'<26) d = d-'a'+26;
  32. --
  33. 2.45.2