diff options
author | Stan Shebs <stanshebs@google.com> | 2015-08-31 13:22:13 -0700 |
---|---|---|
committer | Stan Shebs <stanshebs@google.com> | 2015-08-31 13:22:13 -0700 |
commit | b1342139cd437bcae24e1bc3d473d31e2779b517 (patch) | |
tree | a5db93693d1d4bbee4bf488aed42f88c929a931c | |
parent | db2523b0dab3ec8de173f97fd8be0bc1ae35fe54 (diff) | |
download | glibc-b1342139cd437bcae24e1bc3d473d31e2779b517.tar glibc-b1342139cd437bcae24e1bc3d473d31e2779b517.tar.gz glibc-b1342139cd437bcae24e1bc3d473d31e2779b517.tar.bz2 glibc-b1342139cd437bcae24e1bc3d473d31e2779b517.zip |
Backport upstream fixes to fnmatch
-rw-r--r-- | README.google | 9 | ||||
-rw-r--r-- | posix/Makefile | 2 | ||||
-rw-r--r-- | posix/fnmatch_loop.c | 12 | ||||
-rw-r--r-- | posix/tst-fnmatch3.c | 52 |
4 files changed, 70 insertions, 5 deletions
diff --git a/README.google b/README.google index 035ff765f7..6a1daadd11 100644 --- a/README.google +++ b/README.google @@ -478,3 +478,12 @@ resolv/nss_dns/dns-host.c nss/nss_borg/borg-pwd.c Improve documentation, remove dead code. (stanshebs, google-local) + +posix/fnmatch_loop.c +posix/Makefile +posix/tst-fnmatch3.c + For b/19524869 and b/19533947, backport buffer overflow fixes in fnmatch. + (PR18032, PR18036) + https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4a28f4d55a6cc33474c0792fe93b5942d81bf185 + https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c2c6d39fab901c97c18fa3a3a3658d9dc3f7df61 + (stanshebs, backport) diff --git a/posix/Makefile b/posix/Makefile index 6709900cb2..05dc92c2b6 100644 --- a/posix/Makefile +++ b/posix/Makefile @@ -86,7 +86,7 @@ tests := tstgetopt testfnm runtests runptests \ tst-getaddrinfo3 tst-fnmatch2 tst-cpucount tst-cpuset \ bug-getopt1 bug-getopt2 bug-getopt3 bug-getopt4 \ bug-getopt5 tst-getopt_long1 bug-regex34 bug-regex35 \ - tst-pathconf tst-getaddrinfo4 + tst-pathconf tst-getaddrinfo4 tst-fnmatch3 xtests := bug-ga2 ifeq (yes,$(build-shared)) test-srcs := globtest diff --git a/posix/fnmatch_loop.c b/posix/fnmatch_loop.c index f79d051a3a..ce404c4c61 100644 --- a/posix/fnmatch_loop.c +++ b/posix/fnmatch_loop.c @@ -951,14 +951,13 @@ FCT (pattern, string, string_end, no_leading_period, flags, ends, alloca_used) } else if (c == L('[') && *p == L('.')) { - ++p; while (1) { c = *++p; - if (c == '\0') + if (c == L('\0')) return FNM_NOMATCH; - if (*p == L('.') && p[1] == L(']')) + if (c == L('.') && p[1] == L(']')) break; } p += 2; @@ -1045,7 +1044,12 @@ END (const CHAR *pattern) } else if ((*p == L('?') || *p == L('*') || *p == L('+') || *p == L('@') || *p == L('!')) && p[1] == L('(')) - p = END (p + 1); + { + p = END (p + 1); + if (*p == L('\0')) + /* This is an invalid pattern. */ + return pattern; + } else if (*p == L(')')) break; diff --git a/posix/tst-fnmatch3.c b/posix/tst-fnmatch3.c new file mode 100644 index 0000000000..fdf99342e9 --- /dev/null +++ b/posix/tst-fnmatch3.c @@ -0,0 +1,52 @@ +/* Test for fnmatch not reading past the end of the pattern. + Copyright (C) 2014-2015 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + <http://www.gnu.org/licenses/>. */ + +#include <fnmatch.h> +#include <sys/mman.h> +#include <string.h> +#include <unistd.h> + +int +do_bz18036 (void) +{ + const char p[] = "**(!()"; + const int pagesize = getpagesize (); + + char *pattern = mmap (0, 2 * pagesize, PROT_READ|PROT_WRITE, + MAP_PRIVATE|MAP_ANONYMOUS, -1, 0); + if (pattern == MAP_FAILED) return 1; + + mprotect (pattern + pagesize, pagesize, PROT_NONE); + memset (pattern, ' ', pagesize); + strcpy (pattern, p); + + return fnmatch (pattern, p, FNM_EXTMATCH); +} + +int +do_test (void) +{ + if (fnmatch ("[[:alpha:]'[:alpha:]\0]", "a", 0) != FNM_NOMATCH) + return 1; + if (fnmatch ("[a[.\0.]]", "a", 0) != FNM_NOMATCH) + return 1; + return do_bz18036 (); +} + +#define TEST_FUNCTION do_test () +#include "../test-skeleton.c" |