[gnome-continuous-yocto/gnomeostree-3.28-rocko: 2530/8267] openssh: fix potential signed overflow to enable compilation with -ftrapv

From: Emmanuele Bassi <ebassi src gnome org>
To: commits-list gnome org
Cc:
Subject: [gnome-continuous-yocto/gnomeostree-3.28-rocko: 2530/8267] openssh: fix potential signed overflow to enable compilation with -ftrapv
Date: Sat, 16 Dec 2017 23:21:35 +0000 (UTC)
commit b2a6f9a97d3749a9a8a9aef59e8a28a95d1181a4
Author: Yuanjie Huang <yuanjie huang windriver com>
Date:   Fri Aug 26 09:57:33 2016 +0800

    openssh: fix potential signed overflow to enable compilation with -ftrapv
    
    Pointer arithmatic results in implementation defined signed integer
    type, so that 's - src' in strlcpy and others may trigger signed overflow.
    In case of compilation by gcc or clang with -ftrapv option, the overflow
    would lead to program abort.
    
    Upstream-status: Submitted [https://bugzilla.mindrot.org/show_bug.cgi?id=2608]
    
    (From OE-Core rev: 2ce02941300aa3e826df0c59fd8d4ce19950028e)
    
    Signed-off-by: Yuanjie Huang <yuanjie huang windriver com>
    Signed-off-by: Ross Burton <ross burton intel com>
    Signed-off-by: Richard Purdie <richard purdie linuxfoundation org>

 ...ial-signed-overflow-in-pointer-arithmatic.patch |   99 ++++++++++++++++++++
 meta/recipes-connectivity/openssh/openssh_7.3p1.bb |    1 +
 2 files changed, 100 insertions(+), 0 deletions(-)
---
diff --git 
a/meta/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch 
b/meta/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch
new file mode 100644
index 0000000..df64a14
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch
@@ -0,0 +1,99 @@
+From 3328e98bcbf2930cd7eea3e6c92ad5dcbdf4794f Mon Sep 17 00:00:00 2001
+From: Yuanjie Huang <yuanjie huang windriver com>
+Date: Wed, 24 Aug 2016 03:15:43 +0000
+Subject: [PATCH] Fix potential signed overflow in pointer arithmatic
+
+Pointer arithmatic results in implementation defined signed integer
+type, so that 's - src' in strlcpy and others may trigger signed overflow.
+In case of compilation by gcc or clang with -ftrapv option, the overflow
+would lead to program abort.
+
+Upstream-status: Submitted [http://bugzilla.mindrot.org/show_bug.cgi?id=2608]
+
+Signed-off-by: Yuanjie Huang <yuanjie huang windriver com>
+---
+ openbsd-compat/strlcat.c | 8 ++++++--
+ openbsd-compat/strlcpy.c | 8 ++++++--
+ openbsd-compat/strnlen.c | 8 ++++++--
+ 3 files changed, 18 insertions(+), 6 deletions(-)
+
+diff --git a/openbsd-compat/strlcat.c b/openbsd-compat/strlcat.c
+index bcc1b61..e758ebf 100644
+--- a/openbsd-compat/strlcat.c
++++ b/openbsd-compat/strlcat.c
+@@ -23,6 +23,7 @@
+ 
+ #include <sys/types.h>
+ #include <string.h>
++#include <stdint.h>
+ 
+ /*
+  * Appends src to string dst of size siz (unlike strncat, siz is the
+@@ -55,8 +56,11 @@ strlcat(char *dst, const char *src, size_t siz)
+               s++;
+       }
+       *d = '\0';
+-
+-      return(dlen + (s - src));       /* count does not include NUL */
++        /*
++       * Cast pointers to unsigned type before calculation, to avoid signed
++       * overflow when the string ends where the MSB has changed.
++       */
++      return (dlen + ((uintptr_t)s - (uintptr_t)src));        /* count does not include NUL */
+ }
+ 
+ #endif /* !HAVE_STRLCAT */
+diff --git a/openbsd-compat/strlcpy.c b/openbsd-compat/strlcpy.c
+index b4b1b60..b06f374 100644
+--- a/openbsd-compat/strlcpy.c
++++ b/openbsd-compat/strlcpy.c
+@@ -23,6 +23,7 @@
+ 
+ #include <sys/types.h>
+ #include <string.h>
++#include <stdint.h>
+ 
+ /*
+  * Copy src to string dst of size siz.  At most siz-1 characters
+@@ -51,8 +52,11 @@ strlcpy(char *dst, const char *src, size_t siz)
+               while (*s++)
+                       ;
+       }
+-
+-      return(s - src - 1);    /* count does not include NUL */
++        /*
++       * Cast pointers to unsigned type before calculation, to avoid signed
++       * overflow when the string ends where the MSB has changed.
++       */
++      return ((uintptr_t)s - (uintptr_t)src - 1);     /* count does not include NUL */
+ }
+ 
+ #endif /* !HAVE_STRLCPY */
+diff --git a/openbsd-compat/strnlen.c b/openbsd-compat/strnlen.c
+index 93d5155..9b8de5d 100644
+--- a/openbsd-compat/strnlen.c
++++ b/openbsd-compat/strnlen.c
+@@ -23,6 +23,7 @@
+ #include <sys/types.h>
+ 
+ #include <string.h>
++#include <stdint.h>
+ 
+ size_t
+ strnlen(const char *str, size_t maxlen)
+@@ -31,7 +32,10 @@ strnlen(const char *str, size_t maxlen)
+ 
+       for (cp = str; maxlen != 0 && *cp != '\0'; cp++, maxlen--)
+               ;
+-
+-      return (size_t)(cp - str);
++        /*
++       * Cast pointers to unsigned type before calculation, to avoid signed
++       * overflow when the string ends where the MSB has changed.
++       */
++      return (size_t)((uintptr_t)cp - (uintptr_t)str);
+ }
+ #endif
+-- 
+1.9.1
+
diff --git a/meta/recipes-connectivity/openssh/openssh_7.3p1.bb 
b/meta/recipes-connectivity/openssh/openssh_7.3p1.bb
index b319726..039b0ff 100644
--- a/meta/recipes-connectivity/openssh/openssh_7.3p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_7.3p1.bb
@@ -24,6 +24,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
            file://run-ptest \
            file://openssh-7.1p1-conditional-compile-des-in-cipher.patch \
            file://openssh-7.1p1-conditional-compile-des-in-pkcs11.patch \
+           file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \
            "
 
 PAM_SRC_URI = "file://sshd"
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]