musl: add patch for CVE-2020-28928

2020-11-20 00:55:59 +01:00 · 2020-11-20 00:55:59 +01:00 · 8f9ccd3764
commit 8f9ccd3764
parent 1fcb4392ac
2 changed files with 65 additions and 1 deletions
--- a/srcpkgs/musl/patches/CVE-2020-28928.patch
+++ b/srcpkgs/musl/patches/CVE-2020-28928.patch
@ -0,0 +1,64 @@
+--- src/multibyte/wcsnrtombs.c
+++ src/multibyte/wcsnrtombs.c
+@@ -1,41 +1,33 @@
+ #include <wchar.h>
+#include <limits.h>
+#include <string.h>
+ 
+ size_t wcsnrtombs(char *restrict dst, const wchar_t **restrict wcs, size_t wn, size_t n, mbstate_t *restrict st)
+ {
+-	size_t l, cnt=0, n2;
+-	char *s, buf[256];
+ 	const wchar_t *ws = *wcs;
+-	const wchar_t *tmp_ws;
+-
+-	if (!dst) s = buf, n = sizeof buf;
+-	else s = dst;
+-
+-	while ( ws && n && ( (n2=wn)>=n || n2>32 ) ) {
+-		if (n2>=n) n2=n;
+-		tmp_ws = ws;
+-		l = wcsrtombs(s, &ws, n2, 0);
+-		if (!(l+1)) {
+-			cnt = l;
+-			n = 0;
+	size_t cnt = 0;
+	if (!dst) n=0;
+	while (ws && wn) {
+		char tmp[MB_LEN_MAX];
+		size_t l = wcrtomb(n<MB_LEN_MAX ? tmp : dst, *ws, 0);
+		if (l==-1) {
+			cnt = -1;
+ 			break;
+ 		}
+-		if (s != buf) {
+-			s += l;
+		if (dst) {
+			if (n<MB_LEN_MAX) {
+				if (l>n) break;
+				memcpy(dst, tmp, l);
+			}
+			dst += l;
+ 			n -= l;
+ 		}
+-		wn = ws ? wn - (ws - tmp_ws) : 0;
+-		cnt += l;
+-	}
+-	if (ws) while (n && wn) {
+-		l = wcrtomb(s, *ws, 0);
+-		if ((l+1)<=1) {
+-			if (!l) ws = 0;
+-			else cnt = l;
+		if (!*ws) {
+			ws = 0;
+ 			break;
+ 		}
+-		ws++; wn--;
+-		/* safe - this loop runs fewer than sizeof(buf) times */
+-		s+=l; n-=l;
+		ws++;
+		wn--;
+ 		cnt += l;
+ 	}
+ 	if (dst) *wcs = ws;
+
--- a/srcpkgs/musl/template
+++ b/srcpkgs/musl/template
@ -2,7 +2,7 @@
 pkgname=musl
 reverts="1.2.0_1"
 version=1.1.24
-revision=4
+revision=5
 archs="*-musl"
 bootstrap=yes
 build_style=gnu-configure