rpms/coreutils
3
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix the date crash or infloop in TZ= parsing (#1069657, from upstream)

Browse Source
This commit is contained in:
Ondřej Vašík 2014-03-02 20:45:06 +01:00
parent 55f7ecdd4a
commit d700b52311
2 changed files with 73 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
coreutils-8.22-datetzcrash.patch Normal file
View File

@ -0,0 +1,67 @@
diff -urNp coreutils-8.22-orig/gnulib-tests/test-parse-datetime.c coreutils-8.22/gnulib-tests/test-parse-datetime.c
--- coreutils-8.22-orig/gnulib-tests/test-parse-datetime.c 2013-12-04 15:53:33.000000000 +0100
+++ coreutils-8.22/gnulib-tests/test-parse-datetime.c 2014-03-02 20:33:25.691688592 +0100
@@ -419,5 +419,21 @@ main (int argc _GL_UNUSED, char **argv)
starting with a high-bit-set byte would be treated like "0". */
ASSERT ( ! parse_datetime (&result, "\xb0", &now));
+ /* Exercise TZ="" parsing code. */
+ /* These two would infloop or segfault before Feb 2014. */
+ ASSERT ( ! parse_datetime (&result, "TZ=\"\"\"", &now));
+ ASSERT ( ! parse_datetime (&result, "TZ=\"\" \"", &now));
+ /* Exercise invalid patterns. */
+ ASSERT ( ! parse_datetime (&result, "TZ=\"", &now));
+ ASSERT ( ! parse_datetime (&result, "TZ=\"\\\"", &now));
+ ASSERT ( ! parse_datetime (&result, "TZ=\"\\n", &now));
+ ASSERT ( ! parse_datetime (&result, "TZ=\"\\n\"", &now));
+ /* Exercise valid patterns. */
+ ASSERT ( parse_datetime (&result, "TZ=\"\"", &now));
+ ASSERT ( parse_datetime (&result, "TZ=\"\" ", &now));
+ ASSERT ( parse_datetime (&result, " TZ=\"\"", &now));
+ ASSERT ( parse_datetime (&result, "TZ=\"\\\\\"", &now));
+ ASSERT ( parse_datetime (&result, "TZ=\"\\\"\"", &now));
+
return 0;
}
diff -urNp coreutils-8.22-orig/lib/parse-datetime.y coreutils-8.22/lib/parse-datetime.y
--- coreutils-8.22-orig/lib/parse-datetime.y 2013-12-04 15:53:33.000000000 +0100
+++ coreutils-8.22/lib/parse-datetime.y 2014-03-02 20:32:23.246124920 +0100
@@ -1303,8 +1303,6 @@ parse_datetime (struct timespec *result,
char tz1buf[TZBUFSIZE];
bool large_tz = TZBUFSIZE < tzsize;
bool setenv_ok;
- /* Free tz0, in case this is the 2nd or subsequent time through. */
- free (tz0);
tz0 = get_tz (tz0buf);
z = tz1 = large_tz ? xmalloc (tzsize) : tz1buf;
for (s = tzbase; *s != '"'; s++)
@@ -1316,7 +1314,12 @@ parse_datetime (struct timespec *result,
if (!setenv_ok)
goto fail;
tz_was_altered = true;
+
p = s + 1;
+ while (c = *p, c_isspace (c))
+ p++;
+
+ break;
}
}
diff -urNp coreutils-8.22-orig/tests/misc/date.pl coreutils-8.22/tests/misc/date.pl
--- coreutils-8.22-orig/tests/misc/date.pl 2013-12-04 15:48:30.000000000 +0100
+++ coreutils-8.22/tests/misc/date.pl 2014-03-02 20:30:43.200328295 +0100
@@ -287,6 +287,13 @@ my @Tests =
{ERR => "date: invalid date '\\260'\n"},
{EXIT => 1},
],
+
+ # From coreutils-5.3.0 to 8.22 inclusive
+ # this would either infinite loop or crash
+ ['invalid-TZ-crash', "-d 'TZ=\"\"\"'",
+ {ERR => "date: invalid date 'TZ=\"\"\"'\n"},
+ {EXIT => 1},
+ ],
);
# Repeat the cross-dst test, using Jan 1, 2005 and every interval from 1..364.

7
coreutils.spec
View File

@ -1,7 +1,7 @@
Summary: A set of basic GNU tools commonly used in shell scripts
Name: coreutils
Version: 8.22
Release: 11%{?dist}
Release: 12%{?dist}
License: GPLv3+
Group: System Environment/Base
Url: http://www.gnu.org/software/coreutils/
@ -14,6 +14,7 @@ Source106: coreutils-colorls.csh
# From upstream
Patch1: coreutils-8.22-cp-selinux.patch
Patch2: coreutils-8.22-datetzcrash.patch
# Our patches
#general patch to workaround koji build system issues
@ -128,6 +129,7 @@ the old GNU fileutils, sh-utils, and textutils packages.
# From upstream
%patch1 -p1 -b .nullcontext
%patch2 -p1 -b .tzcrash
# Our patches
%patch100 -p1 -b .configure
@ -374,6 +376,9 @@ fi
%{_sbindir}/chroot
%changelog
* Sun Mar 02 2014 Ondrej Vasik <ovasik@redhat.com> 8.22-12
- fix the date crash or infloop in TZ="" parsing (#1069657)
* Mon Jan 13 2014 Ondrej Vasik <ovasik@redhat.com> 8.22-11
- cp/mv/install: do not crash when getfscreatecon() is
returning a NULL context