Skip to content
Snippets Groups Projects
Commit cb97d7fb authored by Frederik Schwan's avatar Frederik Schwan
Browse files

incorrect printf output for integers with thousands separator and width field (CVE-2023-25139)

Fix for a regression where after the refactor the implementation does not
account for grouping characters during padding of the width.
parent bede3495
No related branches found
Tags 2.37-2
No related merge requests found
......@@ -10,7 +10,7 @@ pkgbase=glibc
pkgname=(glibc lib32-glibc)
pkgver=2.37
_commit=a704fd9a133bfb10510e18702f48a6a9c88dbbd5
pkgrel=1
pkgrel=2
arch=(x86_64)
url='https://www.gnu.org/software/libc'
license=(GPL LGPL)
......@@ -22,6 +22,7 @@ source=(git+https://sourceware.org/git/glibc.git#commit=${_commit}
lib32-glibc.conf
sdt.h sdt-config.h
reenable_DT_HASH.patch
cve-2023-25139.patch
)
validpgpkeys=(7273542B39962DF7B299931416792B4EA25340F8 # Carlos O'Donell
BC7C7372637EC10C57D7AA6579C43DFBF1CF2187) # Siddhesh Poyarekar
......@@ -31,7 +32,8 @@ b2sums=('SKIP'
'7c265e6d36a5c0dff127093580827d15519b6c7205c2e1300e82f0fb5b9dd00b6accb40c56581f18179c4fbbc95bd2bf1b900ace867a83accde0969f7b609f8a'
'a6a5e2f2a627cc0d13d11a82458cfd0aa75ec1c5a3c7647e5d5a3bb1d4c0770887a3909bfda1236803d5bc9801bfd6251e13483e9adf797e4725332cd0d91a0e'
'214e995e84b342fe7b2a7704ce011b7c7fc74c2971f98eeb3b4e677b99c860addc0a7d91b8dc0f0b8be7537782ee331999e02ba48f4ccc1c331b60f27d715678'
'5fdd133c367af2f5454ea1eea7907de12166fb95eb59dbe33eae16aa9e26209b6585972bc1c80e36a0af4bfb04296acaf940ee78cd624cdcbab9669dff46c051')
'5fdd133c367af2f5454ea1eea7907de12166fb95eb59dbe33eae16aa9e26209b6585972bc1c80e36a0af4bfb04296acaf940ee78cd624cdcbab9669dff46c051'
'917b876dbc2bc23d15ffedb56bfb51611f8c7a5b8321281a2cf488d442a45c38fc754e857573843042bf7cc3df87d4271bc723acd52aab4c8fc3c8f07d41456e')
prepare() {
mkdir -p glibc-build lib32-glibc-build
......@@ -39,10 +41,15 @@ prepare() {
[[ -d glibc-$pkgver ]] && ln -s glibc-$pkgver glibc
cd glibc
# re-enable `--hash-style=both` for building shared objects due to issues with EPIC's EAC
# Re-enable `--hash-style=both` for building shared objects due to issues with EPIC's EAC
# which relies on DT_HASH to be present in these libs.
# reconsider 2023-01
patch -Np1 -i "${srcdir}"/reenable_DT_HASH.patch
# Add a temporary patch for cve 2023-25139 until a fix has been backported.
# Technical the fix itself is complete but the test cases aren't.
# See https://sourceware.org/bugzilla/show_bug.cgi?id=30068
patch -Np1 -i "${srcdir}"/cve-2023-25139.patch
}
build() {
......
This is a partial fix for mishandling of grouping when formatting
integers. It properly computes the width in presence of grouping
characteres when the precision is larger than the number of significant
digits.
---
stdio-common/Makefile | 1 +
stdio-common/tst-grouping3.c | 37 +++++++++++++++++++++++++++++
stdio-common/vfprintf-process-arg.c | 2 +-
3 files changed, 39 insertions(+), 1 deletion(-)
create mode 100644 stdio-common/tst-grouping3.c
diff --git a/stdio-common/Makefile b/stdio-common/Makefile
index 6e9d104524..b46d932a20 100644
--- a/stdio-common/Makefile
+++ b/stdio-common/Makefile
@@ -195,6 +195,7 @@ tests := \
tst-gets \
tst-grouping \
tst-grouping2 \
+ tst-grouping3 \
tst-long-dbl-fphex \
tst-memstream-string \
tst-obprintf \
diff --git a/stdio-common/tst-grouping3.c b/stdio-common/tst-grouping3.c
new file mode 100644
index 0000000000..0031ad4010
--- /dev/null
+++ b/stdio-common/tst-grouping3.c
@@ -0,0 +1,37 @@
+/* Test printf with grouping and padding (bug 23432)
+ Copyright (C) 2023 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <https://www.gnu.org/licenses/>. */
+
+#include <locale.h>
+#include <stdio.h>
+#include <support/check.h>
+#include <support/support.h>
+
+static int
+do_test (void)
+{
+ char buf[80];
+
+ xsetlocale (LC_NUMERIC, "de_DE.UTF-8");
+
+ sprintf (buf, "%+-'13.9d", 1234567);
+ TEST_COMPARE_STRING (buf, "+001.234.567 ");
+
+ return 0;
+}
+
+#include <support/test-driver.c>
diff --git a/stdio-common/vfprintf-process-arg.c b/stdio-common/vfprintf-process-arg.c
index 2c651946df..cd3eaf5c0c 100644
--- a/stdio-common/vfprintf-process-arg.c
+++ b/stdio-common/vfprintf-process-arg.c
@@ -257,7 +257,7 @@ LABEL (unsigned_number): /* Unsigned number of base BASE. */
width -= 2;
}
- width -= workend - string + prec;
+ width -= number_length + prec;
Xprintf_buffer_pad (buf, L_('0'), prec);
--
2.39.1
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment