debian/patches/any/local-nss-overflow.diff

   1 2009-01-12  Arthur Loiret  <aloiret@debian.org>
   2
   3         nss/nss_files/files-parse.c: Include <limits.h>.
   4         (INT_FIELD): Convert field to uintmax_t and check for 32-bit overflow.
   5         (INT_FIELD_MAYBE_NULL): Likewise.
   6
   7 ---
   8  nss/nss_files/files-parse.c |   15 +++++++++++++--
   9  1 file changed, 13 insertions(+), 2 deletions(-)
  10
  11 --- a/nss/nss_files/files-parse.c
  12 +++ b/nss/nss_files/files-parse.c
  13 @@ -21,6 +21,7 @@
  14  #include <string.h>
  15  #include <stdlib.h>
  16  #include <stdint.h>
  17 +#include <limits.h>
  18  #include <nss_files.h>
  19
  20  /* These symbols are defined by the including source file:
  21 @@ -162,7 +163,12 @@
  22  # define INT_FIELD(variable, terminator_p, swallow, base, convert)           \
  23    {                                                                          \
  24      char *endp;                                                                      \
  25 -    variable = convert (strtou32 (line, &endp, base));                       \
  26 +    unsigned long long tmp;                                                  \
  27 +    /* Prevent from 32-bit overflow.  */                                     \
  28 +    tmp = __strtoull_internal (line, &endp, base, 0);                        \
  29 +    if (tmp > UINT_MAX)                                                      \
  30 +      return 0;                                                                      \
  31 +    variable = convert ((unsigned long int)tmp);                             \
  32      if (endp == line)                                                        \
  33        return 0;                                                                      \
  34      else if (terminator_p (*endp))                                           \
  35 @@ -177,10 +183,15 @@
  36  # define INT_FIELD_MAYBE_NULL(variable, terminator_p, swallow, base, convert, default)       \
  37    {                                                                          \
  38      char *endp;                                                                      \
  39 +    unsigned long long tmp;                                                  \
  40      if (*line == '\0')                                                       \
  41        /* We expect some more input, so don't allow the string to end here. */ \
  42        return 0;                                                                      \
  43 -    variable = convert (strtou32 (line, &endp, base));                       \
  44 +    /* Prevent from 32-bit overflow.  */                                     \
  45 +    tmp = __strtoull_internal (line, &endp, base, 0);                \
  46 +    if (tmp > UINT_MAX)                                                      \
  47 +      return 0;                                                                      \
  48 +    variable = convert ((unsigned long int)tmp);                             \
  49      if (endp == line)                                                        \
  50        variable = default;                                                    \
  51      if (terminator_p (*endp))                                                \