about summary refs log tree commit diff
path: root/iconvdata/ibm1149.h
diff options
context:
space:
mode:
authorCharles Fol <folcharles@gmail.com>2024-03-28 12:25:38 -0300
committerAdhemerval Zanella <adhemerval.zanella@linaro.org>2024-04-17 14:05:08 -0300
commit31da30f23cddd36db29d5b6a1c7619361b271fb4 (patch)
treee4b651885616d91e8b84edf7fdca941685c125c4 /iconvdata/ibm1149.h
parent423099a03264ea28298f47355d7811b8efe03c97 (diff)
downloadglibc-31da30f23cddd36db29d5b6a1c7619361b271fb4.tar.gz
glibc-31da30f23cddd36db29d5b6a1c7619361b271fb4.tar.xz
glibc-31da30f23cddd36db29d5b6a1c7619361b271fb4.zip
iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961)
ISO-2022-CN-EXT uses escape sequences to indicate character set changes
(as specified by RFC 1922).  While the SOdesignation has the expected
bounds checks, neither SS2designation nor SS3designation have its;
allowing a write overflow of 1, 2, or 3 bytes with fixed values:
'$+I', '$+J', '$+K', '$+L', '$+M', or '$*H'.

Checked on aarch64-linux-gnu.

Co-authored-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>

(cherry picked from commit f9dc609e06b1136bb0408be9605ce7973a767ada)
Diffstat (limited to 'iconvdata/ibm1149.h')
0 files changed, 0 insertions, 0 deletions