iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961) - mirror/glibc - mirror of git://sourceware.org/git/glibc.git

diff options

author	Charles Fol <folcharles@gmail.com>	2024-03-28 12:25:38 -0300
committer	Adhemerval Zanella <adhemerval.zanella@linaro.org>	2024-04-17 14:05:00 -0300
commit	e1135387deded5d73924f6ca20c72a35dc8e1bda (patch)
tree	b6cd715d047e302bcfa36728d19726cdd61c0ec7 /sysdeps/sparc/sparc32/bits/wordsize.h
parent	20534f81760635f3a71fb11ba251568cdc11c6a0 (diff)
download	glibc-e1135387deded5d73924f6ca20c72a35dc8e1bda.tar.gz glibc-e1135387deded5d73924f6ca20c72a35dc8e1bda.tar.xz glibc-e1135387deded5d73924f6ca20c72a35dc8e1bda.zip

iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961)

ISO-2022-CN-EXT uses escape sequences to indicate character set changes
(as specified by RFC 1922).  While the SOdesignation has the expected
bounds checks, neither SS2designation nor SS3designation have its;
allowing a write overflow of 1, 2, or 3 bytes with fixed values:
'$+I', '$+J', '$+K', '$+L', '$+M', or '$*H'.

Checked on aarch64-linux-gnu.

Co-authored-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>

(cherry picked from commit f9dc609e06b1136bb0408be9605ce7973a767ada)

Diffstat (limited to 'sysdeps/sparc/sparc32/bits/wordsize.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: