Module Name: src
Committed By: bouyer
Date: Sun Jan 13 17:14:45 UTC 2013
Modified Files:
src/gnu/dist/grep/lib [netbsd-5-2]: getopt.c regex.c
src/gnu/dist/grep/src [netbsd-5-2]: ansi2knr.c dfa.c grep.c search.c
Log Message:
Pull up following revision(s) (requested by apb in ticket #1838):
gnu/dist/grep/src/grep.c: revision 1.14
gnu/dist/grep/src/ansi2knr.c: revision 1.2
gnu/dist/grep/src/search.c: revision 1.4
gnu/dist/grep/src/dfa.c: revision 1.3
gnu/dist/grep/lib/getopt.c: revision 1.2
gnu/dist/grep/lib/regex.c: revision 1.2
Change several int variables to size_t, ssize_t, or ptrdiff_t.
This should fix the bug described in CVE-2012-5667 when an input
line is so long that its length cannot be stored in an int
variable.
This change to NetBSD's version of GNU grep 2.5.1 (licenced under
GPLv2) was made without direct reference to any code licenced
under GPLv3.
Thanks to Ignatios Souvatzis for looking at GPLv3-derived
patches and describing the problem in general terms. Thanks to
pkgsrc/devel/coccinelle for helping me find places where int
variables were used to store the results from pointer arithmetic
or strlen(). Thanks to Martin Husemann for testing.
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.1 -r1.1.1.1.64.1 src/gnu/dist/grep/lib/getopt.c \
src/gnu/dist/grep/lib/regex.c
cvs rdiff -u -r1.1.1.1 -r1.1.1.1.64.1 src/gnu/dist/grep/src/ansi2knr.c
cvs rdiff -u -r1.2 -r1.2.64.1 src/gnu/dist/grep/src/dfa.c
cvs rdiff -u -r1.12 -r1.12.2.1 src/gnu/dist/grep/src/grep.c
cvs rdiff -u -r1.3 -r1.3.28.1 src/gnu/dist/grep/src/search.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/gnu/dist/grep/lib/getopt.c
diff -u src/gnu/dist/grep/lib/getopt.c:1.1.1.1 src/gnu/dist/grep/lib/getopt.c:1.1.1.1.64.1
--- src/gnu/dist/grep/lib/getopt.c:1.1.1.1 Sun Jan 26 23:15:12 2003
+++ src/gnu/dist/grep/lib/getopt.c Sun Jan 13 17:14:45 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: getopt.c,v 1.1.1.1 2003/01/26 23:15:12 wiz Exp $ */
+/* $NetBSD: getopt.c,v 1.1.1.1.64.1 2013/01/13 17:14:45 bouyer Exp $ */
/* Getopt for GNU.
NOTE: The canonical source of this file is maintained with the GNU
@@ -431,7 +431,7 @@ _getopt_initialize (argc, argv, optstrin
else
{
const char *orig_str = __getopt_nonoption_flags;
- int len = nonoption_flags_max_len = strlen (orig_str);
+ size_t len = nonoption_flags_max_len = strlen (orig_str);
if (nonoption_flags_max_len < argc)
nonoption_flags_max_len = argc;
__getopt_nonoption_flags =
Index: src/gnu/dist/grep/lib/regex.c
diff -u src/gnu/dist/grep/lib/regex.c:1.1.1.1 src/gnu/dist/grep/lib/regex.c:1.1.1.1.64.1
--- src/gnu/dist/grep/lib/regex.c:1.1.1.1 Sun Jan 26 23:15:13 2003
+++ src/gnu/dist/grep/lib/regex.c Sun Jan 13 17:14:45 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: regex.c,v 1.1.1.1 2003/01/26 23:15:13 wiz Exp $ */
+/* $NetBSD: regex.c,v 1.1.1.1.64.1 2013/01/13 17:14:45 bouyer Exp $ */
/* Extended regular expression matching and search library,
version 0.12.
@@ -1127,7 +1127,7 @@ print_double_string (where, string1, siz
int size1;
int size2;
{
- int this_char;
+ ptrdiff_t this_char;
if (where == NULL)
printf ("(null)");
Index: src/gnu/dist/grep/src/ansi2knr.c
diff -u src/gnu/dist/grep/src/ansi2knr.c:1.1.1.1 src/gnu/dist/grep/src/ansi2knr.c:1.1.1.1.64.1
--- src/gnu/dist/grep/src/ansi2knr.c:1.1.1.1 Sun Jan 26 23:15:29 2003
+++ src/gnu/dist/grep/src/ansi2knr.c Sun Jan 13 17:14:45 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: ansi2knr.c,v 1.1.1.1 2003/01/26 23:15:29 wiz Exp $ */
+/* $NetBSD: ansi2knr.c,v 1.1.1.1.64.1 2013/01/13 17:14:45 bouyer Exp $ */
/* Copyright (C) 1989, 1997, 1998, 1999 Aladdin Enterprises. All rights reserved. */
@@ -461,7 +461,7 @@ test1(buf)
}
{
char *id = p;
- int len;
+ ptrdiff_t len;
/*
* Check for identifier1(identifier2) and not
* identifier1(void), or identifier1(identifier2, xxxx).
Index: src/gnu/dist/grep/src/dfa.c
diff -u src/gnu/dist/grep/src/dfa.c:1.2 src/gnu/dist/grep/src/dfa.c:1.2.64.1
--- src/gnu/dist/grep/src/dfa.c:1.2 Sun Jan 26 23:55:52 2003
+++ src/gnu/dist/grep/src/dfa.c Sun Jan 13 17:14:45 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: dfa.c,v 1.2 2003/01/26 23:55:52 wiz Exp $ */
+/* $NetBSD: dfa.c,v 1.2.64.1 2013/01/13 17:14:45 bouyer Exp $ */
/* dfa.c - deterministic extended regexp routines for GNU
Copyright 1988, 1998, 2000 Free Software Foundation, Inc.
@@ -334,9 +334,10 @@ static int hard_LC_COLLATE; /* Nonzero i
#ifdef MBS_SUPPORT
/* These variables are used only if (MB_CUR_MAX > 1). */
static mbstate_t mbs; /* Mbstate for mbrlen(). */
-static int cur_mb_len; /* Byte length of the current scanning
- multibyte character. */
-static int cur_mb_index; /* Byte index of the current scanning multibyte
+static ssize_t cur_mb_len; /* Byte length of the current scanning
+ multibyte character. Must also handle
+ negative result from mbrlen(). */
+static ssize_t cur_mb_index; /* Byte index of the current scanning multibyte
character.
singlebyte character : cur_mb_index = 0
@@ -369,7 +370,7 @@ static unsigned char const *buf_end; /*
/* This function update cur_mb_len, and cur_mb_index.
p points current lexptr, len is the remaining buffer length. */
static void
-update_mb_len_index (unsigned char const *p, int len)
+update_mb_len_index (unsigned char const *p, size_t len)
{
/* If last character is a part of a multibyte character,
we update cur_mb_index. */
@@ -2465,7 +2466,7 @@ match_mb_charset (struct dfa *d, int s,
int match; /* Flag which represent that matching succeed. */
int match_len; /* Length of the character (or collating element)
with which this operator match. */
- int op_len; /* Length of the operator. */
+ size_t op_len; /* Length of the operator. */
char buffer[128];
wchar_t wcbuf[6];
Index: src/gnu/dist/grep/src/grep.c
diff -u src/gnu/dist/grep/src/grep.c:1.12 src/gnu/dist/grep/src/grep.c:1.12.2.1
--- src/gnu/dist/grep/src/grep.c:1.12 Thu Aug 28 03:59:06 2008
+++ src/gnu/dist/grep/src/grep.c Sun Jan 13 17:14:45 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: grep.c,v 1.12 2008/08/28 03:59:06 lukem Exp $ */
+/* $NetBSD: grep.c,v 1.12.2.1 2013/01/13 17:14:45 bouyer Exp $ */
/* grep.c - main driver file for grep.
Copyright 1992, 1997-1999, 2000 Free Software Foundation, Inc.
@@ -1283,9 +1283,9 @@ int
main (int argc, char **argv)
{
char *keys;
- size_t keycc, oldcc, keyalloc;
+ size_t cc, keycc, oldcc, keyalloc;
int with_filenames;
- int opt, cc, status;
+ int opt, status;
int default_context;
FILE *fp;
extern char *optarg;
Index: src/gnu/dist/grep/src/search.c
diff -u src/gnu/dist/grep/src/search.c:1.3 src/gnu/dist/grep/src/search.c:1.3.28.1
--- src/gnu/dist/grep/src/search.c:1.3 Fri Aug 1 15:24:35 2008
+++ src/gnu/dist/grep/src/search.c Sun Jan 13 17:14:45 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: search.c,v 1.3 2008/08/01 15:24:35 christos Exp $ */
+/* $NetBSD: search.c,v 1.3.28.1 2013/01/13 17:14:45 bouyer Exp $ */
/* search.c - searching subroutines using dfa, kwset and regex for grep.
Copyright 1992, 1998, 2000 Free Software Foundation, Inc.
@@ -153,7 +153,7 @@ check_multibyte_string(char const *buf,
{
char *mb_properties = malloc(size);
mbstate_t cur_state;
- int i;
+ size_t i;
memset(&cur_state, 0, sizeof(mbstate_t));
memset(mb_properties, 0, sizeof(char)*size);
for (i = 0; i < size ;)
@@ -339,7 +339,8 @@ EGexecute (char const *buf, size_t size,
{
register char const *buflim, *beg, *end;
char eol = eolbyte;
- int backref, start, len;
+ int backref;
+ ptrdiff_t start, len;
struct kwsmatch kwsm;
size_t i;
#ifdef MBS_SUPPORT
