diff options
| author | Pietro Albini <pietro@pietroalbini.org> | 2025-02-16 12:21:42 +0100 |
|---|---|---|
| committer | Josh Stone <jistone@redhat.com> | 2025-02-17 08:56:01 -0800 |
| commit | 792e9c74c3d35245848621b770887b882b91a430 (patch) | |
| tree | 51890a91ebe98adebd47cf6b476d133a3e4a43dd | |
| parent | 13c3ebbc9da038a97a34488081fd193d452d6c49 (diff) | |
| download | rust-792e9c74c3d35245848621b770887b882b91a430.tar.gz rust-792e9c74c3d35245848621b770887b882b91a430.zip | |
fix musl's CVE-2025-26519
(cherry picked from commit a6ee2f4af223ff7636c5d55c735fd5bb51c8578f)
| -rw-r--r-- | src/ci/docker/scripts/musl.sh | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/src/ci/docker/scripts/musl.sh b/src/ci/docker/scripts/musl.sh index ece8e6c15c0..9878bec6fbe 100644 --- a/src/ci/docker/scripts/musl.sh +++ b/src/ci/docker/scripts/musl.sh @@ -30,6 +30,47 @@ MUSL=musl-1.2.3 # may have been downloaded in a previous run if [ ! -d $MUSL ]; then curl https://www.musl-libc.org/releases/$MUSL.tar.gz | tar xzf - + + # Apply patches for CVE-2025-26519. At the time of adding these patches no release containing them + # has been published by the musl project, so we just apply them directly on top of the version we + # were distributing already. The patches should be removed once we upgrade to musl >= 1.2.6. + # + # Advisory: https://www.openwall.com/lists/musl/2025/02/13/1 + # + # Patches applied: + # - https://www.openwall.com/lists/musl/2025/02/13/1/1 + # - https://www.openwall.com/lists/musl/2025/02/13/1/2 + # + # ignore-tidy-tab + # ignore-tidy-linelength + patch -p1 -d $MUSL <<EOF +--- a/src/locale/iconv.c ++++ b/src/locale/iconv.c +@@ -502,7 +502,7 @@ size_t iconv(iconv_t cd, char **restrict in, size_t *restrict inb, char **restri + if (c >= 93 || d >= 94) { + c += (0xa1-0x81); + d += 0xa1; +- if (c >= 93 || c>=0xc6-0x81 && d>0x52) ++ if (c > 0xc6-0x81 || c==0xc6-0x81 && d>0x52) + goto ilseq; + if (d-'A'<26) d = d-'A'; + else if (d-'a'<26) d = d-'a'+26; +EOF + patch -p1 -d $MUSL <<EOF +--- a/src/locale/iconv.c ++++ b/src/locale/iconv.c +@@ -545,6 +545,10 @@ size_t iconv(iconv_t cd, char **restrict in, size_t *restrict inb, char **restri + if (*outb < k) goto toobig; + memcpy(*out, tmp, k); + } else k = wctomb_utf8(*out, c); ++ /* This failure condition should be unreachable, but ++ * is included to prevent decoder bugs from translating ++ * into advancement outside the output buffer range. */ ++ if (k>4) goto ilseq; + *out += k; + *outb -= k; + break; +EOF fi cd $MUSL |