mirror of
https://git.yoctoproject.org/poky
synced 2026-05-02 18:32:15 +02:00
openssh: drop rejected patch fixed in 8.6p1 release
The rationale [1] is that C11 6.5.6.9 says: """ When two pointers are subtracted, both shall point to elements of the same array object, or one past the last element of the array object; the result is the difference of the subscripts of the two array elements. """ In these cases the objects are arrays of char so the result is defined, and we believe that the compiler incorrectly trapping on defined behaviour. I also found https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63303 ("Pointer subtraction is broken when using -fsanitize=undefined") which seems to support this position. [1] https://bugzilla.mindrot.org/show_bug.cgi?id=2608 (From OE-Core rev: cf193ea67ca852e76b19a7997b62f043b1bca8a1) Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Jose Quaresma
committed by
Richard Purdie
Richard Purdie
parent
d9066258a1
commit
7b8d63b1e2
@@ -1,111 +0,0 @@
|
||||
From 3328e98bcbf2930cd7eea3e6c92ad5dcbdf4794f Mon Sep 17 00:00:00 2001
|
||||
From: Yuanjie Huang <yuanjie.huang@windriver.com>
|
||||
Date: Wed, 24 Aug 2016 03:15:43 +0000
|
||||
Subject: [PATCH] Fix potential signed overflow in pointer arithmatic
|
||||
|
||||
Pointer arithmatic results in implementation defined signed integer
|
||||
type, so that 's - src' in strlcpy and others may trigger signed overflow.
|
||||
In case of compilation by gcc or clang with -ftrapv option, the overflow
|
||||
would lead to program abort.
|
||||
|
||||
Upstream-Status: Submitted [http://bugzilla.mindrot.org/show_bug.cgi?id=2608]
|
||||
|
||||
Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com>
|
||||
|
||||
Complete the fix
|
||||
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
|
||||
---
|
||||
openbsd-compat/strlcat.c | 10 +++++++---
|
||||
openbsd-compat/strlcpy.c | 8 ++++++--
|
||||
openbsd-compat/strnlen.c | 8 ++++++--
|
||||
3 files changed, 19 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/openbsd-compat/strlcat.c b/openbsd-compat/strlcat.c
|
||||
index bcc1b61..124e1e3 100644
|
||||
--- a/openbsd-compat/strlcat.c
|
||||
+++ b/openbsd-compat/strlcat.c
|
||||
@@ -23,6 +23,7 @@
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <string.h>
|
||||
+#include <stdint.h>
|
||||
|
||||
/*
|
||||
* Appends src to string dst of size siz (unlike strncat, siz is the
|
||||
@@ -42,7 +43,7 @@ strlcat(char *dst, const char *src, size_t siz)
|
||||
/* Find the end of dst and adjust bytes left but don't go past end */
|
||||
while (n-- != 0 && *d != '\0')
|
||||
d++;
|
||||
- dlen = d - dst;
|
||||
+ dlen = (uintptr_t)d - (uintptr_t)dst;
|
||||
n = siz - dlen;
|
||||
|
||||
if (n == 0)
|
||||
@@ -55,8 +56,11 @@ strlcat(char *dst, const char *src, size_t siz)
|
||||
s++;
|
||||
}
|
||||
*d = '\0';
|
||||
-
|
||||
- return(dlen + (s - src)); /* count does not include NUL */
|
||||
+ /*
|
||||
+ * Cast pointers to unsigned type before calculation, to avoid signed
|
||||
+ * overflow when the string ends where the MSB has changed.
|
||||
+ */
|
||||
+ return (dlen + ((uintptr_t)s - (uintptr_t)src)); /* count does not include NUL */
|
||||
}
|
||||
|
||||
#endif /* !HAVE_STRLCAT */
|
||||
diff --git a/openbsd-compat/strlcpy.c b/openbsd-compat/strlcpy.c
|
||||
index b4b1b60..b06f374 100644
|
||||
--- a/openbsd-compat/strlcpy.c
|
||||
+++ b/openbsd-compat/strlcpy.c
|
||||
@@ -23,6 +23,7 @@
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <string.h>
|
||||
+#include <stdint.h>
|
||||
|
||||
/*
|
||||
* Copy src to string dst of size siz. At most siz-1 characters
|
||||
@@ -51,8 +52,11 @@ strlcpy(char *dst, const char *src, size_t siz)
|
||||
while (*s++)
|
||||
;
|
||||
}
|
||||
-
|
||||
- return(s - src - 1); /* count does not include NUL */
|
||||
+ /*
|
||||
+ * Cast pointers to unsigned type before calculation, to avoid signed
|
||||
+ * overflow when the string ends where the MSB has changed.
|
||||
+ */
|
||||
+ return ((uintptr_t)s - (uintptr_t)src - 1); /* count does not include NUL */
|
||||
}
|
||||
|
||||
#endif /* !HAVE_STRLCPY */
|
||||
diff --git a/openbsd-compat/strnlen.c b/openbsd-compat/strnlen.c
|
||||
index 7ad3573..7040f1f 100644
|
||||
--- a/openbsd-compat/strnlen.c
|
||||
+++ b/openbsd-compat/strnlen.c
|
||||
@@ -23,6 +23,7 @@
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <string.h>
|
||||
+#include <stdint.h>
|
||||
|
||||
size_t
|
||||
strnlen(const char *str, size_t maxlen)
|
||||
@@ -31,7 +32,10 @@ strnlen(const char *str, size_t maxlen)
|
||||
|
||||
for (cp = str; maxlen != 0 && *cp != '\0'; cp++, maxlen--)
|
||||
;
|
||||
-
|
||||
- return (size_t)(cp - str);
|
||||
+ /*
|
||||
+ * Cast pointers to unsigned type before calculation, to avoid signed
|
||||
+ * overflow when the string ends where the MSB has changed.
|
||||
+ */
|
||||
+ return (size_t)((uintptr_t)cp - (uintptr_t)str);
|
||||
}
|
||||
#endif
|
||||
--
|
||||
2.17.1
|
||||
|
||||
@@ -22,7 +22,6 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
|
||||
file://sshdgenkeys.service \
|
||||
file://volatiles.99_sshd \
|
||||
file://run-ptest \
|
||||
file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \
|
||||
file://sshd_check_keys \
|
||||
file://0001-regress-banner.sh-log-input-and-output-files-on-erro.patch \
|
||||
file://0001-systemd-Add-optional-support-for-systemd-sd_notify.patch \
|
||||
|
||||
Reference in New Issue
Block a user