Startsida Utforska Hjälp
Registrera dig Logga in
client_service
/
voice-gateway
2
0
Fork 0
Filer Ärenden 0 Pull-förfrågningar 0 Wiki
Träd: ae246bcdcf
Grenar Taggar
voice-gateway
/
miniconda3
/
pkgs
/
icu-58.2-he6710b0_3
/
info
/
recipe
/
CVE-2017-15396.patch

CVE-2017-15396.patch 6.5 KB
Historik

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160 
  1. Combined backport of:
    2. 

  2. 

  3. <https://github.com/unicode-org/icu/commit/5c711e36e>
    4. 

  4. ~~~
    5. 

  5. From 5c711e36e8e6a9810bb689ace16f698d1d3ab9ce Mon Sep 17 00:00:00 2001
    6. 

  6. From: Shane Carr <shane@unicode.org>
    7. 

  7. Date: Thu, 28 Sep 2017 01:00:43 +0000
    8. 

  8. Subject: [PATCH] ICU-13327 Fixing buffer overflow in NumberingSystem
    9. 

  9.  constructor.
    10. 

  10. 

  11. X-SVN-Rev: 40494
    12. 

  12. ---
    13. 

  13.  icu4c/source/i18n/numsys.cpp            |  7 +++++++
    14. 

  14.  icu4c/source/test/intltest/numfmtst.cpp | 22 ++++++++++++++++++++++
    15. 

  15.  icu4c/source/test/intltest/numfmtst.h   |  1 +
    16. 

  16.  3 files changed, 30 insertions(+)
    17. 

  17. ~~~
    18. 

  18. 

  19. <https://github.com/unicode-org/icu/commit/1c794eb11>
    20. 

  20. ~~~
    21. 

  21. From 1c794eb111bb9c146375038dd66806aaa26f35ce Mon Sep 17 00:00:00 2001
    22. 

  22. From: Andy Heninger <andy.heninger@gmail.com>
    23. 

  23. Date: Wed, 11 Oct 2017 22:22:45 +0000
    24. 

  24. Subject: [PATCH] ICU-13394 nul-terminated buffer handling fixed from Chromium.
    25. 

  25. 

  26. X-SVN-Rev: 40615
    27. 

  27. ---
    28. 

  28.  icu4c/source/common/locdispnames.cpp |  2 ++
    29. 

  29.  icu4c/source/common/locdspnm.cpp     |  3 ++-
    30. 

  30.  icu4c/source/common/ucurr.cpp        |  1 +
    31. 

  31.  icu4c/source/i18n/ucol_sit.cpp       | 11 +++++++++--
    32. 

  32.  4 files changed, 14 insertions(+), 3 deletions(-)
    33. 

  33. ~~~
    34. 

  34. 

  35. --- source/common/locdispnames.cpp
    36. 

  36. +++ source/common/locdispnames.cpp
    37. 

  37. @@ -821,6 +821,8 @@ uloc_getDisplayKeywordValue(   const char* locale,
    38. 

  38.      /* get the keyword value */
    39. 

  39.      keywordValue[0]=0;
    40. 

  40.      keywordValueLen = uloc_getKeywordValue(locale, keyword, keywordValue, capacity, status);
    41. 

  41. +    if (*status == U_STRING_NOT_TERMINATED_WARNING)
    42. 

  42. +      *status = U_BUFFER_OVERFLOW_ERROR;
    43. 

  43.  
    44. 

  44.      /* 
    45. 

  45.       * if the keyword is equal to currency .. then to get the display name 
    46. 

  46. --- source/common/locdspnm.cpp
    47. 

  47. +++ source/common/locdspnm.cpp
    48. 

  48. @@ -635,8 +635,9 @@ LocaleDisplayNamesImpl::localeDisplayName(const Locale& locale,
    49. 

  49.      char value[ULOC_KEYWORD_AND_VALUES_CAPACITY]; // sigh, no ULOC_VALUE_CAPACITY
    50. 

  50.      const char* key;
    51. 

  51.      while ((key = e->next((int32_t *)0, status)) != NULL) {
    52. 

  52. +      value[0] = 0;
    53. 

  53.        locale.getKeywordValue(key, value, ULOC_KEYWORD_AND_VALUES_CAPACITY, status);
    54. 

  54. -      if (U_FAILURE(status)) {
    55. 

  55. +      if (U_FAILURE(status) || status == U_STRING_NOT_TERMINATED_WARNING) {
    56. 

  56.          return result;
    57. 

  57.        }
    58. 

  58.        keyDisplayName(key, temp, TRUE);
    59. 

  59. --- source/common/ucurr.cpp
    60. 

  60. +++ source/common/ucurr.cpp
    61. 

  61. @@ -2215,6 +2215,7 @@ ucurr_countCurrencies(const char* locale,
    62. 

  62.          UErrorCode localStatus = U_ZERO_ERROR;
    63. 

  63.          char id[ULOC_FULLNAME_CAPACITY];
    64. 

  64.          uloc_getKeywordValue(locale, "currency", id, ULOC_FULLNAME_CAPACITY, &localStatus);
    65. 

  65. +
    66. 

  66.          // get country or country_variant in `id'
    67. 

  67.          /*uint32_t variantType =*/ idForLocale(locale, id, sizeof(id), ec);
    68. 

  68.  
    69. 

  69. --- source/i18n/numsys.cpp
    70. 

  70. +++ source/i18n/numsys.cpp
    71. 

  71. @@ -25,6 +25,7 @@
    72. 

  72.  #include "unicode/schriter.h"
    73. 

  73.  #include "unicode/numsys.h"
    74. 

  74.  #include "cstring.h"
    75. 

  75. +#include "uassert.h"
    76. 

  76.  #include "uresimp.h"
    77. 

  77.  #include "numsys_impl.h"
    78. 

  78.  
    79. 

  79. @@ -115,7 +116,13 @@ NumberingSystem::createInstance(const Locale & inLocale, UErrorCode& status) {
    80. 

  80.      UBool usingFallback = FALSE;
    81. 

  81.      char buffer[ULOC_KEYWORDS_CAPACITY];
    82. 

  82.      int32_t count = inLocale.getKeywordValue("numbers",buffer, sizeof(buffer),status);
    83. 

  83. +    if (U_FAILURE(status) || status == U_STRING_NOT_TERMINATED_WARNING) {
    84. 

  84. +        // the "numbers" keyword exceeds ULOC_KEYWORDS_CAPACITY; ignore and use default.
    85. 

  85. +        count = 0;
    86. 

  86. +        status = U_ZERO_ERROR;
    87. 

  87. +    }
    88. 

  88.      if ( count > 0 ) { // @numbers keyword was specified in the locale
    89. 

  89. +        U_ASSERT(count < ULOC_KEYWORDS_CAPACITY);
    90. 

  90.          buffer[count] = '\0'; // Make sure it is null terminated.
    91. 

  91.          if ( !uprv_strcmp(buffer,gDefault) || !uprv_strcmp(buffer,gNative) || 
    92. 

  92.               !uprv_strcmp(buffer,gTraditional) || !uprv_strcmp(buffer,gFinance)) {
    93. 

  93. --- source/i18n/ucol_sit.cpp
    94. 

  94. +++ source/i18n/ucol_sit.cpp
    95. 

  95. @@ -465,8 +465,15 @@ ucol_prepareShortStringOpen( const char *definition,
    96. 

  96.      UResourceBundle *collElem = NULL;
    97. 

  97.      char keyBuffer[256];
    98. 

  98.      // if there is a keyword, we pick it up and try to get elements
    99. 

  99. -    if(!uloc_getKeywordValue(buffer, "collation", keyBuffer, 256, status)) {
    100. 

  100. -      // no keyword. we try to find the default setting, which will give us the keyword value
    101. 

  101. +    int32_t keyLen = uloc_getKeywordValue(buffer, "collation", keyBuffer, sizeof(keyBuffer), status);
    102. 

  102. +    // Treat too long a value as no keyword.
    103. 

  103. +    if(keyLen >= (int32_t)sizeof(keyBuffer)) {
    104. 

  104. +      keyLen = 0;
    105. 

  105. +      *status = U_ZERO_ERROR;
    106. 

  106. +    }
    107. 

  107. +    if(keyLen == 0) {
    108. 

  108. +      // no keyword
    109. 

  109. +      // we try to find the default setting, which will give us the keyword value
    110. 

  110.        UResourceBundle *defaultColl = ures_getByKeyWithFallback(collations, "default", NULL, status);
    111. 

  111.        if(U_SUCCESS(*status)) {
    112. 

  112.          int32_t defaultKeyLen = 0;
    113. 

  113. --- source/test/intltest/numfmtst.cpp
    114. 

  114. +++ source/test/intltest/numfmtst.cpp
    115. 

  115. @@ -581,6 +581,7 @@ void NumberFormatTest::runIndexedTest( int32_t index, UBool exec, const char* &n
    116. 

  116.    TESTCASE_AUTO(Test11475_signRecognition);
    117. 

  117.    TESTCASE_AUTO(Test11640_getAffixes);
    118. 

  118.    TESTCASE_AUTO(Test11649_toPatternWithMultiCurrency);
    119. 

  119. +  TESTCASE_AUTO(Test13327_numberingSystemBufferOverflow);
    120. 

  120.    TESTCASE_AUTO_END;
    121. 

  121.  }
    122. 

  122.  
    123. 

  123. @@ -8717,6 +8718,27 @@ void NumberFormatTest::Test11649_toPatternWithMultiCurrency() {
    124. 

  124.      assertEquals("", "US dollars 12.34", fmt2.format(12.34, appendTo));
    125. 

  125.  }
    126. 

  126.  
    127. 

  127. +void NumberFormatTest::Test13327_numberingSystemBufferOverflow() {
    128. 

  128. +    UErrorCode status;
    129. 

  129. +    for (int runId = 0; runId < 2; runId++) {
    130. 

  130. +        // Construct a locale string with a very long "numbers" value.
    131. 

  131. +        // The first time, make the value length exactly equal to ULOC_KEYWORDS_CAPACITY.
    132. 

  132. +        // The second time, make it exceed ULOC_KEYWORDS_CAPACITY.
    133. 

  133. +        int extraLength = (runId == 0) ? 0 : 5;
    134. 

  134. +
    135. 

  135. +        CharString localeId("en@numbers=", status);
    136. 

  136. +        for (int i = 0; i < ULOC_KEYWORDS_CAPACITY + extraLength; i++) {
    137. 

  137. +            localeId.append('x', status);
    138. 

  138. +        }
    139. 

  139. +        assertSuccess("Constructing locale string", status);
    140. 

  140. +        Locale locale(localeId.data());
    141. 

  141. +
    142. 

  142. +        NumberingSystem* ns = NumberingSystem::createInstance(locale, status);
    143. 

  143. +        assertFalse("Should not be null", ns == nullptr);
    144. 

  144. +        assertSuccess("Should create with no error", status);
    145. 

  145. +    }
    146. 

  146. +}
    147. 

  147. +
    148. 

  148.  
    149. 

  149.  void NumberFormatTest::verifyFieldPositionIterator(
    150. 

  150.          NumberFormatTest_Attributes *expected, FieldPositionIterator &iter) {
    151. 

  151. --- source/test/intltest/numfmtst.h
    152. 

  152. +++ source/test/intltest/numfmtst.h
    153. 

  153. @@ -215,6 +215,7 @@ class NumberFormatTest: public CalendarTimeZoneTest {
    154. 

  154.      void Test11475_signRecognition();
    155. 

  155.      void Test11640_getAffixes();
    156. 

  156.      void Test11649_toPatternWithMultiCurrency();
    157. 

  157. +    void Test13327_numberingSystemBufferOverflow();
    158. 

  158.  
    159. 

  159.      void checkExceptionIssue11735();
    160. 

  160.  
    161.