Final version of the 804792 patch. No functional changes.

This commit is contained in:
Jeff Law 2012-03-30 09:56:08 -06:00
parent 5022ed713c
commit ca8adba640

View File

@ -1,29 +1,43 @@
2012-03-29 Jeff Law <law@redhat.com> commit b8dc394ddfd58bc5d0fe9ecfc970fc42b789a9df
Author: Jeff Law <law@redhat.com>
Date: Fri Mar 30 09:45:44 2012 -0600
2012-03-29 Jeff Law <law@redhat.com>
* crypt/md5-crypt.c (__md5_crypt_r): Avoid unbounded alloca uses * crypt/md5-crypt.c (__md5_crypt_r): Avoid unbounded alloca uses
due to long keys. due to long keys.
* crypt/sha256-crypt.c (__sha256_crypt_r): Likewise. * crypt/sha256-crypt.c (__sha256_crypt_r): Likewise.
* crypt/sha512-crypt.c (__sha512_crypt_r): Likewise. * crypt/sha512-crypt.c (__sha512_crypt_r): Likewise.
diff -rup c/crypt/md5-crypt.c d/crypt/md5-crypt.c diff --git a/crypt/md5-crypt.c b/crypt/md5-crypt.c
--- c/crypt/md5-crypt.c 2012-01-01 05:16:32.000000000 -0700 index ba606bb..db4ea9c 100644
+++ d/crypt/md5-crypt.c 2012-03-27 11:37:24.035574503 -0600 --- a/crypt/md5-crypt.c
@@ -108,6 +108,7 @@ __md5_crypt_r (key, salt, buffer, buflen +++ b/crypt/md5-crypt.c
@@ -1,6 +1,6 @@
/* One way encryption based on MD5 sum.
Compatible with the behavior of MD5 crypt introduced in FreeBSD 2.0.
- Copyright (C) 1996, 1997, 1999, 2000, 2001, 2002, 2004, 2009
+ Copyright (C) 1996, 1997, 1999, 2000, 2001, 2002, 2004, 2009, 2012
Free Software Foundation, Inc.
This file is part of the GNU C Library.
Contributed by Ulrich Drepper <drepper@cygnus.com>, 1996.
@@ -107,6 +107,8 @@ __md5_crypt_r (key, salt, buffer, buflen)
char *cp; char *cp;
char *copied_key = NULL; char *copied_key = NULL;
char *copied_salt = NULL; char *copied_salt = NULL;
+ char *free_key = NULL; + char *free_key = NULL;
+ size_t alloca_used = 0;
/* Find beginning of salt string. The prefix should normally always /* Find beginning of salt string. The prefix should normally always
be present. Just in case it is not. */ be present. Just in case it is not. */
@@ -120,7 +121,17 @@ __md5_crypt_r (key, salt, buffer, buflen @@ -119,7 +121,17 @@ __md5_crypt_r (key, salt, buffer, buflen)
if ((key - (char *) 0) % __alignof__ (md5_uint32) != 0) if ((key - (char *) 0) % __alignof__ (md5_uint32) != 0)
{ {
- char *tmp = (char *) alloca (key_len + __alignof__ (md5_uint32)); - char *tmp = (char *) alloca (key_len + __alignof__ (md5_uint32));
+ char *tmp; + char *tmp;
+ +
+ if (__libc_use_alloca (key_len + __alignof__ (md5_uint32))) + if (__libc_use_alloca (alloca_used + key_len + __alignof__ (md5_uint32)))
+ tmp = (char *) alloca (key_len + __alignof__ (md5_uint32)); + tmp = (char *) alloca (key_len + __alignof__ (md5_uint32));
+ else + else
+ { + {
@ -35,7 +49,7 @@ diff -rup c/crypt/md5-crypt.c d/crypt/md5-crypt.c
key = copied_key = key = copied_key =
memcpy (tmp + __alignof__ (md5_uint32) memcpy (tmp + __alignof__ (md5_uint32)
- (tmp - (char *) 0) % __alignof__ (md5_uint32), - (tmp - (char *) 0) % __alignof__ (md5_uint32),
@@ -142,7 +158,10 @@ __md5_crypt_r (key, salt, buffer, buflen @@ -141,7 +153,10 @@ __md5_crypt_r (key, salt, buffer, buflen)
/* Initialize libfreebl3. */ /* Initialize libfreebl3. */
NSSLOWInitContext *nss_ictx = NSSLOW_Init (); NSSLOWInitContext *nss_ictx = NSSLOW_Init ();
if (nss_ictx == NULL) if (nss_ictx == NULL)
@ -47,7 +61,7 @@ diff -rup c/crypt/md5-crypt.c d/crypt/md5-crypt.c
NSSLOWHASHContext *nss_ctx = NULL; NSSLOWHASHContext *nss_ctx = NULL;
NSSLOWHASHContext *nss_alt_ctx = NULL; NSSLOWHASHContext *nss_alt_ctx = NULL;
#else #else
@@ -296,6 +315,7 @@ __md5_crypt_r (key, salt, buffer, buflen @@ -295,6 +310,7 @@ __md5_crypt_r (key, salt, buffer, buflen)
if (copied_salt != NULL) if (copied_salt != NULL)
memset (copied_salt, '\0', salt_len); memset (copied_salt, '\0', salt_len);
@ -55,10 +69,18 @@ diff -rup c/crypt/md5-crypt.c d/crypt/md5-crypt.c
return buffer; return buffer;
} }
diff -rup c/crypt/sha256-crypt.c d/crypt/sha256-crypt.c diff --git a/crypt/sha256-crypt.c b/crypt/sha256-crypt.c
--- c/crypt/sha256-crypt.c 2012-01-01 05:16:32.000000000 -0700 index eb2585b..440933a 100644
+++ d/crypt/sha256-crypt.c 2012-03-27 11:58:55.823809542 -0600 --- a/crypt/sha256-crypt.c
@@ -123,6 +123,9 @@ __sha256_crypt_r (key, salt, buffer, buf +++ b/crypt/sha256-crypt.c
@@ -1,5 +1,5 @@
/* One way encryption based on SHA256 sum.
- Copyright (C) 2007, 2009 Free Software Foundation, Inc.
+ Copyright (C) 2007, 2009, 2012 Free Software Foundation, Inc.
This file is part of the GNU C Library.
Contributed by Ulrich Drepper <drepper@redhat.com>, 2007.
@@ -122,6 +122,9 @@ __sha256_crypt_r (key, salt, buffer, buflen)
/* Default number of rounds. */ /* Default number of rounds. */
size_t rounds = ROUNDS_DEFAULT; size_t rounds = ROUNDS_DEFAULT;
bool rounds_custom = false; bool rounds_custom = false;
@ -68,14 +90,14 @@ diff -rup c/crypt/sha256-crypt.c d/crypt/sha256-crypt.c
/* Find beginning of salt string. The prefix should normally always /* Find beginning of salt string. The prefix should normally always
be present. Just in case it is not. */ be present. Just in case it is not. */
@@ -149,7 +152,17 @@ __sha256_crypt_r (key, salt, buffer, buf @@ -148,7 +151,17 @@ __sha256_crypt_r (key, salt, buffer, buflen)
if ((key - (char *) 0) % __alignof__ (uint32_t) != 0) if ((key - (char *) 0) % __alignof__ (uint32_t) != 0)
{ {
- char *tmp = (char *) alloca (key_len + __alignof__ (uint32_t)); - char *tmp = (char *) alloca (key_len + __alignof__ (uint32_t));
+ char *tmp; + char *tmp;
+ +
+ if (__libc_use_alloca (key_len + __alignof__ (uint32_t))) + if (__libc_use_alloca (alloca_used + key_len + __alignof__ (uint32_t)))
+ tmp = alloca_account (key_len + __alignof__ (uint32_t), alloca_used); + tmp = alloca_account (key_len + __alignof__ (uint32_t), alloca_used);
+ else + else
+ { + {
@ -87,7 +109,7 @@ diff -rup c/crypt/sha256-crypt.c d/crypt/sha256-crypt.c
key = copied_key = key = copied_key =
memcpy (tmp + __alignof__ (uint32_t) memcpy (tmp + __alignof__ (uint32_t)
- (tmp - (char *) 0) % __alignof__ (uint32_t), - (tmp - (char *) 0) % __alignof__ (uint32_t),
@@ -160,6 +179,7 @@ __sha256_crypt_r (key, salt, buffer, buf @@ -159,6 +172,7 @@ __sha256_crypt_r (key, salt, buffer, buflen)
if ((salt - (char *) 0) % __alignof__ (uint32_t) != 0) if ((salt - (char *) 0) % __alignof__ (uint32_t) != 0)
{ {
char *tmp = (char *) alloca (salt_len + __alignof__ (uint32_t)); char *tmp = (char *) alloca (salt_len + __alignof__ (uint32_t));
@ -95,7 +117,7 @@ diff -rup c/crypt/sha256-crypt.c d/crypt/sha256-crypt.c
salt = copied_salt = salt = copied_salt =
memcpy (tmp + __alignof__ (uint32_t) memcpy (tmp + __alignof__ (uint32_t)
- (tmp - (char *) 0) % __alignof__ (uint32_t), - (tmp - (char *) 0) % __alignof__ (uint32_t),
@@ -171,7 +191,10 @@ __sha256_crypt_r (key, salt, buffer, buf @@ -170,7 +184,10 @@ __sha256_crypt_r (key, salt, buffer, buflen)
/* Initialize libfreebl3. */ /* Initialize libfreebl3. */
NSSLOWInitContext *nss_ictx = NSSLOW_Init (); NSSLOWInitContext *nss_ictx = NSSLOW_Init ();
if (nss_ictx == NULL) if (nss_ictx == NULL)
@ -107,13 +129,11 @@ diff -rup c/crypt/sha256-crypt.c d/crypt/sha256-crypt.c
NSSLOWHASHContext *nss_ctx = NULL; NSSLOWHASHContext *nss_ctx = NULL;
NSSLOWHASHContext *nss_alt_ctx = NULL; NSSLOWHASHContext *nss_alt_ctx = NULL;
#else #else
@@ -233,8 +256,19 @@ __sha256_crypt_r (key, salt, buffer, buf @@ -233,7 +250,18 @@ __sha256_crypt_r (key, salt, buffer, buflen)
/* Finish the digest. */
sha256_finish_ctx (&alt_ctx, nss_alt_ctx, temp_result); sha256_finish_ctx (&alt_ctx, nss_alt_ctx, temp_result);
- /* Create byte sequence P. */ /* Create byte sequence P. */
- cp = p_bytes = alloca (key_len); - cp = p_bytes = alloca (key_len);
+ /* Create byte sequence P. */
+ if (__libc_use_alloca (alloca_used + key_len)) + if (__libc_use_alloca (alloca_used + key_len))
+ cp = p_bytes = (char *) alloca (key_len); + cp = p_bytes = (char *) alloca (key_len);
+ else + else
@ -129,7 +149,7 @@ diff -rup c/crypt/sha256-crypt.c d/crypt/sha256-crypt.c
for (cnt = key_len; cnt >= 32; cnt -= 32) for (cnt = key_len; cnt >= 32; cnt -= 32)
cp = mempcpy (cp, temp_result, 32); cp = mempcpy (cp, temp_result, 32);
memcpy (cp, temp_result, cnt); memcpy (cp, temp_result, cnt);
@@ -362,6 +401,8 @@ __sha256_crypt_r (key, salt, buffer, buf @@ -361,6 +389,8 @@ __sha256_crypt_r (key, salt, buffer, buflen)
if (copied_salt != NULL) if (copied_salt != NULL)
memset (copied_salt, '\0', salt_len); memset (copied_salt, '\0', salt_len);
@ -138,10 +158,18 @@ diff -rup c/crypt/sha256-crypt.c d/crypt/sha256-crypt.c
return buffer; return buffer;
} }
diff -rup c/crypt/sha512-crypt.c d/crypt/sha512-crypt.c diff --git a/crypt/sha512-crypt.c b/crypt/sha512-crypt.c
--- c/crypt/sha512-crypt.c 2012-01-01 05:16:32.000000000 -0700 index 8f8ed33..e5d9cac 100644
+++ d/crypt/sha512-crypt.c 2012-03-27 12:10:08.895097239 -0600 --- a/crypt/sha512-crypt.c
@@ -123,6 +123,9 @@ __sha512_crypt_r (key, salt, buffer, buf +++ b/crypt/sha512-crypt.c
@@ -1,5 +1,5 @@
/* One way encryption based on SHA512 sum.
- Copyright (C) 2007, 2009 Free Software Foundation, Inc.
+ Copyright (C) 2007, 2009, 2012 Free Software Foundation, Inc.
This file is part of the GNU C Library.
Contributed by Ulrich Drepper <drepper@redhat.com>, 2007.
@@ -122,6 +122,9 @@ __sha512_crypt_r (key, salt, buffer, buflen)
/* Default number of rounds. */ /* Default number of rounds. */
size_t rounds = ROUNDS_DEFAULT; size_t rounds = ROUNDS_DEFAULT;
bool rounds_custom = false; bool rounds_custom = false;
@ -151,14 +179,14 @@ diff -rup c/crypt/sha512-crypt.c d/crypt/sha512-crypt.c
/* Find beginning of salt string. The prefix should normally always /* Find beginning of salt string. The prefix should normally always
be present. Just in case it is not. */ be present. Just in case it is not. */
@@ -149,7 +152,17 @@ __sha512_crypt_r (key, salt, buffer, buf @@ -148,7 +151,17 @@ __sha512_crypt_r (key, salt, buffer, buflen)
if ((key - (char *) 0) % __alignof__ (uint64_t) != 0) if ((key - (char *) 0) % __alignof__ (uint64_t) != 0)
{ {
- char *tmp = (char *) alloca (key_len + __alignof__ (uint64_t)); - char *tmp = (char *) alloca (key_len + __alignof__ (uint64_t));
+ char *tmp; + char *tmp;
+ +
+ if (__libc_use_alloca (key_len + __alignof__ (uint64_t))) + if (__libc_use_alloca (alloca_used + key_len + __alignof__ (uint64_t)))
+ tmp = alloca_account (key_len + __alignof__ (uint64_t), alloca_used); + tmp = alloca_account (key_len + __alignof__ (uint64_t), alloca_used);
+ else + else
+ { + {
@ -170,7 +198,7 @@ diff -rup c/crypt/sha512-crypt.c d/crypt/sha512-crypt.c
key = copied_key = key = copied_key =
memcpy (tmp + __alignof__ (uint64_t) memcpy (tmp + __alignof__ (uint64_t)
- (tmp - (char *) 0) % __alignof__ (uint64_t), - (tmp - (char *) 0) % __alignof__ (uint64_t),
@@ -171,7 +190,10 @@ __sha512_crypt_r (key, salt, buffer, buf @@ -170,7 +183,10 @@ __sha512_crypt_r (key, salt, buffer, buflen)
/* Initialize libfreebl3. */ /* Initialize libfreebl3. */
NSSLOWInitContext *nss_ictx = NSSLOW_Init (); NSSLOWInitContext *nss_ictx = NSSLOW_Init ();
if (nss_ictx == NULL) if (nss_ictx == NULL)
@ -182,13 +210,11 @@ diff -rup c/crypt/sha512-crypt.c d/crypt/sha512-crypt.c
NSSLOWHASHContext *nss_ctx = NULL; NSSLOWHASHContext *nss_ctx = NULL;
NSSLOWHASHContext *nss_alt_ctx = NULL; NSSLOWHASHContext *nss_alt_ctx = NULL;
#else #else
@@ -233,8 +255,19 @@ __sha512_crypt_r (key, salt, buffer, buf @@ -233,7 +249,18 @@ __sha512_crypt_r (key, salt, buffer, buflen)
/* Finish the digest. */
sha512_finish_ctx (&alt_ctx, nss_alt_ctx, temp_result); sha512_finish_ctx (&alt_ctx, nss_alt_ctx, temp_result);
- /* Create byte sequence P. */ /* Create byte sequence P. */
- cp = p_bytes = alloca (key_len); - cp = p_bytes = alloca (key_len);
+ /* Create byte sequence P. */
+ if (__libc_use_alloca (alloca_used + key_len)) + if (__libc_use_alloca (alloca_used + key_len))
+ cp = p_bytes = (char *) alloca (key_len); + cp = p_bytes = (char *) alloca (key_len);
+ else + else
@ -204,7 +230,7 @@ diff -rup c/crypt/sha512-crypt.c d/crypt/sha512-crypt.c
for (cnt = key_len; cnt >= 64; cnt -= 64) for (cnt = key_len; cnt >= 64; cnt -= 64)
cp = mempcpy (cp, temp_result, 64); cp = mempcpy (cp, temp_result, 64);
memcpy (cp, temp_result, cnt); memcpy (cp, temp_result, cnt);
@@ -374,6 +412,8 @@ __sha512_crypt_r (key, salt, buffer, buf @@ -373,6 +400,8 @@ __sha512_crypt_r (key, salt, buffer, buflen)
if (copied_salt != NULL) if (copied_salt != NULL)
memset (copied_salt, '\0', salt_len); memset (copied_salt, '\0', salt_len);
@ -213,5 +239,3 @@ diff -rup c/crypt/sha512-crypt.c d/crypt/sha512-crypt.c
return buffer; return buffer;
} }