summaryrefslogtreecommitdiff
path: root/Fix-CVE-2020-27618-iconv-Accept-redundant-shift-sequences.patch
diff options
context:
space:
mode:
Diffstat (limited to 'Fix-CVE-2020-27618-iconv-Accept-redundant-shift-sequences.patch')
-rw-r--r--Fix-CVE-2020-27618-iconv-Accept-redundant-shift-sequences.patch56
1 files changed, 56 insertions, 0 deletions
diff --git a/Fix-CVE-2020-27618-iconv-Accept-redundant-shift-sequences.patch b/Fix-CVE-2020-27618-iconv-Accept-redundant-shift-sequences.patch
new file mode 100644
index 0000000..c26139f
--- /dev/null
+++ b/Fix-CVE-2020-27618-iconv-Accept-redundant-shift-sequences.patch
@@ -0,0 +1,56 @@
+From 9a99c682144bdbd40792ebf822fe9264e0376fb5 Mon Sep 17 00:00:00 2001
+From: Arjun Shankar <arjun@redhat.com>
+Date: Wed, 4 Nov 2020 12:19:38 +0100
+Subject: [PATCH] iconv: Accept redundant shift sequences in IBM1364 [BZ
+ #26224]
+
+The IBM1364, IBM1371, IBM1388, IBM1390 and IBM1399 character sets
+share converter logic (iconvdata/ibm1364.c) which would reject
+redundant shift sequences when processing input in these character
+sets. This led to a hang in the iconv program (CVE-2020-27618).
+
+This commit adjusts the converter to ignore redundant shift sequences
+and adds test cases for iconv_prog hangs that would be triggered upon
+their rejection. This brings the implementation in line with other
+converters that also ignore redundant shift sequences (e.g. IBM930
+etc., fixed in commit 692de4b3960d).
+
+Reviewed-by: Carlos O'Donell <carlos@redhat.com>
+---
+ iconvdata/ibm1364.c | 14 ++------------
+ 1 files changed, 2 insertions(+), 12 deletions(-)
+
+diff --git a/iconvdata/ibm1364.c b/iconvdata/ibm1364.c
+index 49e7267ab45..521f0825b7f 100644
+--- a/iconvdata/ibm1364.c
++++ b/iconvdata/ibm1364.c
+@@ -158,24 +158,14 @@ enum
+ \
+ if (__builtin_expect (ch, 0) == SO) \
+ { \
+- /* Shift OUT, change to DBCS converter. */ \
+- if (curcs == db) \
+- { \
+- result = __GCONV_ILLEGAL_INPUT; \
+- break; \
+- } \
++ /* Shift OUT, change to DBCS converter (redundant escape okay). */ \
+ curcs = db; \
+ ++inptr; \
+ continue; \
+ } \
+ if (__builtin_expect (ch, 0) == SI) \
+ { \
+- /* Shift IN, change to SBCS converter. */ \
+- if (curcs == sb) \
+- { \
+- result = __GCONV_ILLEGAL_INPUT; \
+- break; \
+- } \
++ /* Shift IN, change to SBCS converter (redundant escape okay). */ \
+ curcs = sb; \
+ ++inptr; \
+ continue; \
+--
+2.25.1
+
generated by cgit v1.2.3 (git 2.25.1) at 2026-03-07 15:33:11 +0000