Fix integer overflow in getulong.c (CVE-2016-6252)

Closes: #832170
This commit is contained in:
Balint Reczey
2017-02-24 00:41:23 +01:00
parent 1edacbf29a
commit dd729b3572
2 changed files with 47 additions and 0 deletions
@@ -0,0 +1,46 @@
From 1d5a926cc2d6078d23a96222b1ef3e558724dad1 Mon Sep 17 00:00:00 2001
From: Sebastian Krahmer <krahmer@suse.com>
Date: Wed, 3 Aug 2016 11:51:07 -0500
Subject: [PATCH] Simplify getulong
Use strtoul to read an unsigned long, rather than reading
a signed long long and casting it.
https://bugzilla.suse.com/show_bug.cgi?id=979282
---
lib/getulong.c | 9 +++------
1 file changed, 3 insertions(+), 6 deletions(-)
diff --git a/lib/getulong.c b/lib/getulong.c
index 61579ca..08d2c1a 100644
--- a/lib/getulong.c
+++ b/lib/getulong.c
@@ -44,22 +44,19 @@
*/
int getulong (const char *numstr, /*@out@*/unsigned long int *result)
{
- long long int val;
+ unsigned long int val;
char *endptr;
errno = 0;
- val = strtoll (numstr, &endptr, 0);
+ val = strtoul (numstr, &endptr, 0);
if ( ('\0' == *numstr)
|| ('\0' != *endptr)
|| (ERANGE == errno)
- /*@+ignoresigns@*/
- || (val != (unsigned long int)val)
- /*@=ignoresigns@*/
) {
return 0;
}
- *result = (unsigned long int)val;
+ *result = val;
return 1;
}
--
2.1.4
+1
View File
@@ -5,6 +5,7 @@
503_shadowconfig.8
008_login_log_failure_in_FTMP
301-CVE-2017-2616-su-properly-clear-child-PID.patch
302-CVE-2016-6252-fix-integer-overflow.patch
429_login_FAILLOG_ENAB
401_cppw_src.dpatch
# 402 should be merged in 401, but should be reviewed by SE Linux experts first