代码拉取完成,页面将自动刷新
Fork 仓库
加载中
确定同步?
同步操作将从 src-openEuler/systemd 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
backport-CVE-2022-4415-basic-add-STRERROR-wrapper-for-strerror_r.patch
3.65 KB
胡宇彪
提交于
2022-12-28 09:50
.
fix CVE-2022-4415
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102
From 2c5d05b3cd986568105d67891e4010b868dea24f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Fri, 7 Oct 2022 12:28:31 +0200
Subject: [PATCH] basic: add STRERROR() wrapper for strerror_r()
Conflict:Modify the content in meson.build.
Reference:https://github.com/systemd/systemd/commit/2c5d05b3cd986568105d67891e4010b868dea24f
---
src/basic/errno-util.h | 10 +++++++++
src/test/meson.build | 2 ++
src/test/test-errno-util.c | 44 ++++++++++++++++++++++++++++++++++++++
3 files changed, 56 insertions(+)
create mode 100644 src/test/test-errno-util.c
diff --git a/src/basic/errno-util.h b/src/basic/errno-util.h
index a71864ca60..f0d24d95cb 100644
--- a/src/basic/errno-util.h
+++ b/src/basic/errno-util.h
@@ -6,6 +6,16 @@
#include "macro.h"
+/* strerror(3) says that glibc uses a maximum length of 1024 bytes. */
+#define ERRNO_BUF_LEN 1024
+
+/* Note: the lifetime of the compound literal is the immediately surrounding block,
+ * see C11 §6.5.2.5, and
+ * https://stackoverflow.com/questions/34880638/compound-literal-lifetime-and-if-blocks
+ *
+ * Note that we use the GNU variant of strerror_r() here. */
+#define STRERROR(errnum) strerror_r(abs(errnum), (char[ERRNO_BUF_LEN]){}, ERRNO_BUF_LEN)
+
static inline void _reset_errno_(int *saved_errno) {
if (*saved_errno < 0) /* Invalidated by UNPROTECT_ERRNO? */
return;
diff --git a/src/test/meson.build b/src/test/meson.build
index 31ac149b96..86fc1d4fc0 100644
--- a/src/test/meson.build
+++ b/src/test/meson.build
@@ -615,6 +615,8 @@ tests += [
[['src/test/test-arphrd-list.c',
generated_gperf_headers]],
+ [['src/test/test-errno-util.c']],
+
[['src/test/test-ip-protocol-list.c',
shared_generated_gperf_headers]],
diff --git a/src/test/test-errno-util.c b/src/test/test-errno-util.c
new file mode 100644
index 0000000000..284f451002
--- /dev/null
+++ b/src/test/test-errno-util.c
@@ -0,0 +1,44 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+
+#include "errno-util.h"
+#include "stdio-util.h"
+#include "string-util.h"
+#include "tests.h"
+
+TEST(strerror_not_threadsafe) {
+ /* Just check that strerror really is not thread-safe. */
+ log_info("strerror(%d) → %s", 200, strerror(200));
+ log_info("strerror(%d) → %s", 201, strerror(201));
+ log_info("strerror(%d) → %s", INT_MAX, strerror(INT_MAX));
+
+ log_info("strerror(%d), strerror(%d) → %p, %p", 200, 201, strerror(200), strerror(201));
+
+ /* This call is not allowed, because the first returned string becomes invalid when
+ * we call strerror the second time:
+ *
+ * log_info("strerror(%d), strerror(%d) → %s, %s", 200, 201, strerror(200), strerror(201));
+ */
+}
+
+TEST(STRERROR) {
+ /* Just check that STRERROR really is thread-safe. */
+ log_info("STRERROR(%d) → %s", 200, STRERROR(200));
+ log_info("STRERROR(%d) → %s", 201, STRERROR(201));
+ log_info("STRERROR(%d), STRERROR(%d) → %s, %s", 200, 201, STRERROR(200), STRERROR(201));
+
+ const char *a = STRERROR(200), *b = STRERROR(201);
+ assert_se(strstr(a, "200"));
+ assert_se(strstr(b, "201"));
+
+ /* Check with negative values */
+ assert_se(streq(a, STRERROR(-200)));
+ assert_se(streq(b, STRERROR(-201)));
+
+ const char *c = STRERROR(INT_MAX);
+ char buf[DECIMAL_STR_MAX(int)];
+ xsprintf(buf, "%d", INT_MAX); /* INT_MAX is hexadecimal, use printf to convert to decimal */
+ log_info("STRERROR(%d) → %s", INT_MAX, c);
+ assert_se(strstr(c, buf));
+}
+
+DEFINE_TEST_MAIN(LOG_INFO);
--
2.33.0
举报
请认真填写举报原因,尽可能描述详细。
请选择举报类型
误判申诉
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化