posix: Sync glob with gnulib [BZ #1062]

This patch syncs posix/glob.c implementation with gnulib version
b5ec983 (glob: simplify symlink detection).  The only difference
to gnulib code is

  * DT_UNKNOWN, DT_DIR, and DT_LNK definition in the case there
    were not already defined.  Gnulib code which uses
    HAVE_STRUCT_DIRENT_D_TYPE will redefine them wrongly because
    GLIBC does not define HAVE_STRUCT_DIRENT_D_TYPE.  Instead
    the patch check for each definition instead.

Also, the patch requires additional globfree and globfree64 files
for compatibility version on some architectures.  Also the code
simplification leads to not macro simplification (not need for
NO_GLOB_PATTERN_P anymore).

Checked on x86_64-linux-gnu and on a build using build-many-glibcs.py
for all major architectures.

	[BZ #1062]
	* posix/Makefile (routines): Add globfree, globfree64, and
	glob_pattern_p.
	* posix/flexmember.h: New file.
	* posix/glob_internal.h: Likewise.
	* posix/glob_pattern_p.c: Likewise.
	* posix/globfree.c: Likewise.
	* posix/globfree64.c: Likewise.
	* sysdeps/gnu/globfree64.c: Likewise.
	* sysdeps/unix/sysv/linux/alpha/globfree.c: Likewise.
	* sysdeps/unix/sysv/linux/mips/mips64/n64/globfree64.c: Likewise.
	* sysdeps/unix/sysv/linux/oldglob.c: Likewise.
	* sysdeps/unix/sysv/linux/wordsize-64/globfree64.c: Likewise.
	* sysdeps/unix/sysv/linux/x86_64/x32/globfree.c: Likewise.
	* sysdeps/wordsize-64/globfree.c: Likewise.
	* sysdeps/wordsize-64/globfree64.c: Likewise.
	* posix/glob.c (HAVE_CONFIG_H): Use !_LIBC instead.
	[NDEBUG): Remove comments.
	(GLOB_ONLY_P, _AMIGA, VMS): Remove define.
	(dirent_type): New type.  Use uint_fast8_t not
	uint8_t, as C99 does not require uint8_t.
	(DT_UNKNOWN, DT_DIR, DT_LNK): New macros.
	(struct readdir_result): Use dirent_type.  Do not define skip_entry
	unless it is needed; this saves a byte on platforms lacking d_ino.
	(readdir_result_type, readdir_result_skip_entry):
	New functions, replacing ...
	(readdir_result_might_be_symlink, readdir_result_might_be_dir):
	 these functions, which were removed.  This makes the callers
	easier to read.  All callers changed.
	(D_INO_TO_RESULT): Now empty if there is no d_ino.
	(size_add_wrapv, glob_use_alloca): New static functions.
	(glob, glob_in_dir): Check for size_t overflow in several places,
	and fix some size_t checks that were not quite right.
	Remove old code using SHELL since Bash no longer
	uses this.
	(glob, prefix_array): Separate MS code better.
	(glob_in_dir): Remove old Amiga and VMS code.
	(globfree, __glob_pattern_type, __glob_pattern_p): Move to
	separate files.
	(glob_in_dir): Do not rely on undefined behavior in accessing
	struct members beyond their bounds.  Use a flexible array member
	instead
	(link_stat): Rename from link_exists2_p and return -1/0 instead of
	0/1.  Caller changed.
	(glob): Fix memory leaks.
	* posix/glob64 (globfree64): Move to separate file.
	* sysdeps/gnu/glob64.c (NO_GLOB_PATTERN_P): Remove define.
	(globfree64): Remove hidden alias.
	* sysdeps/unix/sysv/linux/Makefile (sysdeps_routines): Add
	oldglob.
	* sysdeps/unix/sysv/linux/alpha/glob.c (__new_globfree): Move to
	separate file.
	* sysdeps/unix/sysv/linux/i386/glob64.c (NO_GLOB_PATTERN_P): Remove
	define.
	Move compat code to separate file.
	* sysdeps/wordsize-64/glob.c (globfree): Move definitions to
	separate file.

(cherry picked from commit c66c908230)
This commit is contained in:
Adhemerval Zanella 2017-10-20 19:36:33 +02:00 committed by Florian Weimer
parent c96d7a646b
commit 305f4f057d
23 changed files with 742 additions and 459 deletions

View File

@ -1,3 +1,65 @@
2017-09-08 Adhemerval Zanella <adhemerval.zanella@linaro.org>
[BZ #1062]
[BZ #22325]
CVE-2017-15671
* posix/Makefile (routines): Add globfree, globfree64, and
glob_pattern_p.
* posix/flexmember.h: New file.
* posix/glob_internal.h: Likewise.
* posix/glob_pattern_p.c: Likewise.
* posix/globfree.c: Likewise.
* posix/globfree64.c: Likewise.
* sysdeps/gnu/globfree64.c: Likewise.
* sysdeps/unix/sysv/linux/alpha/globfree.c: Likewise.
* sysdeps/unix/sysv/linux/mips/mips64/n64/globfree64.c: Likewise.
* sysdeps/unix/sysv/linux/oldglob.c: Likewise.
* sysdeps/unix/sysv/linux/wordsize-64/globfree64.c: Likewise.
* sysdeps/unix/sysv/linux/x86_64/x32/globfree.c: Likewise.
* sysdeps/wordsize-64/globfree.c: Likewise.
* sysdeps/wordsize-64/globfree64.c: Likewise.
* posix/glob.c (HAVE_CONFIG_H): Use !_LIBC instead.
[NDEBUG): Remove comments.
(GLOB_ONLY_P, _AMIGA, VMS): Remove define.
(dirent_type): New type. Use uint_fast8_t not
uint8_t, as C99 does not require uint8_t.
(DT_UNKNOWN, DT_DIR, DT_LNK): New macros.
(struct readdir_result): Use dirent_type. Do not define skip_entry
unless it is needed; this saves a byte on platforms lacking d_ino.
(readdir_result_type, readdir_result_skip_entry):
New functions, replacing ...
(readdir_result_might_be_symlink, readdir_result_might_be_dir):
these functions, which were removed. This makes the callers
easier to read. All callers changed.
(D_INO_TO_RESULT): Now empty if there is no d_ino.
(size_add_wrapv, glob_use_alloca): New static functions.
(glob, glob_in_dir): Check for size_t overflow in several places,
and fix some size_t checks that were not quite right.
Remove old code using SHELL since Bash no longer
uses this.
(glob, prefix_array): Separate MS code better.
(glob_in_dir): Remove old Amiga and VMS code.
(globfree, __glob_pattern_type, __glob_pattern_p): Move to
separate files.
(glob_in_dir): Do not rely on undefined behavior in accessing
struct members beyond their bounds. Use a flexible array member
instead
(link_stat): Rename from link_exists2_p and return -1/0 instead of
0/1. Caller changed.
(glob): Fix memory leaks.
* posix/glob64 (globfree64): Move to separate file.
* sysdeps/gnu/glob64.c (NO_GLOB_PATTERN_P): Remove define.
(globfree64): Remove hidden alias.
* sysdeps/unix/sysv/linux/Makefile (sysdeps_routines): Add
oldglob.
* sysdeps/unix/sysv/linux/alpha/glob.c (__new_globfree): Move to
separate file.
* sysdeps/unix/sysv/linux/i386/glob64.c (NO_GLOB_PATTERN_P): Remove
define.
Move compat code to separate file.
* sysdeps/wordsize-64/glob.c (globfree): Move definitions to
separate file.
2017-08-20 H.J. Lu <hongjiu.lu@intel.com>
[BZ #18822]

1
NEWS
View File

@ -39,6 +39,7 @@ The following bugs are resolved with this release:
[22225] math: nearbyint arithmetic moved before feholdexcept
[22235] Add C++ versions of iscanonical for ldbl-96 and ldbl-128ibm
[22321] sysconf: Fix missing definition of UIO_MAXIOV on Linux
[22325] glibc: Memory leak in glob with GLOB_TILDE (CVE-2017-15671)
Version 2.26

View File

@ -45,7 +45,7 @@ routines := \
getpgid setpgid getpgrp bsd-getpgrp setpgrp getsid setsid \
getresuid getresgid setresuid setresgid \
pathconf sysconf fpathconf \
glob glob64 fnmatch regex \
glob glob64 globfree globfree64 glob_pattern_p fnmatch regex \
confstr \
getopt getopt1 \
sched_setp sched_getp sched_sets sched_gets sched_yield sched_primax \

45
posix/flexmember.h Normal file
View File

@ -0,0 +1,45 @@
/* Sizes of structs with flexible array members.
Copyright 2016-2017 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
The GNU C Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with the GNU C Library; if not, see
<http://www.gnu.org/licenses/>.
Written by Paul Eggert. */
#include <stddef.h>
/* Nonzero multiple of alignment of TYPE, suitable for FLEXSIZEOF below.
On older platforms without _Alignof, use a pessimistic bound that is
safe in practice even if FLEXIBLE_ARRAY_MEMBER is 1.
On newer platforms, use _Alignof to get a tighter bound. */
#if !defined __STDC_VERSION__ || __STDC_VERSION__ < 201112
# define FLEXALIGNOF(type) (sizeof (type) & ~ (sizeof (type) - 1))
#else
# define FLEXALIGNOF(type) _Alignof (type)
#endif
/* Upper bound on the size of a struct of type TYPE with a flexible
array member named MEMBER that is followed by N bytes of other data.
This is not simply sizeof (TYPE) + N, since it may require
alignment on unusually picky C11 platforms, and
FLEXIBLE_ARRAY_MEMBER may be 1 on pre-C11 platforms.
Yield a value less than N if and only if arithmetic overflow occurs. */
#define FLEXSIZEOF(type, member, n) \
((offsetof (type, member) + FLEXALIGNOF (type) - 1 + (n)) \
& ~ (FLEXALIGNOF (type) - 1))

File diff suppressed because it is too large Load Diff

View File

@ -43,10 +43,4 @@ glob64 (const char *pattern, int flags,
}
libc_hidden_def (glob64)
void
globfree64 (glob64_t *pglob)
{
}
libc_hidden_def (globfree64)
stub_warning (glob64)

57
posix/glob_internal.h Normal file
View File

@ -0,0 +1,57 @@
/* Shared definition for glob and glob_pattern_p.
Copyright (C) 2017 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
The GNU C Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with the GNU C Library; if not, see
<http://www.gnu.org/licenses/>. */
#ifndef GLOB_INTERNAL_H
# define GLOB_INTERNAL_H
static inline int
__glob_pattern_type (const char *pattern, int quote)
{
const char *p;
int ret = 0;
for (p = pattern; *p != '\0'; ++p)
switch (*p)
{
case '?':
case '*':
return 1;
case '\\':
if (quote)
{
if (p[1] != '\0')
++p;
ret |= 2;
}
break;
case '[':
ret |= 4;
break;
case ']':
if (ret & 4)
return 1;
break;
}
return ret;
}
#endif /* GLOB_INTERNAL_H */

33
posix/glob_pattern_p.c Normal file
View File

@ -0,0 +1,33 @@
/* Return nonzero if PATTERN contains any metacharacters.
Copyright (C) 2017 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
The GNU C Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with the GNU C Library; if not, see
<http://www.gnu.org/licenses/>. */
#ifndef _LIBC
# include <config.h>
#endif
#include <glob.h>
#include "glob_internal.h"
/* Return nonzero if PATTERN contains any metacharacters.
Metacharacters can be quoted with backslashes if QUOTE is nonzero. */
int
__glob_pattern_p (const char *pattern, int quote)
{
return __glob_pattern_type (pattern, quote) == 1;
}
weak_alias (__glob_pattern_p, glob_pattern_p)

41
posix/globfree.c Normal file
View File

@ -0,0 +1,41 @@
/* Frees the dynamically allocated storage from an earlier call to glob.
Copyright (C) 2017 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
The GNU C Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with the GNU C Library; if not, see
<http://www.gnu.org/licenses/>. */
#ifndef _LIBC
# include <config.h>
#endif
#include <glob.h>
#include <stdlib.h>
/* Free storage allocated in PGLOB by a previous `glob' call. */
void
globfree (glob_t *pglob)
{
if (pglob->gl_pathv != NULL)
{
size_t i;
for (i = 0; i < pglob->gl_pathc; ++i)
free (pglob->gl_pathv[pglob->gl_offs + i]);
free (pglob->gl_pathv);
pglob->gl_pathv = NULL;
}
}
#ifndef globfree
libc_hidden_def (globfree)
#endif

31
posix/globfree64.c Normal file
View File

@ -0,0 +1,31 @@
/* Frees the dynamically allocated storage from an earlier call to glob.
Copyright (C) 2017 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
The GNU C Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with the GNU C Library; if not, see
<http://www.gnu.org/licenses/>. */
#ifndef _LIBC
# include <config.h>
#endif
#include <glob.h>
#include <stdlib.h>
/* Free storage allocated in PGLOB by a previous `glob' call. */
void
globfree64 (glob64_t *pglob)
{
}
libc_hidden_def (globfree64)

View File

@ -15,11 +15,8 @@
#undef __stat
#define __stat(file, buf) __xstat64 (_STAT_VER, file, buf)
#define NO_GLOB_PATTERN_P 1
#define COMPILE_GLOB64 1
#include <posix/glob.c>
libc_hidden_def (glob64)
libc_hidden_def (globfree64)

10
sysdeps/gnu/globfree64.c Normal file
View File

@ -0,0 +1,10 @@
#include <dirent.h>
#include <glob.h>
#include <sys/stat.h>
#define glob_t glob64_t
#define globfree(pglob) globfree64 (pglob)
#include <posix/globfree.c>
libc_hidden_def (globfree64)

View File

@ -166,7 +166,7 @@ endif
ifeq ($(subdir),posix)
sysdep_headers += bits/initspin.h
sysdep_routines += sched_getcpu
sysdep_routines += sched_getcpu oldglob
tests += tst-affinity tst-affinity-pid

View File

@ -42,10 +42,6 @@ extern void __new_globfree (glob_t *__pglob);
#undef globfree64
versioned_symbol (libc, __new_glob, glob, GLIBC_2_1);
versioned_symbol (libc, __new_globfree, globfree, GLIBC_2_1);
libc_hidden_ver (__new_glob, glob)
libc_hidden_ver (__new_globfree, globfree)
weak_alias (__new_glob, glob64)
weak_alias (__new_globfree, globfree64)
libc_hidden_ver (__new_globfree, globfree64)

View File

@ -0,0 +1,37 @@
/* Compat globfree. Linux/alpha version.
Copyright (C) 2017 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
The GNU C Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with the GNU C Library. If not, see
<http://www.gnu.org/licenses/>. */
#define globfree64 __no_globfree64_decl
#include <sys/types.h>
#include <glob.h>
#include <shlib-compat.h>
#define globfree(pglob) \
__new_globfree (pglob)
extern void __new_globfree (glob_t *__pglob);
#include <posix/globfree.c>
#undef globfree64
versioned_symbol (libc, __new_globfree, globfree, GLIBC_2_1);
libc_hidden_ver (__new_globfree, globfree)
weak_alias (__new_globfree, globfree64)
libc_hidden_ver (__new_globfree, globfree64)

View File

@ -19,6 +19,7 @@
#include <dirent.h>
#include <glob.h>
#include <sys/stat.h>
#include <shlib-compat.h>
#define dirent dirent64
#define __readdir(dirp) __readdir64 (dirp)
@ -33,47 +34,9 @@
#undef __stat
#define __stat(file, buf) __xstat64 (_STAT_VER, file, buf)
#define NO_GLOB_PATTERN_P 1
#define COMPILE_GLOB64 1
#include <posix/glob.c>
#include "shlib-compat.h"
libc_hidden_def (globfree64)
versioned_symbol (libc, __glob64, glob64, GLIBC_2_2);
libc_hidden_ver (__glob64, glob64)
#if SHLIB_COMPAT(libc, GLIBC_2_1, GLIBC_2_2)
#include <sysdeps/unix/sysv/linux/i386/olddirent.h>
int __old_glob64 (const char *__pattern, int __flags,
int (*__errfunc) (const char *, int),
glob64_t *__pglob);
libc_hidden_proto (__old_glob64);
#undef dirent
#define dirent __old_dirent64
#undef GL_READDIR
# define GL_READDIR(pglob, stream) \
((struct __old_dirent64 *) (pglob)->gl_readdir (stream))
#undef __readdir
#define __readdir(dirp) __old_readdir64 (dirp)
#undef glob
#define glob(pattern, flags, errfunc, pglob) \
__old_glob64 (pattern, flags, errfunc, pglob)
#define convert_dirent __old_convert_dirent
#define glob_in_dir __old_glob_in_dir
#define GLOB_ATTRIBUTE attribute_compat_text_section
#define GLOB_ONLY_P 1
#include <posix/glob.c>
libc_hidden_def (__old_glob64);
compat_symbol (libc, __old_glob64, glob64, GLIBC_2_1);
#endif

View File

@ -0,0 +1 @@
/* glob64 is in globfree64.c */

View File

@ -0,0 +1,42 @@
#include <shlib-compat.h>
#if SHLIB_COMPAT(libc, GLIBC_2_1, GLIBC_2_2)
#include <dirent.h>
#include <glob.h>
#include <sys/stat.h>
#include <sysdeps/unix/sysv/linux/i386/olddirent.h>
int __old_glob64 (const char *__pattern, int __flags,
int (*__errfunc) (const char *, int),
glob64_t *__pglob);
libc_hidden_proto (__old_glob64);
#define dirent __old_dirent64
#define GL_READDIR(pglob, stream) \
((struct __old_dirent64 *) (pglob)->gl_readdir (stream))
#undef __readdir
#define __readdir(dirp) __old_readdir64 (dirp)
#define glob_t glob64_t
#define glob(pattern, flags, errfunc, pglob) \
__old_glob64 (pattern, flags, errfunc, pglob)
#define globfree(pglob) globfree64(pglob)
#define convert_dirent __old_convert_dirent
#define glob_in_dir __old_glob_in_dir
#undef stat
#define stat stat64
#undef __stat
#define __stat(file, buf) __xstat64 (_STAT_VER, file, buf)
#define GLOB_ATTRIBUTE attribute_compat_text_section
#include <posix/glob.c>
libc_hidden_def (__old_glob64);
compat_symbol (libc, __old_glob64, glob64, GLIBC_2_1);
#endif

View File

@ -0,0 +1,2 @@
/* This file is here so sysdeps/gnu/glob64.c doesn't take precedence. */
#include <sysdeps/wordsize-64/globfree64.c>

View File

@ -0,0 +1 @@
#include <sysdeps/wordsize-64/globfree.c>

View File

@ -4,5 +4,3 @@
#undef glob64
#undef globfree64
weak_alias (glob, glob64)
weak_alias (globfree, globfree64)
libc_hidden_ver (globfree, globfree64)

View File

@ -0,0 +1,5 @@
#define globfree64 __no_globfree64_decl
#include <posix/globfree.c>
#undef globfree64
weak_alias (globfree, globfree64)
libc_hidden_ver (globfree, globfree64)

View File

@ -0,0 +1 @@
/* globfree64 is in globfree.c */