r2338 - trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches
Simon Horman
horms@costa.debian.org
Fri, 21 Jan 2005 09:53:08 +0100
Author: horms
Date: 2005-01-21 09:53:07 +0100 (Fri, 21 Jan 2005)
New Revision: 2338
Added:
trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/133_strncpy_zero_pad.diff
Log:
adding missing file
Added: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/133_strncpy_zero_pad.diff
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/133_strncpy_zero_pad.diff 2005-01-21 08:46:21 UTC (rev 2337)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/133_strncpy_zero_pad.diff 2005-01-21 08:53:07 UTC (rev 2338)
@@ -0,0 +1,106 @@
+# origin: Red Hat kernel .src.rpm 27.0.1.EL
+# cset: n/a
+# inclusion: not upstream, unlikely to be included
+# descrition: Make sure strncpy null terminates strings. (CAN-2003-0465)
+# Fix for s390x, ppc64 and s390. mips and alpha are still unfixed
+# revision date: Tue, 18 Jan 2005 17:13:32 +0900
+# N.B: This bug appears to be minor at best - Horms
+# http://marc.theaimsgroup.com/?l=linux-kernel&m=105796021120436&w=2
+#
+diff -urNp linux-900/arch/ppc64/boot/string.S linux-910/arch/ppc64/boot/string.S
+--- linux-900/arch/ppc64/boot/string.S
++++ linux-910/arch/ppc64/boot/string.S
+@@ -33,6 +33,11 @@ strncpy:
+ cmpwi 0,r0,0
+ stbu r0,1(r6)
+ bdnzf 2,1b /* dec ctr, branch if ctr != 0 && !cr0.eq */
++ mfctr r5
++ cmpwi 0,r5,0
++ beqlr /* return if dest string exhausted */
++2: stbu r0,1(r6) /* store null pad in dest string */
++ bdnz 2b
+ blr
+
+ .globl strcat
+diff -urNp linux-900/arch/ppc64/lib/string.S linux-910/arch/ppc64/lib/string.S
+--- linux-900/arch/ppc64/lib/string.S
++++ linux-910/arch/ppc64/lib/string.S
+@@ -31,6 +31,11 @@ _GLOBAL(strncpy)
+ cmpwi 0,r0,0
+ stbu r0,1(r6)
+ bdnzf 2,1b /* dec ctr, branch if ctr != 0 && !cr0.eq */
++ mfctr r5
++ cmpwi 0,r5,0
++ beqlr /* return if dest string exhausted */
++2: stbu r0,1(r6) /* store null pad in dest string */
++ bdnz 2b
+ blr
+
+ _GLOBAL(strcat)
+diff -urNp linux-900/arch/s390/lib/strncpy.S linux-910/arch/s390/lib/strncpy.S
+--- linux-900/arch/s390/lib/strncpy.S
++++ linux-910/arch/s390/lib/strncpy.S
+@@ -23,8 +23,13 @@ strncpy_loop:
+ LA 3,1(3)
+ STC 0,0(1)
+ LA 1,1(1)
+- JZ strncpy_exit # ICM inserted a 0x00
++ JZ strncpy_pad # ICM inserted a 0x00
+ BRCT 4,strncpy_loop # R4 -= 1, jump to strncpy_loop if > 0
+ strncpy_exit:
+ BR 14
+-
++strncpy_clear:
++ STC 0,0(1)
++ LA 1,1(1)
++strncpy_pad:
++ BRCT 4,strncpy_clear
++ BR 14
+diff -urNp linux-900/arch/s390x/lib/strncpy.S linux-910/arch/s390x/lib/strncpy.S
+--- linux-900/arch/s390x/lib/strncpy.S
++++ linux-910/arch/s390x/lib/strncpy.S
+@@ -23,8 +23,13 @@ strncpy_loop:
+ LA 3,1(3)
+ STC 0,0(1)
+ LA 1,1(1)
+- JZ strncpy_exit # ICM inserted a 0x00
++ JZ strncpy_pad # ICM inserted a 0x00
+ BRCTG 4,strncpy_loop # R4 -= 1, jump to strncpy_loop if > 0
+ strncpy_exit:
+ BR 14
+-
++strncpy_clear:
++ STC 0,0(1)
++ LA 1,1(1)
++strncpy_pad:
++ BRCTG 4,strncpy_clear
++ BR 14
+diff -urNp linux-900/lib/string.c linux-910/lib/string.c
+--- linux-900/lib/string.c
++++ linux-910/lib/string.c
+@@ -77,18 +77,19 @@ char * strcpy(char * dest,const char *sr
+ * @src: Where to copy the string from
+ * @count: The maximum number of bytes to copy
+ *
+- * Note that unlike userspace strncpy, this does not %NUL-pad the buffer.
+- * However, the result is not %NUL-terminated if the source exceeds
++ * The result is not %NUL-terminated if the source exceeds
+ * @count bytes.
+ */
+ char * strncpy(char * dest,const char *src,size_t count)
+ {
+ char *tmp = dest;
+
+- while (count-- && (*dest++ = *src++) != '\0')
+- /* nothing */;
+-
+- return tmp;
++ while (count) {
++ if ((*tmp = *src) != 0) src++;
++ tmp++;
++ count--;
++ }
++ return dest;
+ }
+ #endif
+