diff --git a/0001-basenc-fix-bug49741-using-wrong-decoding-buffer-leng.patch b/0001-basenc-fix-bug49741-using-wrong-decoding-buffer-leng.patch new file mode 100644 index 0000000000000000000000000000000000000000..bcbc04f194cc3489c6ebad761237482537dbbb6a --- /dev/null +++ b/0001-basenc-fix-bug49741-using-wrong-decoding-buffer-leng.patch @@ -0,0 +1,66 @@ +From 709d1f8253072804cc27189a6f2b873d8d563399 Mon Sep 17 00:00:00 2001 +From: Assaf Gordon +Date: Mon, 16 Aug 2021 15:03:36 -0600 +Subject: [PATCH] basenc: fix bug49741: using wrong decoding buffer length + +Emil Lundberg reports in +https://bugs.gnu.org/49741 about a 'basenc --base64 -d' decoding bug. +The input buffer length was not divisible by 3, resulting in +decoding errors. + +* NEWS: Mention fix. +* src/basenc.c (DEC_BLOCKSIZE): Change from 1024*5 to 4200 (35*3*5*8) +which is divisible by 3,4,5,8 - satisfying both base32 and base64; +Use compile-time verify() macro to enforce the above. +* tests/misc/basenc.pl: Add test. +--- + NEWS | 4 ++++ + src/basenc.c | 4 +++- + tests/misc/basenc.pl | 9 +++++++++ + 3 files changed, 16 insertions(+), 1 deletion(-) + +diff --git a/src/basenc.c b/src/basenc.c +index 19a7b0aad..f4ca87267 100644 +--- a/src/basenc.c ++++ b/src/basenc.c +@@ -214,7 +214,9 @@ verify (DEC_BLOCKSIZE % 12 == 0); /* So complete encoded blocks are used. */ + + /* Note that increasing this may decrease performance if --ignore-garbage + is used, because of the memmove operation below. */ +-# define DEC_BLOCKSIZE (1024*5) ++# define DEC_BLOCKSIZE (4200) ++verify (DEC_BLOCKSIZE % 40 == 0); /* complete encoded blocks for base32 */ ++verify (DEC_BLOCKSIZE % 12 == 0); /* complete encoded blocks for base64 */ + + static int (*base_length) (int i); + static bool (*isbase) (char ch); +diff --git a/tests/misc/basenc.pl b/tests/misc/basenc.pl +index 3383aaeef..ac5394731 100755 +--- a/tests/misc/basenc.pl ++++ b/tests/misc/basenc.pl +@@ -37,6 +37,13 @@ my $base64url_out_nl = $base64url_out; + $base64url_out_nl =~ s/(..)/\1\n/g; # add newline every two characters + + ++# Bug 49741: ++# The input is 'abc' in base64, in an 8K buffer (larger than 1024*5, ++# the buffer size which caused the bug). ++my $base64_bug49741_in = "YWJj" x 2000 ; ++my $base64_bug49741_out = "abc" x 2000 ; ++ ++ + my $base32_in = "\xfd\xd8\x07\xd1\xa5"; + my $base32_out = "7XMAPUNF"; + my $x = $base32_out; +@@ -111,6 +118,8 @@ my @Tests = + ['b64u_7', '--base64url -d', {IN=>$base64_out}, + {EXIT=>1}, {ERR=>"$prog: invalid input\n"}], + ++ ['b64_bug49741', '--base64 -d', {IN=>$base64_bug49741_in}, ++ {OUT=>$base64_bug49741_out}], + + + +-- +2.42.0.windows.2 + diff --git a/coreutils.spec b/coreutils.spec index 94a15e3db4d3e394ca07c88741ae061d5d812707..b93853e2ad13e5b77329488a106eadda1eaedb6a 100644 --- a/coreutils.spec +++ b/coreutils.spec @@ -1,6 +1,6 @@ Name: coreutils Version: 8.32 -Release: 5 +Release: 6 License: GPLv3+ Summary: A set of basic GNU tools commonly used in shell scripts Url: https://www.gnu.org/software/coreutils/ @@ -37,6 +37,7 @@ Patch19: backport-df-fix-duplicated-remote-entries-due-to-bind-mounts.patch Patch20: backport-df-fix-memory-leak.patch Patch21: backport-ls-avoid-triggering-automounts.patch Patch22: backport-stat-only-automount-with-cached-never.patch +Patch23: 0001-basenc-fix-bug49741-using-wrong-decoding-buffer-leng.patch Conflicts: filesystem < 3 # To avoid clobbering installs @@ -155,6 +156,9 @@ fi %{_mandir}/man*/* %changelog +* Mon Nov 27 2023 liningjie - 8.32-6 +- fix baseenc using wrong decoding buffer length + * Fri Oct 21 2022 jiangchuangang - 8.32-5 - backport some patches from upstream