[前][次][番号順一覧][スレッド一覧]

ruby-changes:43169

From: nobu <ko1@a...>
Date: Wed, 1 Jun 2016 14:08:01 +0900 (JST)
Subject: [ruby-changes:43169] nobu:r55243 (trunk): crypt_r.c: fix out of bounds access

nobu	2016-06-01 14:07:55 +0900 (Wed, 01 Jun 2016)

  New Revision: 55243

  https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=55243

  Log:
    crypt_r.c: fix out of bounds access
    
    * missing/crypt_r.c (a64toi): initialize statically and fix out of
      bounds access when salt is not 7bit clean.

  Modified files:
    trunk/ChangeLog
    trunk/missing/crypt_r.c
Index: missing/crypt_r.c
===================================================================
--- missing/crypt_r.c	(revision 55242)
+++ missing/crypt_r.c	(revision 55243)
@@ -289,12 +289,25 @@ static const unsigned char CIFP[] = {	/* https://github.com/ruby/ruby/blob/trunk/missing/crypt_r.c#L289
 static const unsigned char itoa64[] =	/* 0..63 => ascii-64 */
 	"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
 
+/* table that converts chars "./0-9A-Za-z"to integers 0-63. */
+static const unsigned char a64toi[256] = {
+#define A64TOI1(c) \
+	((c) == '.' ? 0 :						\
+	 (c) == '/' ? 1 :						\
+	 ('0' <= (c) && (c) <= '9') ? (c) - '0' + 2 :			\
+	 ('A' <= (c) && (c) <= 'Z') ? (c) - 'A' + 12 :			\
+	 ('a' <= (c) && (c) <= 'z') ? (c) - 'a' + 38 :			\
+	 0)
+#define A64TOI4(base) A64TOI1(base+0), A64TOI1(base+1), A64TOI1(base+2), A64TOI1(base+3)
+#define A64TOI16(base) A64TOI4(base+0), A64TOI4(base+4), A64TOI4(base+8), A64TOI4(base+12)
+#define A64TOI64(base) A64TOI16(base+0x00), A64TOI16(base+0x10), A64TOI16(base+0x20), A64TOI16(base+0x30)
+	A64TOI64(0x00), A64TOI64(0x40),
+	A64TOI64(0x00), A64TOI64(0x40),
+};
+
 /* =====  Tables that are initialized at run time  ==================== */
 
 typedef struct {
-	/* table that converts chars "./0-9A-Za-z"to integers 0-63. */
-	unsigned char a64toi[128];
-
 	/* Initial key schedule permutation */
 	C_block	PC1ROT[64/CHUNKBITS][1<<CHUNKBITS];
 
@@ -317,7 +330,6 @@ static des_tables_t des_tables[1]; https://github.com/ruby/ruby/blob/trunk/missing/crypt_r.c#L330
 static const C_block	constdatablock;	/* encryption constant */
 
 #define des_tables	((const des_tables_t *)des_tables)
-#define a64toi		(des_tables->a64toi)
 #define PC1ROT		(des_tables->PC1ROT)
 #define PC2ROT		(des_tables->PC2ROT)
 #define IE3264		(des_tables->IE3264)
@@ -603,12 +615,6 @@ init_des(void) https://github.com/ruby/ruby/blob/trunk/missing/crypt_r.c#L615
 	if (des_tables->ready) return;
 
 	/*
-	 * table that converts chars "./0-9A-Za-z"to integers 0-63.
-	 */
-	for (i = 0; i < 64; i++)
-		a64toi[itoa64[i]] = i;
-
-	/*
 	 * PC1ROT - bit reverse, then PC1, then Rotate, then PC2.
 	 */
 	for (i = 0; i < 64; i++)
Index: ChangeLog
===================================================================
--- ChangeLog	(revision 55242)
+++ ChangeLog	(revision 55243)
@@ -1,3 +1,8 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1
+Wed Jun  1 14:07:53 2016  Nobuyoshi Nakada  <nobu@r...>
+
+	* missing/crypt_r.c (a64toi): initialize statically and fix out of
+	  bounds access when salt is not 7bit clean.
+
 Wed Jun  1 11:34:59 2016  NAKAMURA Usaku  <usa@r...>
 
 	* win32/Makefile.sub (MISSING): fixed build error introduced at r55237.

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]