ruby-changes:43169
From: nobu <ko1@a...>
Date: Wed, 1 Jun 2016 14:08:01 +0900 (JST)
Subject: [ruby-changes:43169] nobu:r55243 (trunk): crypt_r.c: fix out of bounds access
nobu 2016-06-01 14:07:55 +0900 (Wed, 01 Jun 2016) New Revision: 55243 https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=55243 Log: crypt_r.c: fix out of bounds access * missing/crypt_r.c (a64toi): initialize statically and fix out of bounds access when salt is not 7bit clean. Modified files: trunk/ChangeLog trunk/missing/crypt_r.c Index: missing/crypt_r.c =================================================================== --- missing/crypt_r.c (revision 55242) +++ missing/crypt_r.c (revision 55243) @@ -289,12 +289,25 @@ static const unsigned char CIFP[] = { /* https://github.com/ruby/ruby/blob/trunk/missing/crypt_r.c#L289 static const unsigned char itoa64[] = /* 0..63 => ascii-64 */ "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; +/* table that converts chars "./0-9A-Za-z"to integers 0-63. */ +static const unsigned char a64toi[256] = { +#define A64TOI1(c) \ + ((c) == '.' ? 0 : \ + (c) == '/' ? 1 : \ + ('0' <= (c) && (c) <= '9') ? (c) - '0' + 2 : \ + ('A' <= (c) && (c) <= 'Z') ? (c) - 'A' + 12 : \ + ('a' <= (c) && (c) <= 'z') ? (c) - 'a' + 38 : \ + 0) +#define A64TOI4(base) A64TOI1(base+0), A64TOI1(base+1), A64TOI1(base+2), A64TOI1(base+3) +#define A64TOI16(base) A64TOI4(base+0), A64TOI4(base+4), A64TOI4(base+8), A64TOI4(base+12) +#define A64TOI64(base) A64TOI16(base+0x00), A64TOI16(base+0x10), A64TOI16(base+0x20), A64TOI16(base+0x30) + A64TOI64(0x00), A64TOI64(0x40), + A64TOI64(0x00), A64TOI64(0x40), +}; + /* ===== Tables that are initialized at run time ==================== */ typedef struct { - /* table that converts chars "./0-9A-Za-z"to integers 0-63. */ - unsigned char a64toi[128]; - /* Initial key schedule permutation */ C_block PC1ROT[64/CHUNKBITS][1<<CHUNKBITS]; @@ -317,7 +330,6 @@ static des_tables_t des_tables[1]; https://github.com/ruby/ruby/blob/trunk/missing/crypt_r.c#L330 static const C_block constdatablock; /* encryption constant */ #define des_tables ((const des_tables_t *)des_tables) -#define a64toi (des_tables->a64toi) #define PC1ROT (des_tables->PC1ROT) #define PC2ROT (des_tables->PC2ROT) #define IE3264 (des_tables->IE3264) @@ -603,12 +615,6 @@ init_des(void) https://github.com/ruby/ruby/blob/trunk/missing/crypt_r.c#L615 if (des_tables->ready) return; /* - * table that converts chars "./0-9A-Za-z"to integers 0-63. - */ - for (i = 0; i < 64; i++) - a64toi[itoa64[i]] = i; - - /* * PC1ROT - bit reverse, then PC1, then Rotate, then PC2. */ for (i = 0; i < 64; i++) Index: ChangeLog =================================================================== --- ChangeLog (revision 55242) +++ ChangeLog (revision 55243) @@ -1,3 +1,8 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1 +Wed Jun 1 14:07:53 2016 Nobuyoshi Nakada <nobu@r...> + + * missing/crypt_r.c (a64toi): initialize statically and fix out of + bounds access when salt is not 7bit clean. + Wed Jun 1 11:34:59 2016 NAKAMURA Usaku <usa@r...> * win32/Makefile.sub (MISSING): fixed build error introduced at r55237. -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/