Commit `8a3aebaee0`

Alex Rønne Petersen <alex@alexrp.com>

2025-02-14 00:50:16

musl: Apply Rich Felker's CVE-2025-26519 mitigation patches.

https://www.openwall.com/lists/oss-security/2025/02/13/2 Closes #22883.

master

1 parent 462d261

Changed files (1)

lib

libc

musl

src

locale

iconv.c

@@ -495,7 +495,7 @@ size_t iconv(iconv_t cd, char **restrict in, size_t *restrict inb, char **restri
 			if (c >= 93 || d >= 94) {
 				c += (0xa1-0x81);
 				d += 0xa1;
-				if (c >= 93 || c>=0xc6-0x81 && d>0x52)
+				if (c > 0xc6-0x81 || c==0xc6-0x81 && d>0x52)
 					goto ilseq;
 				if (d-'A'<26) d = d-'A';
 				else if (d-'a'<26) d = d-'a'+26;
@@ -538,6 +538,10 @@ size_t iconv(iconv_t cd, char **restrict in, size_t *restrict inb, char **restri
 				if (*outb < k) goto toobig;
 				memcpy(*out, tmp, k);
 			} else k = wctomb_utf8(*out, c);
+			/* This failure condition should be unreachable, but
+			 * is included to prevent decoder bugs from translating
+			 * into advancement outside the output buffer range. */
+			if (k>4) goto ilseq;
 			*out += k;
 			*outb -= k;
 			break;

Commit 8a3aebaee0

Commit `8a3aebaee0`