Use NetBSD fix for CVE-2009-0689 security vulnerability.

* libc/include/sys/reent.h (_Kmax): Define here based on the sizeof size_t, as in latest NetBSD. * libc/reent/reent.c (_reclaim_reent): Use _Kmax rather than constant value 15. * libc/stdlib/mprec.c (_Kmax): Don't define here. Explain why.
author: Corinna Vinschen <corinna@vinschen.de> 2009-11-23 17:02:20 +0000
committer: Corinna Vinschen <corinna@vinschen.de> 2009-11-23 17:02:20 +0000
commit: e92d0abecfb11884e85a53f81966c66e5319942d (patch)
tree: b60bc08b2ed4b28621ede6b89fb6de2d24145665 /newlib/libc/stdlib/mprec.c
parent: 27bbefdefd339676bee4238e996df70e89fcdfa1 (diff)
download: cygnal-e92d0abecfb11884e85a53f81966c66e5319942d.tar.gz
cygnal-e92d0abecfb11884e85a53f81966c66e5319942d.tar.bz2
cygnal-e92d0abecfb11884e85a53f81966c66e5319942d.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/newlib/libc/stdlib/mprec.c b/newlib/libc/stdlib/mprec.c
index 6e84ece5b..2b982ef55 100644
--- a/newlib/libc/stdlib/mprec.c
+++ b/newlib/libc/stdlib/mprec.c
@@ -86,8 +86,12 @@
 #include <reent.h>
 #include "mprec.h"
 
-/* reent.c knows this value */
+/* This is defined in sys/reent.h as (sizeof (size_t) << 3) now, as in NetBSD.
+   The old value of 15 was wrong and made newlib vulnerable against buffer
+   overrun attacks (CVE-2009-0689), same as other implementations of gdtoa
+   based on BSD code.
 #define _Kmax 15
+*/
 
 _Bigint *
 _DEFUN (Balloc, (ptr, k), struct _reent *ptr _AND int k)
author	Corinna Vinschen <corinna@vinschen.de>	2009-11-23 17:02:20 +0000
committer	Corinna Vinschen <corinna@vinschen.de>	2009-11-23 17:02:20 +0000
commit	e92d0abecfb11884e85a53f81966c66e5319942d (patch)
tree	b60bc08b2ed4b28621ede6b89fb6de2d24145665 /newlib/libc/stdlib/mprec.c
parent	27bbefdefd339676bee4238e996df70e89fcdfa1 (diff)
download	cygnal-e92d0abecfb11884e85a53f81966c66e5319942d.tar.gz cygnal-e92d0abecfb11884e85a53f81966c66e5319942d.tar.bz2 cygnal-e92d0abecfb11884e85a53f81966c66e5319942d.zip