From e92d0abecfb11884e85a53f81966c66e5319942d Mon Sep 17 00:00:00 2001
From: Corinna Vinschen <corinna@vinschen.de>
Date: Mon, 23 Nov 2009 17:02:20 +0000
Subject: 	Use NetBSD fix for CVE-2009-0689 security vulnerability. 
 * libc/include/sys/reent.h (_Kmax): Define here based on the sizeof 
 size_t, as in latest NetBSD. 	* libc/reent/reent.c (_reclaim_reent): Use
 _Kmax rather than constant 	value 15. 	* libc/stdlib/mprec.c (_Kmax):
 Don't define here.  Explain why.

---
 newlib/libc/stdlib/mprec.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'newlib/libc/stdlib/mprec.c')

diff --git a/newlib/libc/stdlib/mprec.c b/newlib/libc/stdlib/mprec.c
index 6e84ece5b..2b982ef55 100644
--- a/newlib/libc/stdlib/mprec.c
+++ b/newlib/libc/stdlib/mprec.c
@@ -86,8 +86,12 @@
 #include <reent.h>
 #include "mprec.h"
 
-/* reent.c knows this value */
+/* This is defined in sys/reent.h as (sizeof (size_t) << 3) now, as in NetBSD.
+   The old value of 15 was wrong and made newlib vulnerable against buffer
+   overrun attacks (CVE-2009-0689), same as other implementations of gdtoa
+   based on BSD code.
 #define _Kmax 15
+*/
 
 _Bigint *
 _DEFUN (Balloc, (ptr, k), struct _reent *ptr _AND int k)
-- 
cgit v1.2.3