Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 755695 (CVE-2020-28928) - <sys-libs/musl-1.2.1-r1: wcsnrtombs destination buffer overflow (CVE-2020-28928)
Summary: <sys-libs/musl-1.2.1-r1: wcsnrtombs destination buffer overflow (CVE-2020-28928)
Status: IN_PROGRESS
Alias: CVE-2020-28928
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://www.openwall.com/lists/oss-se...
Whiteboard: B3 [glsa?]
Keywords:
Depends on:
Blocks:
 
Reported: 2020-11-20 11:05 UTC by Sam James
Modified: 2021-07-29 18:05 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester gentoo-dev Security 2020-11-20 11:05:29 UTC
"The wcsnrtombs function in all musl libc versions up through 1.2.1 has
been found to have multiple bugs in handling of destination buffer
size when limiting the input character count, which can lead to
infinite loop with no forward progress (no overflow) or writing past
the end of the destination buffera.

This function is not used internally in musl and is not widely used,
but does appear in some applications. The non-input-limiting form
wcsrtombs is not affected.

All users of musl 1.2.1 and prior versions should apply the attached
patch, which replaces the overly complex and erroneous implementation.
The upcoming 1.2.2 release will adopt this new implementation."
Comment 1 Sam James archtester gentoo-dev Security 2020-11-20 11:06:06 UTC
Please apply the patch linked (in URL), thanks!
Comment 3 Larry the Git Cow gentoo-dev 2020-11-24 15:00:09 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8a8e70b0165c61ec95464968205a8cf06859e607

commit 8a8e70b0165c61ec95464968205a8cf06859e607
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2020-11-24 14:59:52 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2020-11-24 14:59:59 +0000

    sys-libs/musl: security bump for CVE-2020-28928
    
    Acked-by: Anthony G. Basile <blueness@gentoo.org>
    Bug: https://bugs.gentoo.org/755695
    Package-Manager: Portage-3.0.9, Repoman-3.0.2
    Signed-off-by: Sam James <sam@gentoo.org>

 .../musl/files/musl-1.2.1-CVE-2020-28928.patch     | 114 ++++++++++++++++++
 sys-libs/musl/musl-1.2.1-r1.ebuild                 | 133 +++++++++++++++++++++
 2 files changed, 247 insertions(+)
Comment 4 Sam James archtester gentoo-dev Security 2020-11-24 15:00:55 UTC
Stabilisation is pending on blueness testing this out in production.
Comment 5 Anthony Basile gentoo-dev 2020-12-06 21:22:07 UTC
(In reply to Sam James from comment #4)
> Stabilisation is pending on blueness testing this out in production.

1.2.1-r1 stable on all arches
Comment 6 Sam James archtester gentoo-dev Security 2020-12-07 16:10:29 UTC
(In reply to Anthony Basile from comment #5)
> (In reply to Sam James from comment #4)
> > Stabilisation is pending on blueness testing this out in production.
> 
> 1.2.1-r1 stable on all arches

Thanks! Please cleanup when ready.
Comment 7 NATTkA bot gentoo-dev 2021-02-14 16:53:00 UTC Comment hidden (obsolete)
Comment 8 John Helmert III gentoo-dev Security 2021-02-14 18:57:20 UTC
Tree is clean
Comment 9 NATTkA bot gentoo-dev 2021-07-29 17:25:21 UTC Comment hidden (obsolete)
Comment 10 NATTkA bot gentoo-dev 2021-07-29 17:33:54 UTC Comment hidden (obsolete)
Comment 11 NATTkA bot gentoo-dev 2021-07-29 17:41:47 UTC Comment hidden (obsolete)
Comment 12 NATTkA bot gentoo-dev 2021-07-29 17:49:56 UTC Comment hidden (obsolete)
Comment 13 NATTkA bot gentoo-dev 2021-07-29 18:05:50 UTC
Package list is empty or all packages have requested keywords.