[PR PATCH] musl: backport wcsnrtombs fix.

[ericonr <ericonr@users.noreply.github.com>]

[-- Attachment #1: Type: text/plain, Size: 332 bytes --]

There is a new pull request by ericonr against master on the void-packages repository

https://github.com/ericonr/void-packages tombs
https://github.com/void-linux/void-packages/pull/26516

musl: backport wcsnrtombs fix.
Fix CVE-2020-28928.

A patch file from https://github.com/void-linux/void-packages/pull/26516.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-tombs-26516.patch --]
[-- Type: text/x-diff, Size: 2486 bytes --]

From ae6636726b34c6b7a237f13439f31300a0f56417 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=89rico=20Rolim?= <erico.erc@gmail.com>
Date: Thu, 19 Nov 2020 20:58:13 -0300
Subject: [PATCH] musl: backport wcsnrtombs fix.

Fix CVE-2020-28928.
---
 srcpkgs/musl/patches/CVE-2020-28928.patch | 68 +++++++++++++++++++++++
 srcpkgs/musl/template                     |  2 +-
 2 files changed, 69 insertions(+), 1 deletion(-)
 create mode 100644 srcpkgs/musl/patches/CVE-2020-28928.patch

diff --git a/srcpkgs/musl/patches/CVE-2020-28928.patch b/srcpkgs/musl/patches/CVE-2020-28928.patch
new file mode 100644
index 00000000000..b06ead0a68f
--- /dev/null
+++ b/srcpkgs/musl/patches/CVE-2020-28928.patch
@@ -0,0 +1,68 @@
+This patch will be present in musl-1.2.2
+
+diff --git a/src/multibyte/wcsnrtombs.c b/src/multibyte/wcsnrtombs.c
+index 676932b5..95e25e70 100644
+--- src/multibyte/wcsnrtombs.c
++++ src/multibyte/wcsnrtombs.c
+@@ -1,41 +1,33 @@
+ #include <wchar.h>
++#include <limits.h>
++#include <string.h>
+ 
+ size_t wcsnrtombs(char *restrict dst, const wchar_t **restrict wcs, size_t wn, size_t n, mbstate_t *restrict st)
+ {
+-	size_t l, cnt=0, n2;
+-	char *s, buf[256];
+ 	const wchar_t *ws = *wcs;
+-	const wchar_t *tmp_ws;
+-
+-	if (!dst) s = buf, n = sizeof buf;
+-	else s = dst;
+-
+-	while ( ws && n && ( (n2=wn)>=n || n2>32 ) ) {
+-		if (n2>=n) n2=n;
+-		tmp_ws = ws;
+-		l = wcsrtombs(s, &ws, n2, 0);
+-		if (!(l+1)) {
+-			cnt = l;
+-			n = 0;
++	size_t cnt = 0;
++	if (!dst) n=0;
++	while (ws && wn) {
++		char tmp[MB_LEN_MAX];
++		size_t l = wcrtomb(n<MB_LEN_MAX ? tmp : dst, *ws, 0);
++		if (l==-1) {
++			cnt = -1;
+ 			break;
+ 		}
+-		if (s != buf) {
+-			s += l;
++		if (dst) {
++			if (n<MB_LEN_MAX) {
++				if (l>n) break;
++				memcpy(dst, tmp, l);
++			}
++			dst += l;
+ 			n -= l;
+ 		}
+-		wn = ws ? wn - (ws - tmp_ws) : 0;
+-		cnt += l;
+-	}
+-	if (ws) while (n && wn) {
+-		l = wcrtomb(s, *ws, 0);
+-		if ((l+1)<=1) {
+-			if (!l) ws = 0;
+-			else cnt = l;
++		if (!*ws) {
++			ws = 0;
+ 			break;
+ 		}
+-		ws++; wn--;
+-		/* safe - this loop runs fewer than sizeof(buf) times */
+-		s+=l; n-=l;
++		ws++;
++		wn--;
+ 		cnt += l;
+ 	}
+ 	if (dst) *wcs = ws;
+
diff --git a/srcpkgs/musl/template b/srcpkgs/musl/template
index 6a0ac60b03c..a08ef9e0d89 100644
--- a/srcpkgs/musl/template
+++ b/srcpkgs/musl/template
@@ -2,7 +2,7 @@
 pkgname=musl
 reverts="1.2.0_1"
 version=1.1.24
-revision=4
+revision=5
 archs="*-musl"
 bootstrap=yes
 build_style=gnu-configure