Skip to content

Commit ba4bcc1

Browse files
pietroalbinipietroalbini
committed
fix musl's CVE-2025-26519 
1 parent c3fe9e7 commit ba4bcc1

File tree

1 file changed

+39
-1
lines changed

1 file changed

+39
-1
lines changed

src/ci/docker/scripts/musl.sh

Lines changed: 39 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -31,8 +31,46 @@ MUSL=musl-1.2.3
3131
if [ ! -d $MUSL ]; then
3232
curl https://www.musl-libc.org/releases/$MUSL.tar.gz | tar xzf -
3333
fi
34-
3534
cd $MUSL
35+
36+
# Apply patches for CVE-2025-26519. At the time of adding these patches no release containing them
37+
# has been published by the musl project, so we just apply them directly on top of the version we
38+
# were distributing already. The patches should be removed once we upgrade to musl >= 1.2.6.
39+
#
40+
# Advisory: https://www.openwall.com/lists/musl/2025/02/13/1
41+
#
42+
# Patches applied:
43+
# - https://www.openwall.com/lists/musl/2025/02/13/1/1
44+
# - https://www.openwall.com/lists/musl/2025/02/13/1/2
45+
patch -p1 <<EOF
46+
--- a/src/locale/iconv.c
47+
+++ b/src/locale/iconv.c
48+
@@ -502,7 +502,7 @@ size_t iconv(iconv_t cd, char **restrict in, size_t *restrict inb, char **restri
49+
if (c >= 93 || d >= 94) {
50+
c += (0xa1-0x81);
51+
d += 0xa1;
52+
- if (c >= 93 || c>=0xc6-0x81 && d>0x52)
53+
+ if (c > 0xc6-0x81 || c==0xc6-0x81 && d>0x52)
54+
goto ilseq;
55+
if (d-'A'<26) d = d-'A';
56+
else if (d-'a'<26) d = d-'a'+26;
57+
EOF
58+
patch -p1 <<EOF
59+
--- a/src/locale/iconv.c
60+
+++ b/src/locale/iconv.c
61+
@@ -545,6 +545,10 @@ size_t iconv(iconv_t cd, char **restrict in, size_t *restrict inb, char **restri
62+
if (*outb < k) goto toobig;
63+
memcpy(*out, tmp, k);
64+
} else k = wctomb_utf8(*out, c);
65+
+ /* This failure condition should be unreachable, but
66+
+ * is included to prevent decoder bugs from translating
67+
+ * into advancement outside the output buffer range. */
68+
+ if (k>4) goto ilseq;
69+
*out += k;
70+
*outb -= k;
71+
break;
72+
EOF
73+
3674
./configure --enable-debug --disable-shared --prefix=/musl-$TAG "$@"
3775
if [ "$TAG" = "i586" -o "$TAG" = "i686" ]; then
3876
hide_output make -j$(nproc) AR=ar RANLIB=ranlib

0 commit comments

Comments
 (0)