[Bug 1929105] Re: CVE-2021-3326: The iconv app in glibc when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion & aborts
Bug Watch Updater
1929105 at bugs.launchpad.net
Sat Sep 18 06:16:04 UTC 2021
Launchpad has imported 3 comments from the remote bug at
https://sourceware.org/bugzilla/show_bug.cgi?id=27256.
If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.launchpad.net/InterBugTracking.
------------------------------------------------------------------------
On 2021-01-27T12:33:46+00:00 Florian Weimer wrote:
Tavis Ormandy reported that when converting from ISO-2022-JP-3 to UTF-8,
the gconv module could trigger an assertion failure in iconv/skeleton.c
if the second wide character in a two-wide-character sequence cannot be
written to the output buffer during character set conversion.
If glibc is built with assertions, this assertion failure can typically
be triggered by applications (such as mail clients) which use the glibc
iconv subsystem for MIME character set processing.
Reply at:
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1929105/comments/0
------------------------------------------------------------------------
On 2021-01-27T12:42:11+00:00 Florian Weimer wrote:
Patch posted: https://sourceware.org/pipermail/libc-
alpha/2021-January/122058.html
Reply at:
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1929105/comments/1
------------------------------------------------------------------------
On 2021-01-27T13:04:29+00:00 Florian Weimer wrote:
Fixed for 2.33 via:
commit 7d88c6142c6efc160c0ee5e4f85cde382c072888
Author: Florian Weimer <fweimer at redhat.com>
Date: Wed Jan 27 13:36:12 2021 +0100
gconv: Fix assertion failure in ISO-2022-JP-3 module (bug 27256)
The conversion loop to the internal encoding does not follow
the interface contract that __GCONV_FULL_OUTPUT is only returned
after the internal wchar_t buffer has been filled completely. This
is enforced by the first of the two asserts in iconv/skeleton.c:
/* We must run out of output buffer space in this
rerun. */
assert (outbuf == outerr);
assert (nstatus == __GCONV_FULL_OUTPUT);
This commit solves this issue by queuing a second wide character
which cannot be written immediately in the state variable, like
other converters already do (e.g., BIG5-HKSCS or TSCII).
Reported-by: Tavis Ormandy <taviso at gmail.com>
Reply at:
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1929105/comments/2
** Changed in: glibc
Status: Unknown => Fix Released
** Changed in: glibc
Importance: Unknown => Medium
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to glibc in Ubuntu.
https://bugs.launchpad.net/bugs/1929105
Title:
CVE-2021-3326: The iconv app in glibc when processing invalid input
sequences in the ISO-2022-JP-3 encoding, fails an assertion & aborts
Status in GLibC:
Fix Released
Status in glibc package in Ubuntu:
Fix Released
Status in glibc source package in Bionic:
New
Status in glibc source package in Focal:
New
Status in glibc source package in Groovy:
Won't Fix
Bug description:
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and
earlier, when processing invalid input sequences in the ISO-2022-JP-3
encoding, fails an assertion in the code path and aborts the program,
potentially resulting in a denial of service.
Ref.: https://ubuntu.com/security/CVE-2021-3326
To manage notifications about this bug go to:
https://bugs.launchpad.net/glibc/+bug/1929105/+subscriptions
More information about the foundations-bugs
mailing list