From: Ben Pfaff <blp@cs.stanford.edu>
Date: Sun, 27 Aug 2017 19:30:50 +0000 (-0700)
Subject: sys-file-reader: Better handle duplicate names without long names.
X-Git-Url: https://pintos-os.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7bf210c4fd179a22dd8c6a071f0b23f7ae4e14c2;hp=7bf210c4fd179a22dd8c6a071f0b23f7ae4e14c2;p=pspp

sys-file-reader: Better handle duplicate names without long names.

The reader did not properly handle the case where variable short names
had duplicates and the system file did not include long names.  In this
case, the reader still tried to use the (duplicate) short names as the
long names, which could in some cases cause a secondary name collision in
the no-long-names case in parse_long_var_names(), and assert-failed.

This commit first fixes the handling of duplicate short names: it sets
the long name to the unique chosen short name, instead of the original
duplicate short name.  Then as an additional measure it refactors the code
a little to always handle duplicates in rename_var_and_save_short_names().
I am not sure that that is necessary but it's a little bit of a code
cleanup anyhow.

CVE-2017-12960.
See also https://bugzilla.redhat.com/show_bug.cgi?id=1482433.
See also http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12960.
See also http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12960.
Found by team OWL337, using the collAFL fuzzer.
---