util-linux: fix CVE-2021-37600

sys-utils/ipcutils: be careful when call calloc() for uint64 nmembs Fix: #1395 (From OE-Core rev: f1b1627cac303f5f9c07fc0e8f959c0675b8f3a7) Signed-off-by: Karel Zak <kzak@redhat.com> CVE: CVE-2021-37600 Upstream-Status: Backport [1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c] Signed-off-by: Dragos-Marian Panait <dragos.panait@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 9822232b4abd811bb9c8562f98c0aefc748340a0) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Dragos-Marian Panait <dragos.panait@windriver.com> 2021-08-10 12:27:34 +0300
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2021-08-26 08:32:18 +0100
commit: 0de8d082131c771b7abf5131125e8362cb2a873c (patch)
tree: b0e6412469a1dedf40f28eb44a4259534e18d7f4 /meta/recipes-core/util-linux
parent: 378c364b1221d85b99d461fe2b2fbeb46124fc53 (diff)
download: poky-0de8d082131c771b7abf5131125e8362cb2a873c.tar.gz
2 files changed, 34 insertions, 0 deletions
diff --git a/meta/recipes-core/util-linux/util-linux/CVE-2021-37600.patch b/meta/recipes-core/util-linux/util-linux/CVE-2021-37600.patch
new file mode 100644
index 0000000000..2b306c435b
--- /dev/null
+++ b/meta/recipes-core/util-linux/util-linux/CVE-2021-37600.patch
@@ -0,0 +1,33 @@
+From 1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Tue, 27 Jul 2021 11:58:31 +0200
+Subject: [PATCH] sys-utils/ipcutils: be careful when call calloc() for uint64
+ nmembs
+Fix: https://github.com/karelzak/util-linux/issues/1395
+Signed-off-by: Karel Zak <kzak@redhat.com>
+CVE: CVE-2021-37600
+Upstream-Status: Backport [1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c]
+Signed-off-by: Dragos-Marian Panait <dragos.panait@windriver.com>
+---
+ sys-utils/ipcutils.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/sys-utils/ipcutils.c b/sys-utils/ipcutils.c
+index e784c4dcb..18868cfd3 100644
+--- a/sys-utils/ipcutils.c
+++ b/sys-utils/ipcutils.c
+@@ -218,7 +218,7 @@ static void get_sem_elements(struct sem_data *p)
+ {
+        size_t i;
+ 
+-       if (!p || !p->sem_nsems || p->sem_perm.id < 0)
+       if (!p || !p->sem_nsems || p->sem_nsems > SIZE_MAX || p->sem_perm.id < 0)
+                return;
+ 
+        p->elements = xcalloc(p->sem_nsems, sizeof(struct sem_elem));
+-- 
+2.25.1
diff --git a/meta/recipes-core/util-linux/util-linux_2.35.1.bb b/meta/recipes-core/util-linux/util-linux_2.35.1.bb
index 516b783887..731f0618eb 100644
--- a/meta/recipes-core/util-linux/util-linux_2.35.1.bb
+++ b/meta/recipes-core/util-linux/util-linux_2.35.1.bb
@@ -11,6 +11,7 @@ SRC_URI += "file://configure-sbindir.patch \
            file://0001-libfdisk-script-accept-sector-size-ignore-unknown-he.patch \
            file://0001-kill-include-sys-types.h-before-checking-SYS_pidfd_s.patch \
            file://0001-include-cleanup-pidfd-inckudes.patch \
+            file://CVE-2021-37600.patch \
 "
 SRC_URI[md5sum] = "7f64882f631225f0295ca05080cee1bf"
 SRC_URI[sha256sum] = "d9de3edd287366cd908e77677514b9387b22bc7b88f45b83e1922c3597f1d7f9"
author	Dragos-Marian Panait <dragos.panait@windriver.com>	2021-08-10 12:27:34 +0300
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2021-08-26 08:32:18 +0100
commit	0de8d082131c771b7abf5131125e8362cb2a873c (patch)
tree	b0e6412469a1dedf40f28eb44a4259534e18d7f4 /meta/recipes-core/util-linux
parent	378c364b1221d85b99d461fe2b2fbeb46124fc53 (diff)
download	poky-0de8d082131c771b7abf5131125e8362cb2a873c.tar.gz

diff --git a/meta/recipes-core/util-linux/util-linux/CVE-2021-37600.patch b/meta/recipes-core/util-linux/util-linux/CVE-2021-37600.patch new file mode 100644 index 0000000000..2b306c435b --- /dev/null +++ b/meta/recipes-core/util-linux/util-linux/CVE-2021-37600.patch
@@ -0,0 +1,33 @@
		1	From 1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c Mon Sep 17 00:00:00 2001
		2	From: Karel Zak <kzak@redhat.com>
		3	Date: Tue, 27 Jul 2021 11:58:31 +0200
		4	Subject: [PATCH] sys-utils/ipcutils: be careful when call calloc() for uint64
		5	nmembs
		6
		7	Fix: https://github.com/karelzak/util-linux/issues/1395
		8	Signed-off-by: Karel Zak <kzak@redhat.com>
		9
		10	CVE: CVE-2021-37600
		11	Upstream-Status: Backport [1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c]
		12
		13	Signed-off-by: Dragos-Marian Panait <dragos.panait@windriver.com>
		14	---
		15	sys-utils/ipcutils.c \| 2 +-
		16	1 file changed, 1 insertion(+), 1 deletion(-)
		17
		18	diff --git a/sys-utils/ipcutils.c b/sys-utils/ipcutils.c
		19	index e784c4dcb..18868cfd3 100644
		20	--- a/sys-utils/ipcutils.c
		21	+++ b/sys-utils/ipcutils.c
		22	@@ -218,7 +218,7 @@ static void get_sem_elements(struct sem_data *p)
		23	{
		24	size_t i;
		25
		26	- if (!p \|\| !p->sem_nsems \|\| p->sem_perm.id < 0)
		27	+ if (!p \|\| !p->sem_nsems \|\| p->sem_nsems > SIZE_MAX \|\| p->sem_perm.id < 0)
		28	return;
		29
		30	p->elements = xcalloc(p->sem_nsems, sizeof(struct sem_elem));
		31	--
		32	2.25.1
		33


diff --git a/meta/recipes-core/util-linux/util-linux_2.35.1.bb b/meta/recipes-core/util-linux/util-linux_2.35.1.bb index 516b783887..731f0618eb 100644 --- a/meta/recipes-core/util-linux/util-linux_2.35.1.bb +++ b/meta/recipes-core/util-linux/util-linux_2.35.1.bb
@@ -11,6 +11,7 @@ SRC_URI += "file://configure-sbindir.patch \
11	file://0001-libfdisk-script-accept-sector-size-ignore-unknown-he.patch \	11	file://0001-libfdisk-script-accept-sector-size-ignore-unknown-he.patch \
12	file://0001-kill-include-sys-types.h-before-checking-SYS_pidfd_s.patch \	12	file://0001-kill-include-sys-types.h-before-checking-SYS_pidfd_s.patch \
13	file://0001-include-cleanup-pidfd-inckudes.patch \	13	file://0001-include-cleanup-pidfd-inckudes.patch \
		14	file://CVE-2021-37600.patch \
14	"	15	"
15	SRC_URI[md5sum] = "7f64882f631225f0295ca05080cee1bf"	16	SRC_URI[md5sum] = "7f64882f631225f0295ca05080cee1bf"
16	SRC_URI[sha256sum] = "d9de3edd287366cd908e77677514b9387b22bc7b88f45b83e1922c3597f1d7f9"	17	SRC_URI[sha256sum] = "d9de3edd287366cd908e77677514b9387b22bc7b88f45b83e1922c3597f1d7f9"