diff options
author | Dragos-Marian Panait <dragos.panait@windriver.com> | 2021-08-10 12:27:34 +0300 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-08-26 08:32:18 +0100 |
commit | 0de8d082131c771b7abf5131125e8362cb2a873c (patch) | |
tree | b0e6412469a1dedf40f28eb44a4259534e18d7f4 /meta/recipes-core | |
parent | 378c364b1221d85b99d461fe2b2fbeb46124fc53 (diff) | |
download | poky-0de8d082131c771b7abf5131125e8362cb2a873c.tar.gz |
util-linux: fix CVE-2021-37600
sys-utils/ipcutils: be careful when call calloc() for uint64 nmembs
Fix: #1395
(From OE-Core rev: f1b1627cac303f5f9c07fc0e8f959c0675b8f3a7)
Signed-off-by: Karel Zak <kzak@redhat.com>
CVE: CVE-2021-37600
Upstream-Status: Backport [1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c]
Signed-off-by: Dragos-Marian Panait <dragos.panait@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9822232b4abd811bb9c8562f98c0aefc748340a0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core')
-rw-r--r-- | meta/recipes-core/util-linux/util-linux/CVE-2021-37600.patch | 33 | ||||
-rw-r--r-- | meta/recipes-core/util-linux/util-linux_2.35.1.bb | 1 |
2 files changed, 34 insertions, 0 deletions
diff --git a/meta/recipes-core/util-linux/util-linux/CVE-2021-37600.patch b/meta/recipes-core/util-linux/util-linux/CVE-2021-37600.patch new file mode 100644 index 0000000000..2b306c435b --- /dev/null +++ b/meta/recipes-core/util-linux/util-linux/CVE-2021-37600.patch | |||
@@ -0,0 +1,33 @@ | |||
1 | From 1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c Mon Sep 17 00:00:00 2001 | ||
2 | From: Karel Zak <kzak@redhat.com> | ||
3 | Date: Tue, 27 Jul 2021 11:58:31 +0200 | ||
4 | Subject: [PATCH] sys-utils/ipcutils: be careful when call calloc() for uint64 | ||
5 | nmembs | ||
6 | |||
7 | Fix: https://github.com/karelzak/util-linux/issues/1395 | ||
8 | Signed-off-by: Karel Zak <kzak@redhat.com> | ||
9 | |||
10 | CVE: CVE-2021-37600 | ||
11 | Upstream-Status: Backport [1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c] | ||
12 | |||
13 | Signed-off-by: Dragos-Marian Panait <dragos.panait@windriver.com> | ||
14 | --- | ||
15 | sys-utils/ipcutils.c | 2 +- | ||
16 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
17 | |||
18 | diff --git a/sys-utils/ipcutils.c b/sys-utils/ipcutils.c | ||
19 | index e784c4dcb..18868cfd3 100644 | ||
20 | --- a/sys-utils/ipcutils.c | ||
21 | +++ b/sys-utils/ipcutils.c | ||
22 | @@ -218,7 +218,7 @@ static void get_sem_elements(struct sem_data *p) | ||
23 | { | ||
24 | size_t i; | ||
25 | |||
26 | - if (!p || !p->sem_nsems || p->sem_perm.id < 0) | ||
27 | + if (!p || !p->sem_nsems || p->sem_nsems > SIZE_MAX || p->sem_perm.id < 0) | ||
28 | return; | ||
29 | |||
30 | p->elements = xcalloc(p->sem_nsems, sizeof(struct sem_elem)); | ||
31 | -- | ||
32 | 2.25.1 | ||
33 | |||
diff --git a/meta/recipes-core/util-linux/util-linux_2.35.1.bb b/meta/recipes-core/util-linux/util-linux_2.35.1.bb index 516b783887..731f0618eb 100644 --- a/meta/recipes-core/util-linux/util-linux_2.35.1.bb +++ b/meta/recipes-core/util-linux/util-linux_2.35.1.bb | |||
@@ -11,6 +11,7 @@ SRC_URI += "file://configure-sbindir.patch \ | |||
11 | file://0001-libfdisk-script-accept-sector-size-ignore-unknown-he.patch \ | 11 | file://0001-libfdisk-script-accept-sector-size-ignore-unknown-he.patch \ |
12 | file://0001-kill-include-sys-types.h-before-checking-SYS_pidfd_s.patch \ | 12 | file://0001-kill-include-sys-types.h-before-checking-SYS_pidfd_s.patch \ |
13 | file://0001-include-cleanup-pidfd-inckudes.patch \ | 13 | file://0001-include-cleanup-pidfd-inckudes.patch \ |
14 | file://CVE-2021-37600.patch \ | ||
14 | " | 15 | " |
15 | SRC_URI[md5sum] = "7f64882f631225f0295ca05080cee1bf" | 16 | SRC_URI[md5sum] = "7f64882f631225f0295ca05080cee1bf" |
16 | SRC_URI[sha256sum] = "d9de3edd287366cd908e77677514b9387b22bc7b88f45b83e1922c3597f1d7f9" | 17 | SRC_URI[sha256sum] = "d9de3edd287366cd908e77677514b9387b22bc7b88f45b83e1922c3597f1d7f9" |