diff options
author | Xiangyu Chen <xiangyu.chen@eng.windriver.com> | 2022-11-19 16:17:35 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-12-13 15:23:34 +0000 |
commit | 887faedb16db908c032f3abcfd8a16e9da2123cd (patch) | |
tree | 9b07acbc847618c07f77c08a8d0aa2dbbf82fd4e /meta/recipes-extended | |
parent | 873eb777a090f45da26e30508f2b6e61ab6382ce (diff) | |
download | poky-887faedb16db908c032f3abcfd8a16e9da2123cd.tar.gz |
sysstat: fix CVE-2022-39377
(From OE-Core rev: caf40fd28424aa583c18f9235d6d28651cc419b9)
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-extended')
-rw-r--r-- | meta/recipes-extended/sysstat/sysstat/CVE-2022-39377.patch | 93 | ||||
-rw-r--r-- | meta/recipes-extended/sysstat/sysstat_12.4.5.bb | 3 |
2 files changed, 95 insertions, 1 deletions
diff --git a/meta/recipes-extended/sysstat/sysstat/CVE-2022-39377.patch b/meta/recipes-extended/sysstat/sysstat/CVE-2022-39377.patch new file mode 100644 index 0000000000..dce7b0d61f --- /dev/null +++ b/meta/recipes-extended/sysstat/sysstat/CVE-2022-39377.patch | |||
@@ -0,0 +1,93 @@ | |||
1 | From 9c4eaf150662ad40607923389d4519bc83b93540 Mon Sep 17 00:00:00 2001 | ||
2 | From: Sebastien <seb@fedora-2.home> | ||
3 | Date: Sat, 15 Oct 2022 14:24:22 +0200 | ||
4 | Subject: [PATCH] Fix size_t overflow in sa_common.c (GHSL-2022-074) | ||
5 | |||
6 | allocate_structures function located in sa_common.c insufficiently | ||
7 | checks bounds before arithmetic multiplication allowing for an | ||
8 | overflow in the size allocated for the buffer representing system | ||
9 | activities. | ||
10 | |||
11 | This patch checks that the post-multiplied value is not greater than | ||
12 | UINT_MAX. | ||
13 | |||
14 | Signed-off-by: Sebastien <seb@fedora-2.home> | ||
15 | |||
16 | Upstream-Status: Backport from | ||
17 | [https://github.com/sysstat/sysstat/commit/a953ee3307d51255cc96e1f211882e97f795eed9] | ||
18 | |||
19 | Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> | ||
20 | --- | ||
21 | common.c | 25 +++++++++++++++++++++++++ | ||
22 | common.h | 2 ++ | ||
23 | sa_common.c | 6 ++++++ | ||
24 | 3 files changed, 33 insertions(+) | ||
25 | |||
26 | diff --git a/common.c b/common.c | ||
27 | index 81c7762..1a84b05 100644 | ||
28 | --- a/common.c | ||
29 | +++ b/common.c | ||
30 | @@ -1655,4 +1655,29 @@ int parse_values(char *strargv, unsigned char bitmap[], int max_val, const char | ||
31 | |||
32 | return 0; | ||
33 | } | ||
34 | + | ||
35 | +/* | ||
36 | + *************************************************************************** | ||
37 | + * Check if the multiplication of the 3 values may be greater than UINT_MAX. | ||
38 | + * | ||
39 | + * IN: | ||
40 | + * @val1 First value. | ||
41 | + * @val2 Second value. | ||
42 | + * @val3 Third value. | ||
43 | + *************************************************************************** | ||
44 | + */ | ||
45 | +void check_overflow(size_t val1, size_t val2, size_t val3) | ||
46 | +{ | ||
47 | + if ((unsigned long long) val1 * | ||
48 | + (unsigned long long) val2 * | ||
49 | + (unsigned long long) val3 > UINT_MAX) { | ||
50 | +#ifdef DEBUG | ||
51 | + fprintf(stderr, "%s: Overflow detected (%llu). Aborting...\n", | ||
52 | + __FUNCTION__, | ||
53 | + (unsigned long long) val1 * (unsigned long long) val2 * (unsigned long long) val3); | ||
54 | +#endif | ||
55 | + exit(4); | ||
56 | + } | ||
57 | +} | ||
58 | + | ||
59 | #endif /* SOURCE_SADC undefined */ | ||
60 | diff --git a/common.h b/common.h | ||
61 | index 55b6657..e8ab98a 100644 | ||
62 | --- a/common.h | ||
63 | +++ b/common.h | ||
64 | @@ -260,6 +260,8 @@ int check_dir | ||
65 | (char *); | ||
66 | |||
67 | #ifndef SOURCE_SADC | ||
68 | +void check_overflow | ||
69 | + (size_t, size_t, size_t); | ||
70 | int count_bits | ||
71 | (void *, int); | ||
72 | int count_csvalues | ||
73 | diff --git a/sa_common.c b/sa_common.c | ||
74 | index 3699a84..b2cec4a 100644 | ||
75 | --- a/sa_common.c | ||
76 | +++ b/sa_common.c | ||
77 | @@ -459,7 +459,13 @@ void allocate_structures(struct activity *act[]) | ||
78 | int i, j; | ||
79 | |||
80 | for (i = 0; i < NR_ACT; i++) { | ||
81 | + | ||
82 | if (act[i]->nr_ini > 0) { | ||
83 | + | ||
84 | + /* Look for a possible overflow */ | ||
85 | + check_overflow((size_t) act[i]->msize, (size_t) act[i]->nr_ini, | ||
86 | + (size_t) act[i]->nr2); | ||
87 | + | ||
88 | for (j = 0; j < 3; j++) { | ||
89 | SREALLOC(act[i]->buf[j], void, | ||
90 | (size_t) act[i]->msize * (size_t) act[i]->nr_ini * (size_t) act[i]->nr2); | ||
91 | -- | ||
92 | 2.34.1 | ||
93 | |||
diff --git a/meta/recipes-extended/sysstat/sysstat_12.4.5.bb b/meta/recipes-extended/sysstat/sysstat_12.4.5.bb index fe3db4d8a5..3a3d1fb6ba 100644 --- a/meta/recipes-extended/sysstat/sysstat_12.4.5.bb +++ b/meta/recipes-extended/sysstat/sysstat_12.4.5.bb | |||
@@ -2,6 +2,7 @@ require sysstat.inc | |||
2 | 2 | ||
3 | LIC_FILES_CHKSUM = "file://COPYING;md5=a23a74b3f4caf9616230789d94217acb" | 3 | LIC_FILES_CHKSUM = "file://COPYING;md5=a23a74b3f4caf9616230789d94217acb" |
4 | 4 | ||
5 | SRC_URI += "file://0001-configure.in-remove-check-for-chkconfig.patch" | 5 | SRC_URI += "file://0001-configure.in-remove-check-for-chkconfig.patch \ |
6 | file://CVE-2022-39377.patch" | ||
6 | 7 | ||
7 | SRC_URI[sha256sum] = "ef445acea301bbb996e410842f6290a8d049e884d4868cfef7e85dc04b7eee5b" | 8 | SRC_URI[sha256sum] = "ef445acea301bbb996e410842f6290a8d049e884d4868cfef7e85dc04b7eee5b" |