summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--meta/recipes-extended/sysstat/sysstat/0001-Fix-232-Memory-corruption-bug-due-to-Integer-Overflo.patch46
-rw-r--r--meta/recipes-extended/sysstat/sysstat_12.1.6.bb4
2 files changed, 49 insertions, 1 deletions
diff --git a/meta/recipes-extended/sysstat/sysstat/0001-Fix-232-Memory-corruption-bug-due-to-Integer-Overflo.patch b/meta/recipes-extended/sysstat/sysstat/0001-Fix-232-Memory-corruption-bug-due-to-Integer-Overflo.patch
new file mode 100644
index 0000000000..46b111806c
--- /dev/null
+++ b/meta/recipes-extended/sysstat/sysstat/0001-Fix-232-Memory-corruption-bug-due-to-Integer-Overflo.patch
@@ -0,0 +1,46 @@
1From 603ae4ed8cd65abf0776ef7f68354a5c24a3411c Mon Sep 17 00:00:00 2001
2From: Sebastien GODARD <sysstat@users.noreply.github.com>
3Date: Tue, 15 Oct 2019 14:39:33 +0800
4Subject: [PATCH] Fix #232: Memory corruption bug due to Integer Overflow in
5 remap_struct()
6
7Try to avoid integer overflow when reading a corrupted binary datafile
8with sadf.
9
10Upstream-Status: Backport [https://github.com/sysstat/sysstat/commit/83fad9c895d1ac13f76af5883b7451b3302beef5]
11CVE: CVE-2019-16167
12
13Signed-off-by: Sebastien GODARD <sysstat@users.noreply.github.com>
14Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com>
15---
16 sa_common.c | 7 +++++--
17 1 file changed, 5 insertions(+), 2 deletions(-)
18
19diff --git a/sa_common.c b/sa_common.c
20index 395c11c..cfa9007 100644
21--- a/sa_common.c
22+++ b/sa_common.c
23@@ -1336,7 +1336,8 @@ int remap_struct(unsigned int gtypes_nr[], unsigned int ftypes_nr[],
24 /* Remap [unsigned] int fields */
25 d = gtypes_nr[1] - ftypes_nr[1];
26 if (d) {
27- if (ftypes_nr[1] * UL_ALIGNMENT_WIDTH < ftypes_nr[1])
28+ if (gtypes_nr[0] * ULL_ALIGNMENT_WIDTH +
29+ ftypes_nr[1] * UL_ALIGNMENT_WIDTH < ftypes_nr[1])
30 /* Overflow */
31 return -1;
32
33@@ -1365,7 +1366,9 @@ int remap_struct(unsigned int gtypes_nr[], unsigned int ftypes_nr[],
34 /* Remap possible fields (like strings of chars) following int fields */
35 d = gtypes_nr[2] - ftypes_nr[2];
36 if (d) {
37- if (ftypes_nr[2] * U_ALIGNMENT_WIDTH < ftypes_nr[2])
38+ if (gtypes_nr[0] * ULL_ALIGNMENT_WIDTH +
39+ gtypes_nr[1] * UL_ALIGNMENT_WIDTH +
40+ ftypes_nr[2] * U_ALIGNMENT_WIDTH < ftypes_nr[2])
41 /* Overflow */
42 return -1;
43
44--
451.9.1
46
diff --git a/meta/recipes-extended/sysstat/sysstat_12.1.6.bb b/meta/recipes-extended/sysstat/sysstat_12.1.6.bb
index 8cf8c36d9b..362888d506 100644
--- a/meta/recipes-extended/sysstat/sysstat_12.1.6.bb
+++ b/meta/recipes-extended/sysstat/sysstat_12.1.6.bb
@@ -2,7 +2,9 @@ require sysstat.inc
2 2
3LIC_FILES_CHKSUM = "file://COPYING;md5=a23a74b3f4caf9616230789d94217acb" 3LIC_FILES_CHKSUM = "file://COPYING;md5=a23a74b3f4caf9616230789d94217acb"
4 4
5SRC_URI += "file://0001-Include-needed-headers-explicitly.patch" 5SRC_URI += "file://0001-Include-needed-headers-explicitly.patch \
6 file://0001-Fix-232-Memory-corruption-bug-due-to-Integer-Overflo.patch \
7"
6 8
7SRC_URI[md5sum] = "d8e3bbb9c873dd370f6d33664e326570" 9SRC_URI[md5sum] = "d8e3bbb9c873dd370f6d33664e326570"
8SRC_URI[sha256sum] = "f752f3c406153a6fc446496f1102872505ace3f0931d975c1d664c81ec09f129" 10SRC_URI[sha256sum] = "f752f3c406153a6fc446496f1102872505ace3f0931d975c1d664c81ec09f129"