diff options
Diffstat (limited to 'meta/recipes-extended/sysstat')
3 files changed, 142 insertions, 1 deletions
diff --git a/meta/recipes-extended/sysstat/sysstat/CVE-2022-39377.patch b/meta/recipes-extended/sysstat/sysstat/CVE-2022-39377.patch new file mode 100644 index 0000000000..972cc8938b --- /dev/null +++ b/meta/recipes-extended/sysstat/sysstat/CVE-2022-39377.patch | |||
@@ -0,0 +1,92 @@ | |||
1 | From 9c4eaf150662ad40607923389d4519bc83b93540 Mon Sep 17 00:00:00 2001 | ||
2 | From: Sebastien <seb@fedora-2.home> | ||
3 | Date: Sat, 15 Oct 2022 14:24:22 +0200 | ||
4 | Subject: [PATCH] Fix size_t overflow in sa_common.c (GHSL-2022-074) | ||
5 | |||
6 | allocate_structures function located in sa_common.c insufficiently | ||
7 | checks bounds before arithmetic multiplication allowing for an | ||
8 | overflow in the size allocated for the buffer representing system | ||
9 | activities. | ||
10 | |||
11 | This patch checks that the post-multiplied value is not greater than | ||
12 | UINT_MAX. | ||
13 | |||
14 | Signed-off-by: Sebastien <seb@fedora-2.home> | ||
15 | |||
16 | Upstream-Status: Backport [https://github.com/sysstat/sysstat/commit/9c4eaf150662ad40607923389d4519bc83b93540] | ||
17 | CVE : CVE-2022-39377 | ||
18 | Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> | ||
19 | --- | ||
20 | common.c | 25 +++++++++++++++++++++++++ | ||
21 | common.h | 2 ++ | ||
22 | sa_common.c | 6 ++++++ | ||
23 | 3 files changed, 33 insertions(+) | ||
24 | |||
25 | diff --git a/common.c b/common.c | ||
26 | index ddfe75d..28d475e 100644 | ||
27 | --- a/common.c | ||
28 | +++ b/common.c | ||
29 | @@ -1528,4 +1528,29 @@ int parse_values(char *strargv, unsigned char bitmap[], int max_val, const char | ||
30 | |||
31 | return 0; | ||
32 | } | ||
33 | + | ||
34 | +/* | ||
35 | + *************************************************************************** | ||
36 | + * Check if the multiplication of the 3 values may be greater than UINT_MAX. | ||
37 | + * | ||
38 | + * IN: | ||
39 | + * @val1 First value. | ||
40 | + * @val2 Second value. | ||
41 | + * @val3 Third value. | ||
42 | + *************************************************************************** | ||
43 | + */ | ||
44 | +void check_overflow(size_t val1, size_t val2, size_t val3) | ||
45 | +{ | ||
46 | + if ((unsigned long long) val1 * | ||
47 | + (unsigned long long) val2 * | ||
48 | + (unsigned long long) val3 > UINT_MAX) { | ||
49 | +#ifdef DEBUG | ||
50 | + fprintf(stderr, "%s: Overflow detected (%llu). Aborting...\n", | ||
51 | + __FUNCTION__, | ||
52 | + (unsigned long long) val1 * (unsigned long long) val2 * (unsigned long long) val3); | ||
53 | +#endif | ||
54 | + exit(4); | ||
55 | + } | ||
56 | +} | ||
57 | + | ||
58 | #endif /* SOURCE_SADC undefined */ | ||
59 | diff --git a/common.h b/common.h | ||
60 | index 86905ba..75f837a 100644 | ||
61 | --- a/common.h | ||
62 | +++ b/common.h | ||
63 | @@ -249,6 +249,8 @@ int get_wwnid_from_pretty | ||
64 | (char *, unsigned long long *, unsigned int *); | ||
65 | |||
66 | #ifndef SOURCE_SADC | ||
67 | +void check_overflow | ||
68 | + (size_t, size_t, size_t); | ||
69 | int count_bits | ||
70 | (void *, int); | ||
71 | int count_csvalues | ||
72 | diff --git a/sa_common.c b/sa_common.c | ||
73 | index 8a03099..ff90c1f 100644 | ||
74 | --- a/sa_common.c | ||
75 | +++ b/sa_common.c | ||
76 | @@ -452,7 +452,13 @@ void allocate_structures(struct activity *act[]) | ||
77 | int i, j; | ||
78 | |||
79 | for (i = 0; i < NR_ACT; i++) { | ||
80 | + | ||
81 | if (act[i]->nr_ini > 0) { | ||
82 | + | ||
83 | + /* Look for a possible overflow */ | ||
84 | + check_overflow((size_t) act[i]->msize, (size_t) act[i]->nr_ini, | ||
85 | + (size_t) act[i]->nr2); | ||
86 | + | ||
87 | for (j = 0; j < 3; j++) { | ||
88 | SREALLOC(act[i]->buf[j], void, | ||
89 | (size_t) act[i]->msize * (size_t) act[i]->nr_ini * (size_t) act[i]->nr2); | ||
90 | -- | ||
91 | 2.25.1 | ||
92 | |||
diff --git a/meta/recipes-extended/sysstat/sysstat/CVE-2023-33204.patch b/meta/recipes-extended/sysstat/sysstat/CVE-2023-33204.patch new file mode 100644 index 0000000000..9a27945a8b --- /dev/null +++ b/meta/recipes-extended/sysstat/sysstat/CVE-2023-33204.patch | |||
@@ -0,0 +1,46 @@ | |||
1 | Origin: https://github.com/opencontainers/runc/commit/6f8dc568e6ab072bb8205b732f04e685bf9237c0 | ||
2 | Reviewed-by: Sylvain Beucler <beuc@debian.org> | ||
3 | Last-Update: 2023-02-18 | ||
4 | |||
5 | From 954ff2e2673cef48f0ed44668c466eab041db387 Mon Sep 17 00:00:00 2001 | ||
6 | From: Pavel Kopylov <pkopylov@cloudlinux.com> | ||
7 | Date: Wed, 17 May 2023 11:33:45 +0200 | ||
8 | Subject: [PATCH] Fix an overflow which is still possible for some values. | ||
9 | |||
10 | CVE: CVE-2023-33204 | ||
11 | Upstream-Status: Backport [ upstream: https://github.com/sysstat/sysstat/commit/6f8dc568e6ab072bb8205b732f04e685bf9237c0 | ||
12 | debian: http://security.debian.org/debian-security/pool/updates/main/s/sysstat/sysstat_12.0.3-2+deb10u2.debian.tar.xz ] | ||
13 | Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> | ||
14 | |||
15 | --- | ||
16 | common.c | 7 +++++-- | ||
17 | 1 file changed, 5 insertions(+), 2 deletions(-) | ||
18 | |||
19 | Index: sysstat-12.0.3/common.c | ||
20 | =================================================================== | ||
21 | --- sysstat-12.0.3.orig/common.c | ||
22 | +++ sysstat-12.0.3/common.c | ||
23 | @@ -1449,15 +1449,16 @@ int parse_values(char *strargv, unsigned | ||
24 | */ | ||
25 | void check_overflow(size_t val1, size_t val2, size_t val3) | ||
26 | { | ||
27 | - if ((unsigned long long) val1 * | ||
28 | - (unsigned long long) val2 * | ||
29 | - (unsigned long long) val3 > UINT_MAX) { | ||
30 | + if ((val1 != 0) && (val2 != 0) && (val3 != 0) && | ||
31 | + (((unsigned long long) UINT_MAX / (unsigned long long) val1 < | ||
32 | + (unsigned long long) val2) || | ||
33 | + ((unsigned long long) UINT_MAX / ((unsigned long long) val1 * (unsigned long long) val2) < | ||
34 | + (unsigned long long) val3))) { | ||
35 | #ifdef DEBUG | ||
36 | - fprintf(stderr, "%s: Overflow detected (%llu). Aborting...\n", | ||
37 | - __FUNCTION__, | ||
38 | - (unsigned long long) val1 * (unsigned long long) val2 * (unsigned long long) val3); | ||
39 | + fprintf(stderr, "%s: Overflow detected (%u,%u,%u). Aborting...\n", | ||
40 | + __FUNCTION__, val1, val2, val3); | ||
41 | #endif | ||
42 | - exit(4); | ||
43 | + exit(4); | ||
44 | } | ||
45 | } | ||
46 | |||
diff --git a/meta/recipes-extended/sysstat/sysstat_12.2.1.bb b/meta/recipes-extended/sysstat/sysstat_12.2.1.bb index 2a90f89d25..ac7b898db9 100644 --- a/meta/recipes-extended/sysstat/sysstat_12.2.1.bb +++ b/meta/recipes-extended/sysstat/sysstat_12.2.1.bb | |||
@@ -2,7 +2,10 @@ require sysstat.inc | |||
2 | 2 | ||
3 | LIC_FILES_CHKSUM = "file://COPYING;md5=a23a74b3f4caf9616230789d94217acb" | 3 | LIC_FILES_CHKSUM = "file://COPYING;md5=a23a74b3f4caf9616230789d94217acb" |
4 | 4 | ||
5 | SRC_URI += "file://0001-configure.in-remove-check-for-chkconfig.patch" | 5 | SRC_URI += "file://0001-configure.in-remove-check-for-chkconfig.patch \ |
6 | file://CVE-2022-39377.patch \ | ||
7 | file://CVE-2023-33204.patch \ | ||
8 | " | ||
6 | 9 | ||
7 | SRC_URI[md5sum] = "9dfff5fac24e35bd92fb7896debf2ffb" | 10 | SRC_URI[md5sum] = "9dfff5fac24e35bd92fb7896debf2ffb" |
8 | SRC_URI[sha256sum] = "8edb0e19b514ac560a098a02933a4735b881296d61014db89bf80f05dd7a4732" | 11 | SRC_URI[sha256sum] = "8edb0e19b514ac560a098a02933a4735b881296d61014db89bf80f05dd7a4732" |