diff options
| author | Gyorgy Sarvari <skandigraun@gmail.com> | 2025-10-27 15:15:48 +0100 |
|---|---|---|
| committer | Gyorgy Sarvari <skandigraun@gmail.com> | 2025-10-27 18:06:34 +0100 |
| commit | dab398c7e0645dccf6c66f26e2d0ddc22395e695 (patch) | |
| tree | 589d1a37a28a9d59db5972f5b0741c0c997615e5 /meta-initramfs | |
| parent | 3c55e66f1fc7324c266324798a6c6aa94c5048d0 (diff) | |
| download | meta-openembedded-dab398c7e0645dccf6c66f26e2d0ddc22395e695.tar.gz | |
klibc: patch CVE-2021-31870
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-31870
Pick patch mentioned in the nvd report.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Diffstat (limited to 'meta-initramfs')
| -rw-r--r-- | meta-initramfs/recipes-devtools/klibc/files/CVE-2021-31870.patch | 45 | ||||
| -rw-r--r-- | meta-initramfs/recipes-devtools/klibc/klibc.inc | 1 |
2 files changed, 46 insertions, 0 deletions
diff --git a/meta-initramfs/recipes-devtools/klibc/files/CVE-2021-31870.patch b/meta-initramfs/recipes-devtools/klibc/files/CVE-2021-31870.patch new file mode 100644 index 0000000000..028b5d395e --- /dev/null +++ b/meta-initramfs/recipes-devtools/klibc/files/CVE-2021-31870.patch | |||
| @@ -0,0 +1,45 @@ | |||
| 1 | From 15c0e066ac8a75bdb3189dd5d77dc0f3539afefd Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Ben Hutchings <ben@decadent.org.uk> | ||
| 3 | Date: Wed, 28 Apr 2021 04:29:50 +0200 | ||
| 4 | Subject: [PATCH] calloc: Fail if multiplication overflows | ||
| 5 | |||
| 6 | calloc() multiplies its 2 arguments together and passes the result to | ||
| 7 | malloc(). Since the factors and product both have type size_t, this | ||
| 8 | can result in an integer overflow and subsequent buffer overflow. | ||
| 9 | Check for this and fail if it happens. | ||
| 10 | |||
| 11 | CVE-2021-31870 | ||
| 12 | |||
| 13 | CVE: CVE-2021-31870 | ||
| 14 | Upstream-Status: Backport [https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=292650f04c2b5348b4efbad61fb014ed09b4f3f2] | ||
| 15 | |||
| 16 | Signed-off-by: Ben Hutchings <ben@decadent.org.uk> | ||
| 17 | --- | ||
| 18 | usr/klibc/calloc.c | 11 ++++++++--- | ||
| 19 | 1 file changed, 8 insertions(+), 3 deletions(-) | ||
| 20 | |||
| 21 | diff --git a/usr/klibc/calloc.c b/usr/klibc/calloc.c | ||
| 22 | index 53dcc6b..4a81cda 100644 | ||
| 23 | --- a/usr/klibc/calloc.c | ||
| 24 | +++ b/usr/klibc/calloc.c | ||
| 25 | @@ -2,12 +2,17 @@ | ||
| 26 | * calloc.c | ||
| 27 | */ | ||
| 28 | |||
| 29 | +#include <errno.h> | ||
| 30 | #include <stdlib.h> | ||
| 31 | #include <string.h> | ||
| 32 | |||
| 33 | -/* FIXME: This should look for multiplication overflow */ | ||
| 34 | - | ||
| 35 | void *calloc(size_t nmemb, size_t size) | ||
| 36 | { | ||
| 37 | - return zalloc(nmemb * size); | ||
| 38 | + unsigned long prod; | ||
| 39 | + | ||
| 40 | + if (__builtin_umull_overflow(nmemb, size, &prod)) { | ||
| 41 | + errno = ENOMEM; | ||
| 42 | + return NULL; | ||
| 43 | + } | ||
| 44 | + return zalloc(prod); | ||
| 45 | } | ||
diff --git a/meta-initramfs/recipes-devtools/klibc/klibc.inc b/meta-initramfs/recipes-devtools/klibc/klibc.inc index ceb4f5ad3b..dd22282b40 100644 --- a/meta-initramfs/recipes-devtools/klibc/klibc.inc +++ b/meta-initramfs/recipes-devtools/klibc/klibc.inc | |||
| @@ -21,6 +21,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/libs/klibc/2.0/klibc-${PV}.tar.xz \ | |||
| 21 | file://0001-klibc-Kbuild-Accept-EXTRA_KLIBCAFLAGS.patch \ | 21 | file://0001-klibc-Kbuild-Accept-EXTRA_KLIBCAFLAGS.patch \ |
| 22 | file://cross-clang.patch \ | 22 | file://cross-clang.patch \ |
| 23 | file://0001-workaround-for-overlapping-sections-in-binary.patch \ | 23 | file://0001-workaround-for-overlapping-sections-in-binary.patch \ |
| 24 | file://CVE-2021-31870.patch \ | ||
| 24 | " | 25 | " |
| 25 | 26 | ||
| 26 | ARMPATCHES ?= "" | 27 | ARMPATCHES ?= "" |