diff options
| author | Hitendra Prajapati <hprajapati@mvista.com> | 2023-05-31 12:24:02 +0530 |
|---|---|---|
| committer | Steve Sakoman <steve@sakoman.com> | 2023-06-14 04:16:59 -1000 |
| commit | 3c6eb3977334c414fbf0f9529e79c5d12ddf90d1 (patch) | |
| tree | c496c1bebdc8519d268b2518df4607b4bd95b749 | |
| parent | 1e6f147c686a91b9a5996f529e32ee1852f946b7 (diff) | |
| download | poky-3c6eb3977334c414fbf0f9529e79c5d12ddf90d1.tar.gz | |
sysstat: Fix CVE-2023-33204
Upstream-Status: Backport from https://github.com/sysstat/sysstat/commit/954ff2e2673c
(From OE-Core rev: d4ee3ad88392dbcb4284be48ef9fd0bbff979cca)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
| -rw-r--r-- | meta/recipes-extended/sysstat/sysstat/CVE-2023-33204.patch | 80 | ||||
| -rw-r--r-- | meta/recipes-extended/sysstat/sysstat_12.4.5.bb | 5 |
2 files changed, 83 insertions, 2 deletions
diff --git a/meta/recipes-extended/sysstat/sysstat/CVE-2023-33204.patch b/meta/recipes-extended/sysstat/sysstat/CVE-2023-33204.patch new file mode 100644 index 0000000000..3a12f7a3ed --- /dev/null +++ b/meta/recipes-extended/sysstat/sysstat/CVE-2023-33204.patch | |||
| @@ -0,0 +1,80 @@ | |||
| 1 | From e806a902cc90a0b87da00854de8d5fd8222540fc Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Pavel Kopylov <pkopylov@> | ||
| 3 | Date: Wed, 17 May 2023 11:33:45 +0200 | ||
| 4 | Subject: [PATCH] Fix an overflow which is still possible for some values. | ||
| 5 | |||
| 6 | Upstream-Status: Backport [https://github.com/sysstat/sysstat/commit/954ff2e2673c] | ||
| 7 | CVE: CVE-2023-33204 | ||
| 8 | |||
| 9 | Signed-off-by: Xiangyu Chen <xiangyu.chen@...> | ||
| 10 | Signed-off-by: Sanjay Chitroda <schitrod@...> | ||
| 11 | Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> | ||
| 12 | --- | ||
| 13 | common.c | 18 ++++++++++-------- | ||
| 14 | common.h | 2 +- | ||
| 15 | sa_common.c | 4 ++-- | ||
| 16 | 3 files changed, 13 insertions(+), 11 deletions(-) | ||
| 17 | |||
| 18 | diff --git a/common.c b/common.c | ||
| 19 | index db9b0ed..e05c5bb 100644 | ||
| 20 | --- a/common.c | ||
| 21 | +++ b/common.c | ||
| 22 | @@ -1640,17 +1640,19 @@ int parse_values(char *strargv, unsigned char bitmap[], int max_val, const char | ||
| 23 | * @val3 Third value. | ||
| 24 | *************************************************************************** | ||
| 25 | */ | ||
| 26 | -void check_overflow(size_t val1, size_t val2, size_t val3) | ||
| 27 | +void check_overflow(unsigned int val1, unsigned int val2, | ||
| 28 | + unsigned int val3) | ||
| 29 | { | ||
| 30 | - if ((unsigned long long) val1 * | ||
| 31 | - (unsigned long long) val2 * | ||
| 32 | - (unsigned long long) val3 > UINT_MAX) { | ||
| 33 | + if ((val1 != 0) && (val2 != 0) && (val3 != 0) && | ||
| 34 | + (((unsigned long long) UINT_MAX / (unsigned long long) val1 < | ||
| 35 | + (unsigned long long) val2) || | ||
| 36 | + ((unsigned long long) UINT_MAX / ((unsigned long long) val1 * (unsigned long long) val2) < | ||
| 37 | + (unsigned long long) val3))) { | ||
| 38 | #ifdef DEBUG | ||
| 39 | - fprintf(stderr, "%s: Overflow detected (%llu). Aborting...\n", | ||
| 40 | - __FUNCTION__, | ||
| 41 | - (unsigned long long) val1 * (unsigned long long) val2 * (unsigned long long) val3); | ||
| 42 | + fprintf(stderr, "%s: Overflow detected (%u,%u,%u). Aborting...\n", | ||
| 43 | + __FUNCTION__, val1, val2, val3); | ||
| 44 | #endif | ||
| 45 | - exit(4); | ||
| 46 | + exit(4); | ||
| 47 | } | ||
| 48 | } | ||
| 49 | |||
| 50 | diff --git a/common.h b/common.h | ||
| 51 | index 0ac5896..b2ffe9f 100644 | ||
| 52 | --- a/common.h | ||
| 53 | +++ b/common.h | ||
| 54 | @@ -256,7 +256,7 @@ int check_dir | ||
| 55 | |||
| 56 | #ifndef SOURCE_SADC | ||
| 57 | void check_overflow | ||
| 58 | - (size_t, size_t, size_t); | ||
| 59 | + (unsigned int, unsigned int, unsigned int); | ||
| 60 | int count_bits | ||
| 61 | (void *, int); | ||
| 62 | int count_csvalues | ||
| 63 | diff --git a/sa_common.c b/sa_common.c | ||
| 64 | index 1b8fcaa..1144cfe 100644 | ||
| 65 | --- a/sa_common.c | ||
| 66 | +++ b/sa_common.c | ||
| 67 | @@ -452,8 +452,8 @@ void allocate_structures(struct activity *act[]) | ||
| 68 | if (act[i]->nr_ini > 0) { | ||
| 69 | |||
| 70 | /* Look for a possible overflow */ | ||
| 71 | - check_overflow((size_t) act[i]->msize, (size_t) act[i]->nr_ini, | ||
| 72 | - (size_t) act[i]->nr2); | ||
| 73 | + check_overflow((unsigned int) act[i]->msize, (unsigned int) act[i]->nr_ini, | ||
| 74 | + (unsigned int) act[i]->nr2); | ||
| 75 | |||
| 76 | for (j = 0; j < 3; j++) { | ||
| 77 | SREALLOC(act[i]->buf[j], void, | ||
| 78 | -- | ||
| 79 | 2.25.1 | ||
| 80 | |||
diff --git a/meta/recipes-extended/sysstat/sysstat_12.4.5.bb b/meta/recipes-extended/sysstat/sysstat_12.4.5.bb index 3a3d1fb6ba..f8a950e8a2 100644 --- a/meta/recipes-extended/sysstat/sysstat_12.4.5.bb +++ b/meta/recipes-extended/sysstat/sysstat_12.4.5.bb | |||
| @@ -3,6 +3,7 @@ require sysstat.inc | |||
| 3 | LIC_FILES_CHKSUM = "file://COPYING;md5=a23a74b3f4caf9616230789d94217acb" | 3 | LIC_FILES_CHKSUM = "file://COPYING;md5=a23a74b3f4caf9616230789d94217acb" |
| 4 | 4 | ||
| 5 | SRC_URI += "file://0001-configure.in-remove-check-for-chkconfig.patch \ | 5 | SRC_URI += "file://0001-configure.in-remove-check-for-chkconfig.patch \ |
| 6 | file://CVE-2022-39377.patch" | 6 | file://CVE-2022-39377.patch \ |
| 7 | 7 | file://CVE-2023-33204.patch \ | |
| 8 | " | ||
| 8 | SRC_URI[sha256sum] = "ef445acea301bbb996e410842f6290a8d049e884d4868cfef7e85dc04b7eee5b" | 9 | SRC_URI[sha256sum] = "ef445acea301bbb996e410842f6290a8d049e884d4868cfef7e85dc04b7eee5b" |
