diff options
| author | Ross Burton <ross@burtonini.com> | 2021-11-22 11:40:56 +0000 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-12-05 12:35:43 +0000 |
| commit | a73f78146ed6635d17a014edfdcdf888a1659d04 (patch) | |
| tree | ced5c1dd014988ce7969a091bd9eea2bb05d33c1 | |
| parent | 1b99e73828345cdaba9a0c14abbfdb234a654094 (diff) | |
| download | poky-a73f78146ed6635d17a014edfdcdf888a1659d04.tar.gz | |
gmp: fix CVE-2021-43618
(From OE-Core rev: ebf1a7c42a9bd5a9d583248af95e0a30fa241465)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit fb3b9a7f668a6ffd56a99e1e8b83cdbad2a4bc66)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | meta/recipes-support/gmp/gmp/cve-2021-43618.patch | 27 | ||||
| -rw-r--r-- | meta/recipes-support/gmp/gmp_6.2.1.bb | 1 |
2 files changed, 28 insertions, 0 deletions
diff --git a/meta/recipes-support/gmp/gmp/cve-2021-43618.patch b/meta/recipes-support/gmp/gmp/cve-2021-43618.patch new file mode 100644 index 0000000000..095fb21eaa --- /dev/null +++ b/meta/recipes-support/gmp/gmp/cve-2021-43618.patch | |||
| @@ -0,0 +1,27 @@ | |||
| 1 | CVE: CVE-2021-43618 | ||
| 2 | Upstream-Status: Backport | ||
| 3 | Signed-off-by: Ross Burton <ross.burton@arm.com> | ||
| 4 | |||
| 5 | # HG changeset patch | ||
| 6 | # User Marco Bodrato <bodrato@mail.dm.unipi.it> | ||
| 7 | # Date 1634836009 -7200 | ||
| 8 | # Node ID 561a9c25298e17bb01896801ff353546c6923dbd | ||
| 9 | # Parent e1fd9db13b475209a864577237ea4b9105b3e96e | ||
| 10 | mpz/inp_raw.c: Avoid bit size overflows | ||
| 11 | |||
| 12 | diff -r e1fd9db13b47 -r 561a9c25298e mpz/inp_raw.c | ||
| 13 | --- a/mpz/inp_raw.c Tue Dec 22 23:49:51 2020 +0100 | ||
| 14 | +++ b/mpz/inp_raw.c Thu Oct 21 19:06:49 2021 +0200 | ||
| 15 | @@ -88,8 +88,11 @@ | ||
| 16 | |||
| 17 | abs_csize = ABS (csize); | ||
| 18 | |||
| 19 | + if (UNLIKELY (abs_csize > ~(mp_bitcnt_t) 0 / 8)) | ||
| 20 | + return 0; /* Bit size overflows */ | ||
| 21 | + | ||
| 22 | /* round up to a multiple of limbs */ | ||
| 23 | - abs_xsize = BITS_TO_LIMBS (abs_csize*8); | ||
| 24 | + abs_xsize = BITS_TO_LIMBS ((mp_bitcnt_t) abs_csize * 8); | ||
| 25 | |||
| 26 | if (abs_xsize != 0) | ||
| 27 | { | ||
diff --git a/meta/recipes-support/gmp/gmp_6.2.1.bb b/meta/recipes-support/gmp/gmp_6.2.1.bb index 3c50f928ab..f97c588c31 100644 --- a/meta/recipes-support/gmp/gmp_6.2.1.bb +++ b/meta/recipes-support/gmp/gmp_6.2.1.bb | |||
| @@ -12,6 +12,7 @@ SRC_URI = "https://gmplib.org/download/${BPN}/${BP}${REVISION}.tar.bz2 \ | |||
| 12 | file://use-includedir.patch \ | 12 | file://use-includedir.patch \ |
| 13 | file://0001-Append-the-user-provided-flags-to-the-auto-detected-.patch \ | 13 | file://0001-Append-the-user-provided-flags-to-the-auto-detected-.patch \ |
| 14 | file://0001-confiure.ac-Believe-the-cflags-from-environment.patch \ | 14 | file://0001-confiure.ac-Believe-the-cflags-from-environment.patch \ |
| 15 | file://cve-2021-43618.patch \ | ||
| 15 | " | 16 | " |
| 16 | SRC_URI[md5sum] = "28971fc21cf028042d4897f02fd355ea" | 17 | SRC_URI[md5sum] = "28971fc21cf028042d4897f02fd355ea" |
| 17 | SRC_URI[sha256sum] = "eae9326beb4158c386e39a356818031bd28f3124cf915f8c5b1dc4c7a36b4d7c" | 18 | SRC_URI[sha256sum] = "eae9326beb4158c386e39a356818031bd28f3124cf915f8c5b1dc4c7a36b4d7c" |