]> code.ossystems Code Review - openembedded-core.git/commitdiff
Code Review / openembedded-core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: ce78c16)
util-linux: fix CVE-2021-37600
authorDragos-Marian Panait <dragos.panait@windriver.com>
Tue, 10 Aug 2021 09:27:34 +0000 (12:27 +0300)
committerSteve Sakoman <steve@sakoman.com>
Tue, 17 Aug 2021 17:09:42 +0000 (07:09 -1000)
sys-utils/ipcutils: be careful when call calloc() for uint64 nmembs

Fix: #1395
Signed-off-by: Karel Zak <kzak@redhat.com>
CVE: CVE-2021-37600
Upstream-Status: Backport [1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c]

Signed-off-by: Dragos-Marian Panait <dragos.panait@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9822232b4abd811bb9c8562f98c0aefc748340a0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-core/util-linux/util-linux/CVE-2021-37600.patch [new file with mode: 0644] patch | blob
meta/recipes-core/util-linux/util-linux_2.35.1.bb patch | blob | history

diff --git a/meta/recipes-core/util-linux/util-linux/CVE-2021-37600.patch b/meta/recipes-core/util-linux/util-linux/CVE-2021-37600.patch
new file mode 100644 (file)
index 0000000..2b306c4
--- /dev/null
+++ b/meta/recipes-core/util-linux/util-linux/CVE-2021-37600.patch
@@ -0,0 +1,33 @@
+From 1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Tue, 27 Jul 2021 11:58:31 +0200
+Subject: [PATCH] sys-utils/ipcutils: be careful when call calloc() for uint64
+ nmembs
+
+Fix: https://github.com/karelzak/util-linux/issues/1395
+Signed-off-by: Karel Zak <kzak@redhat.com>
+
+CVE: CVE-2021-37600
+Upstream-Status: Backport [1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c]
+
+Signed-off-by: Dragos-Marian Panait <dragos.panait@windriver.com>
+---
+ sys-utils/ipcutils.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/sys-utils/ipcutils.c b/sys-utils/ipcutils.c
+index e784c4dcb..18868cfd3 100644
+--- a/sys-utils/ipcutils.c
++++ b/sys-utils/ipcutils.c
+@@ -218,7 +218,7 @@ static void get_sem_elements(struct sem_data *p)
+ {
+       size_t i;
+-      if (!p || !p->sem_nsems || p->sem_perm.id < 0)
++      if (!p || !p->sem_nsems || p->sem_nsems > SIZE_MAX || p->sem_perm.id < 0)
+               return;
+       p->elements = xcalloc(p->sem_nsems, sizeof(struct sem_elem));
+-- 
+2.25.1
+
diff --git a/meta/recipes-core/util-linux/util-linux_2.35.1.bb b/meta/recipes-core/util-linux/util-linux_2.35.1.bb
index 516b783887edce2bebf06699611c7807cfa15a38..731f0618ebf78acb6a4ad2bddeb1bffb5cb8c3cf 100644 (file)
--- a/meta/recipes-core/util-linux/util-linux_2.35.1.bb
+++ b/meta/recipes-core/util-linux/util-linux_2.35.1.bb
@@ -11,6 +11,7 @@ SRC_URI += "file://configure-sbindir.patch \
             file://0001-libfdisk-script-accept-sector-size-ignore-unknown-he.patch \
             file://0001-kill-include-sys-types.h-before-checking-SYS_pidfd_s.patch \
             file://0001-include-cleanup-pidfd-inckudes.patch \
+            file://CVE-2021-37600.patch \
 "
 SRC_URI[md5sum] = "7f64882f631225f0295ca05080cee1bf"
 SRC_URI[sha256sum] = "d9de3edd287366cd908e77677514b9387b22bc7b88f45b83e1922c3597f1d7f9"
Mirror of the official openembedded-core repository