From: Dragos-Marian Panait <[email protected]> sys-utils/ipcutils: be careful when call calloc() for uint64 nmembs
Fix: #1395 Signed-off-by: Karel Zak <[email protected]> CVE: CVE-2021-37600 Upstream-Status: Backport [1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c] Signed-off-by: Dragos-Marian Panait <[email protected]> Signed-off-by: Alexandre Belloni <[email protected]> Signed-off-by: Richard Purdie <[email protected]> (cherry picked from commit 9822232b4abd811bb9c8562f98c0aefc748340a0) Signed-off-by: Steve Sakoman <[email protected]> --- .../util-linux/CVE-2021-37600.patch | 33 +++++++++++++++++++ .../util-linux/util-linux_2.35.1.bb | 1 + 2 files changed, 34 insertions(+) create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2021-37600.patch diff --git a/meta/recipes-core/util-linux/util-linux/CVE-2021-37600.patch b/meta/recipes-core/util-linux/util-linux/CVE-2021-37600.patch new file mode 100644 index 0000000000..2b306c435b --- /dev/null +++ b/meta/recipes-core/util-linux/util-linux/CVE-2021-37600.patch @@ -0,0 +1,33 @@ +From 1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c Mon Sep 17 00:00:00 2001 +From: Karel Zak <[email protected]> +Date: Tue, 27 Jul 2021 11:58:31 +0200 +Subject: [PATCH] sys-utils/ipcutils: be careful when call calloc() for uint64 + nmembs + +Fix: https://github.com/karelzak/util-linux/issues/1395 +Signed-off-by: Karel Zak <[email protected]> + +CVE: CVE-2021-37600 +Upstream-Status: Backport [1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c] + +Signed-off-by: Dragos-Marian Panait <[email protected]> +--- + sys-utils/ipcutils.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/sys-utils/ipcutils.c b/sys-utils/ipcutils.c +index e784c4dcb..18868cfd3 100644 +--- a/sys-utils/ipcutils.c ++++ b/sys-utils/ipcutils.c +@@ -218,7 +218,7 @@ static void get_sem_elements(struct sem_data *p) + { + size_t i; + +- if (!p || !p->sem_nsems || p->sem_perm.id < 0) ++ if (!p || !p->sem_nsems || p->sem_nsems > SIZE_MAX || p->sem_perm.id < 0) + return; + + p->elements = xcalloc(p->sem_nsems, sizeof(struct sem_elem)); +-- +2.25.1 + diff --git a/meta/recipes-core/util-linux/util-linux_2.35.1.bb b/meta/recipes-core/util-linux/util-linux_2.35.1.bb index 516b783887..731f0618eb 100644 --- a/meta/recipes-core/util-linux/util-linux_2.35.1.bb +++ b/meta/recipes-core/util-linux/util-linux_2.35.1.bb @@ -11,6 +11,7 @@ SRC_URI += "file://configure-sbindir.patch \ file://0001-libfdisk-script-accept-sector-size-ignore-unknown-he.patch \ file://0001-kill-include-sys-types.h-before-checking-SYS_pidfd_s.patch \ file://0001-include-cleanup-pidfd-inckudes.patch \ + file://CVE-2021-37600.patch \ " SRC_URI[md5sum] = "7f64882f631225f0295ca05080cee1bf" SRC_URI[sha256sum] = "d9de3edd287366cd908e77677514b9387b22bc7b88f45b83e1922c3597f1d7f9" -- 2.25.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#154987): https://lists.openembedded.org/g/openembedded-core/message/154987 Mute This Topic: https://lists.openembedded.org/mt/85004758/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
