From: Xiangyu Chen <[email protected]> References: https://nvd.nist.gov/vuln/detail/CVE-2023-33204 https://ubuntu.com/security/CVE-2023-33204
Upstream Patch: https://github.com/sysstat/sysstat/commit/954ff2e2673c Signed-off-by: Xiangyu Chen <[email protected]> Signed-off-by: Sanjay Chitroda <[email protected]> Signed-off-by: Alexandre Belloni <[email protected]> Signed-off-by: Richard Purdie <[email protected]> (cherry picked from commit 7a6871590b908e4b749484d913da5e280c20d05f) Signed-off-by: Xiangyu Chen <[email protected]> --- .../sysstat/sysstat/CVE-2023-33204.patch | 46 +++++++++++++++++++ .../sysstat/sysstat_12.6.2.bb | 4 +- 2 files changed, 49 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-extended/sysstat/sysstat/CVE-2023-33204.patch diff --git a/meta/recipes-extended/sysstat/sysstat/CVE-2023-33204.patch b/meta/recipes-extended/sysstat/sysstat/CVE-2023-33204.patch new file mode 100644 index 0000000000..a7b51f3217 --- /dev/null +++ b/meta/recipes-extended/sysstat/sysstat/CVE-2023-33204.patch @@ -0,0 +1,46 @@ +From 0764cb56df4a5afdf04980c9eb6735f789f5aa42 Mon Sep 17 00:00:00 2001 +From: Pavel Kopylov <[email protected]> +Date: Wed, 17 May 2023 11:33:45 +0200 +Subject: [PATCH] Fix an overflow which is still possible for some values. + +CVE: CVE-2023-33204 +Upstream-Status: Backport [https://github.com/sysstat/sysstat/commit/954ff2e2673c] + +Backport Changes: +Adopt additional changes as per following merge commit of pull request: +https://github.com/sysstat/sysstat/commit/6f8dc568e6ab + +Signed-off-by: Xiangyu Chen <[email protected]> +Signed-off-by: Sanjay Chitroda <[email protected]> +--- + common.c | 14 ++++++++------ + 1 file changed, 8 insertions(+), 6 deletions(-) + +diff --git a/common.c b/common.c +index a3d31a5..138920c 100644 +--- a/common.c ++++ b/common.c +@@ -447,15 +447,17 @@ int check_dir(char *dirname) + void check_overflow(unsigned int val1, unsigned int val2, + unsigned int val3) + { +- if ((unsigned long long) val1 * (unsigned long long) val2 * +- (unsigned long long) val3 > UINT_MAX) { ++ if ((val1 != 0) && (val2 != 0) && (val3 != 0) && ++ (((unsigned long long)UINT_MAX / (unsigned long long)val1 < ++ (unsigned long long)val2) || ++ ((unsigned long long)UINT_MAX / ((unsigned long long)val1 * ++ (unsigned long long)val2) < (unsigned long long)val3))) { + #ifdef DEBUG +- fprintf(stderr, "%s: Overflow detected (%llu). Aborting...\n", +- __FUNCTION__, (unsigned long long) val1 * (unsigned long long) val2 * +- (unsigned long long) val3); ++ fprintf(stderr, "%s: Overflow detected (%u,%u,%u). Aborting...\n", ++ __FUNCTION__, val1, val2, val3); + #endif + exit(4); +- } ++ } + } + + #ifndef SOURCE_SADC diff --git a/meta/recipes-extended/sysstat/sysstat_12.6.2.bb b/meta/recipes-extended/sysstat/sysstat_12.6.2.bb index f9e5778e76..b5014eaefb 100644 --- a/meta/recipes-extended/sysstat/sysstat_12.6.2.bb +++ b/meta/recipes-extended/sysstat/sysstat_12.6.2.bb @@ -2,6 +2,8 @@ require sysstat.inc LIC_FILES_CHKSUM = "file://COPYING;md5=a23a74b3f4caf9616230789d94217acb" -SRC_URI += "file://0001-configure.in-remove-check-for-chkconfig.patch" +SRC_URI += "file://0001-configure.in-remove-check-for-chkconfig.patch \ + file://CVE-2023-33204.patch \ + " SRC_URI[sha256sum] = "3e77134aedaa6fc57d9745da67edfd8990e19adee71ac47196229261c563fb48" -- 2.34.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#182415): https://lists.openembedded.org/g/openembedded-core/message/182415 Mute This Topic: https://lists.openembedded.org/mt/99358360/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
