On 7/27/21 6:35 AM, Randy MacLeod wrote: > On 2021-07-17 7:12 p.m., akuster808 wrote: >> >> >> On 7/17/21 11:09 AM, Randy MacLeod wrote: >>> On 2021-07-17 9:50 a.m., akuster808 wrote: >>>> >>>> On 7/16/21 11:47 AM, Tony Tascioglu wrote: >>>>> This patch backports the fix for CVE-2021-29477. >>>>> >>>>> CVE: CVE-2021-29477 >>>>> Upstream-Status: Backport >>>>> [https://github.com/redis/redis/commit/f0c5f920d0f88bd8aa376a2c05af4902789d1ef9] >>>>> >>>>> >>>> Thanks for the fixes. Any reason why updating to the latest stable >>>> 6.2.4 >>>> is not an option? >>>> https://raw.githubusercontent.com/redis/redis/6.2/00-RELEASENOTES >>> >>> This commit adds a public function: >>> >>> 1916:void redactClientCommandArgument(client *c, int argc); >>> in: >>> https://github.com/redis/redis/commit/875a1f07d821dc5abe737b064018a27bbc7175d2 >>> >>> >>> >>> probably not a show stopper but it does affect the API in server.h. >>> >>> I didn't check the rest of the commit carefully but we really need an >>> API/ABI >>> checker. I'm not sure how redis clients usually interact with the >>> server, are you? >>> >>> It would be nice if this site were up to date: >>> https://abi-laboratory.pro/?view=timeline&l=hiredis >>> >>> I guess Tony could try the tools that the site points to if >>> you like Armin. >> >> Thanks for the info. Patches in this case are appropriate. >> >> - Armin > > Ping? I don't see this in hardknott yet... right. but its in stable/hardknott-nut still running through process.
-armin > ../Randy > >>> >>> ../Randy >>> >>> >>>> - Armin >>>>> An integer overflow bug in Redis version 6.0 or newer could be >>>>> exploited using >>>>> the STRALGO LCS command to corrupt the heap and potentially result >>>>> with remote >>>>> code execution. >>>>> >>>>> Signed-off-by: Tony Tascioglu <[email protected]> >>>>> --- >>>>> .../redis/redis/fix-CVE-2021-29477.patch | 35 >>>>> +++++++++++++++++++ >>>>> meta-oe/recipes-extended/redis/redis_6.2.2.bb | 1 + >>>>> 2 files changed, 36 insertions(+) >>>>> create mode 100644 >>>>> meta-oe/recipes-extended/redis/redis/fix-CVE-2021-29477.patch >>>>> >>>>> diff --git >>>>> a/meta-oe/recipes-extended/redis/redis/fix-CVE-2021-29477.patch >>>>> b/meta-oe/recipes-extended/redis/redis/fix-CVE-2021-29477.patch >>>>> new file mode 100644 >>>>> index 000000000..a5e5a1ba5 >>>>> --- /dev/null >>>>> +++ b/meta-oe/recipes-extended/redis/redis/fix-CVE-2021-29477.patch >>>>> @@ -0,0 +1,35 @@ >>>>> +From f0c5f920d0f88bd8aa376a2c05af4902789d1ef9 Mon Sep 17 00:00:00 >>>>> 2001 >>>>> +From: Oran Agra <[email protected]> >>>>> +Date: Mon, 3 May 2021 08:32:31 +0300 >>>>> +Subject: [PATCH] Fix integer overflow in STRALGO LCS >>>>> (CVE-2021-29477) >>>>> + >>>>> +An integer overflow bug in Redis version 6.0 or newer could be >>>>> exploited using >>>>> +the STRALGO LCS command to corrupt the heap and potentially result >>>>> with remote >>>>> +code execution. >>>>> + >>>>> +CVE: CVE-2021-29477 >>>>> +Upstream-Status: Backport >>>>> +[https://github.com/redis/redis/commit/f0c5f920d0f88bd8aa376a2c05af4902789d1ef9] >>>>> >>>>> >>>>> + >>>>> +Signed-off-by: Tony Tascioglu <[email protected]> >>>>> + >>>>> +--- >>>>> + src/t_string.c | 2 +- >>>>> + 1 file changed, 1 insertion(+), 1 deletion(-) >>>>> + >>>>> +diff --git a/src/t_string.c b/src/t_string.c >>>>> +index 9228c5ed0..db6f7042e 100644 >>>>> +--- a/src/t_string.c >>>>> ++++ b/src/t_string.c >>>>> +@@ -805,7 +805,7 @@ void stralgoLCS(client *c) { >>>>> + /* Setup an uint32_t array to store at LCS[i,j] the length >>>>> of the >>>>> + * LCS A0..i-1, B0..j-1. Note that we have a linear array >>>>> here, so >>>>> + * we index it as LCS[j+(blen+1)*j] */ >>>>> +- uint32_t *lcs = zmalloc((alen+1)*(blen+1)*sizeof(uint32_t)); >>>>> ++ uint32_t *lcs = >>>>> zmalloc((size_t)(alen+1)*(blen+1)*sizeof(uint32_t)); >>>>> + #define LCS(A,B) lcs[(B)+((A)*(blen+1))] >>>>> + >>>>> + /* Start building the LCS table. */ >>>>> +-- >>>>> +2.32.0 >>>>> + >>>>> diff --git a/meta-oe/recipes-extended/redis/redis_6.2.2.bb >>>>> b/meta-oe/recipes-extended/redis/redis_6.2.2.bb >>>>> index 65b525709..e89bb50f1 100644 >>>>> --- a/meta-oe/recipes-extended/redis/redis_6.2.2.bb >>>>> +++ b/meta-oe/recipes-extended/redis/redis_6.2.2.bb >>>>> @@ -16,6 +16,7 @@ SRC_URI = >>>>> "http://download.redis.io/releases/${BP}.tar.gz \ >>>>> file://0001-src-Do-not-reset-FINAL_LIBS.patch \ >>>>> file://GNU_SOURCE.patch \ >>>>> file://0006-Define-correct-gregs-for-RISCV32.patch \ >>>>> + file://fix-CVE-2021-29477.patch \ >>>>> " >>>>> SRC_URI[sha256sum] = >>>>> "7a260bb74860f1b88c3d5942bf8ba60ca59f121c6dce42d3017bed6add0b9535" >>>>> >>>>> >>> >> > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#92363): https://lists.openembedded.org/g/openembedded-devel/message/92363 Mute This Topic: https://lists.openembedded.org/mt/84255896/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
