Re: [OE-core] [PATCH] glibc: Fix CVE-2021-27645

[Khem Raj]

On Thu, Mar 11, 2021 at 7:21 AM Jamaluddin, Khairul Rohaizzat
<khairul.rohaizzat.jamalud...@intel.com> wrote:
>
> From: Khairul Rohaizzat Jamaluddin <khairul.rohaizzat.jamalud...@intel.com>
>
> CVE:
> CVE-2021-27645
>

lgtm. Do we need it for dunfell and gatesgarth as well ?

> Signed-off-by: Khairul Rohaizzat Jamaluddin 
> <khairul.rohaizzat.jamalud...@intel.com>
> ---
>  .../glibc/glibc/CVE-2021-27645.patch          | 51 +++++++++++++++++++
>  meta/recipes-core/glibc/glibc_2.33.bb         |  1 +
>  2 files changed, 52 insertions(+)
>  create mode 100644 meta/recipes-core/glibc/glibc/CVE-2021-27645.patch
>
> diff --git a/meta/recipes-core/glibc/glibc/CVE-2021-27645.patch 
> b/meta/recipes-core/glibc/glibc/CVE-2021-27645.patch
> new file mode 100644
> index 0000000000..26c5c0d2a9
> --- /dev/null
> +++ b/meta/recipes-core/glibc/glibc/CVE-2021-27645.patch
> @@ -0,0 +1,51 @@
> +From dca565886b5e8bd7966e15f0ca42ee5cff686673 Mon Sep 17 00:00:00 2001
> +From: DJ Delorie <d...@redhat.com>
> +Date: Thu, 25 Feb 2021 16:08:21 -0500
> +Subject: [PATCH] nscd: Fix double free in netgroupcache [BZ #27462]
> +
> +In commit 745664bd798ec8fd50438605948eea594179fba1 a use-after-free
> +was fixed, but this led to an occasional double-free.  This patch
> +tracks the "live" allocation better.
> +
> +Tested manually by a third party.
> +
> +Related: RHBZ 1927877
> +
> +Reviewed-by: Siddhesh Poyarekar <siddh...@sourceware.org>
> +Reviewed-by: Carlos O'Donell <car...@redhat.com>
> +
> +Upstream-Status: Backport 
> [https://sourceware.org/git/?p=glibc.git;a=commit;h=dca565886b5e8bd7966e15f0ca42ee5cff686673]
> +
> +CVE: CVE-2021-27645
> +
> +Reviewed-by: Carlos O'Donell <car...@redhat.com>
> +Signed-off-by: Khairul Rohaizzat Jamaluddin 
> <khairul.rohaizzat.jamalud...@intel.com>
> +---
> + nscd/netgroupcache.c | 4 ++--
> + 1 file changed, 2 insertions(+), 2 deletions(-)
> +
> +diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c
> +index dba6ceec1b..ad2daddafd 100644
> +--- a/nscd/netgroupcache.c
> ++++ b/nscd/netgroupcache.c
> +@@ -248,7 +248,7 @@ addgetnetgrentX (struct database_dyn *db, int fd, 
> request_header *req,
> +                                            : NULL);
> +                                   ndomain = (ndomain ? newbuf + ndomaindiff
> +                                              : NULL);
> +-                                  buffer = newbuf;
> ++                                  *tofreep = buffer = newbuf;
> +                                 }
> +
> +                               nhost = memcpy (buffer + bufused,
> +@@ -319,7 +319,7 @@ addgetnetgrentX (struct database_dyn *db, int fd, 
> request_header *req,
> +                   else if (status == NSS_STATUS_TRYAGAIN && e == ERANGE)
> +                     {
> +                       buflen *= 2;
> +-                      buffer = xrealloc (buffer, buflen);
> ++                      *tofreep = buffer = xrealloc (buffer, buflen);
> +                     }
> +                   else if (status == NSS_STATUS_RETURN
> +                            || status == NSS_STATUS_NOTFOUND
> +--
> +2.27.0
> +
> diff --git a/meta/recipes-core/glibc/glibc_2.33.bb 
> b/meta/recipes-core/glibc/glibc_2.33.bb
> index c47826a51e..d0a290822b 100644
> --- a/meta/recipes-core/glibc/glibc_2.33.bb
> +++ b/meta/recipes-core/glibc/glibc_2.33.bb
> @@ -45,6 +45,7 @@ SRC_URI =  "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc 
> \
>             file://0030-powerpc-Do-not-ask-compiler-for-finding-arch.patch \
>             
> file://0031-x86-Require-full-ISA-support-for-x86-64-level-marker.patch \
>             file://0032-string-Work-around-GCC-PR-98512-in-rawmemchr.patch \
> +           file://CVE-2021-27645.patch \
>             "
>  S = "${WORKDIR}/git"
>  B = "${WORKDIR}/build-${TARGET_SYS}"
> --
> 2.29.0
>
>
> 
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#149305): 
https://lists.openembedded.org/g/openembedded-core/message/149305
Mute This Topic: https://lists.openembedded.org/mt/81255047/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-