On Tue, Dec 6, 2022 at 3:02 PM Xiangyu Chen <xiangyu.c...@eng.windriver.com> wrote: > > Friendly ping.
Not sure how I missed this! I've got it now. Thanks, Steve > On 11/19/22 16:17, Xiangyu Chen wrote: > > Signed-off-by: Xiangyu Chen <xiangyu.c...@windriver.com> > > --- > > .../sysstat/sysstat/CVE-2022-39377.patch | 93 +++++++++++++++++++ > > .../sysstat/sysstat_12.4.5.bb | 3 +- > > 2 files changed, 95 insertions(+), 1 deletion(-) > > create mode 100644 > > meta/recipes-extended/sysstat/sysstat/CVE-2022-39377.patch > > > > diff --git a/meta/recipes-extended/sysstat/sysstat/CVE-2022-39377.patch > > b/meta/recipes-extended/sysstat/sysstat/CVE-2022-39377.patch > > new file mode 100644 > > index 0000000000..dce7b0d61f > > --- /dev/null > > +++ b/meta/recipes-extended/sysstat/sysstat/CVE-2022-39377.patch > > @@ -0,0 +1,93 @@ > > +From 9c4eaf150662ad40607923389d4519bc83b93540 Mon Sep 17 00:00:00 2001 > > +From: Sebastien <s...@fedora-2.home> > > +Date: Sat, 15 Oct 2022 14:24:22 +0200 > > +Subject: [PATCH] Fix size_t overflow in sa_common.c (GHSL-2022-074) > > + > > +allocate_structures function located in sa_common.c insufficiently > > +checks bounds before arithmetic multiplication allowing for an > > +overflow in the size allocated for the buffer representing system > > +activities. > > + > > +This patch checks that the post-multiplied value is not greater than > > +UINT_MAX. > > + > > +Signed-off-by: Sebastien <s...@fedora-2.home> > > + > > +Upstream-Status: Backport from > > +[https://github.com/sysstat/sysstat/commit/a953ee3307d51255cc96e1f211882e97f795eed9] > > + > > +Signed-off-by: Xiangyu Chen <xiangyu.c...@windriver.com> > > +--- > > + common.c | 25 +++++++++++++++++++++++++ > > + common.h | 2 ++ > > + sa_common.c | 6 ++++++ > > + 3 files changed, 33 insertions(+) > > + > > +diff --git a/common.c b/common.c > > +index 81c7762..1a84b05 100644 > > +--- a/common.c > > ++++ b/common.c > > +@@ -1655,4 +1655,29 @@ int parse_values(char *strargv, unsigned char > > bitmap[], int max_val, const char > > + > > + return 0; > > + } > > ++ > > ++/* > > ++ > > *************************************************************************** > > ++ * Check if the multiplication of the 3 values may be greater than > > UINT_MAX. > > ++ * > > ++ * IN: > > ++ * @val1 First value. > > ++ * @val2 Second value. > > ++ * @val3 Third value. > > ++ > > *************************************************************************** > > ++ */ > > ++void check_overflow(size_t val1, size_t val2, size_t val3) > > ++{ > > ++ if ((unsigned long long) val1 * > > ++ (unsigned long long) val2 * > > ++ (unsigned long long) val3 > UINT_MAX) { > > ++#ifdef DEBUG > > ++ fprintf(stderr, "%s: Overflow detected (%llu). Aborting...\n", > > ++ __FUNCTION__, > > ++ (unsigned long long) val1 * (unsigned long long) val2 > > * (unsigned long long) val3); > > ++#endif > > ++ exit(4); > > ++ } > > ++} > > ++ > > + #endif /* SOURCE_SADC undefined */ > > +diff --git a/common.h b/common.h > > +index 55b6657..e8ab98a 100644 > > +--- a/common.h > > ++++ b/common.h > > +@@ -260,6 +260,8 @@ int check_dir > > + (char *); > > + > > + #ifndef SOURCE_SADC > > ++void check_overflow > > ++ (size_t, size_t, size_t); > > + int count_bits > > + (void *, int); > > + int count_csvalues > > +diff --git a/sa_common.c b/sa_common.c > > +index 3699a84..b2cec4a 100644 > > +--- a/sa_common.c > > ++++ b/sa_common.c > > +@@ -459,7 +459,13 @@ void allocate_structures(struct activity *act[]) > > + int i, j; > > + > > + for (i = 0; i < NR_ACT; i++) { > > ++ > > + if (act[i]->nr_ini > 0) { > > ++ > > ++ /* Look for a possible overflow */ > > ++ check_overflow((size_t) act[i]->msize, (size_t) > > act[i]->nr_ini, > > ++ (size_t) act[i]->nr2); > > ++ > > + for (j = 0; j < 3; j++) { > > + SREALLOC(act[i]->buf[j], void, > > + (size_t) act[i]->msize * > > (size_t) act[i]->nr_ini * (size_t) act[i]->nr2); > > +-- > > +2.34.1 > > + > > diff --git a/meta/recipes-extended/sysstat/sysstat_12.4.5.bb > > b/meta/recipes-extended/sysstat/sysstat_12.4.5.bb > > index fe3db4d8a5..3a3d1fb6ba 100644 > > --- a/meta/recipes-extended/sysstat/sysstat_12.4.5.bb > > +++ b/meta/recipes-extended/sysstat/sysstat_12.4.5.bb > > @@ -2,6 +2,7 @@ require sysstat.inc > > > > LIC_FILES_CHKSUM = "file://COPYING;md5=a23a74b3f4caf9616230789d94217acb" > > > > -SRC_URI += "file://0001-configure.in-remove-check-for-chkconfig.patch" > > +SRC_URI += "file://0001-configure.in-remove-check-for-chkconfig.patch \ > > + file://CVE-2022-39377.patch" > > > > SRC_URI[sha256sum] = > > "ef445acea301bbb996e410842f6290a8d049e884d4868cfef7e85dc04b7eee5b" > > > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#174340): https://lists.openembedded.org/g/openembedded-core/message/174340 Mute This Topic: https://lists.openembedded.org/mt/95129830/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
