[OE-core][dunfell 05/13] sysstat: fix CVE-2022-39377

Steve Sakoman Fri, 16 Dec 2022 06:58:13 -0800

From: Hitendra Prajapati <hprajap...@mvista.com>

Signed-off-by: Hitendra Prajapati <hprajap...@mvista.com>
Signed-off-by: Steve Sakoman <st...@sakoman.com>
---
 .../sysstat/sysstat/CVE-2022-39377.patch      | 92 +++++++++++++++++++
 .../sysstat/sysstat_12.2.1.bb                 |  4 +-
 2 files changed, 95 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-extended/sysstat/sysstat/CVE-2022-39377.patch


diff --git a/meta/recipes-extended/sysstat/sysstat/CVE-2022-39377.patch 
b/meta/recipes-extended/sysstat/sysstat/CVE-2022-39377.patch
new file mode 100644
index 0000000000..972cc8938b
--- /dev/null
+++ b/meta/recipes-extended/sysstat/sysstat/CVE-2022-39377.patch
@@ -0,0 +1,92 @@
+From 9c4eaf150662ad40607923389d4519bc83b93540 Mon Sep 17 00:00:00 2001
+From: Sebastien <s...@fedora-2.home>
+Date: Sat, 15 Oct 2022 14:24:22 +0200
+Subject: [PATCH] Fix size_t overflow in sa_common.c (GHSL-2022-074)
+
+allocate_structures function located in sa_common.c insufficiently
+checks bounds before arithmetic multiplication allowing for an
+overflow in the size allocated for the buffer representing system
+activities.
+
+This patch checks that the post-multiplied value is not greater than
+UINT_MAX.
+
+Signed-off-by: Sebastien <s...@fedora-2.home>
+
+Upstream-Status: Backport 
[https://github.com/sysstat/sysstat/commit/9c4eaf150662ad40607923389d4519bc83b93540]
+CVE : CVE-2022-39377
+Signed-off-by: Hitendra Prajapati <hprajap...@mvista.com>
+---
+ common.c    | 25 +++++++++++++++++++++++++
+ common.h    |  2 ++
+ sa_common.c |  6 ++++++
+ 3 files changed, 33 insertions(+)
+
+diff --git a/common.c b/common.c
+index ddfe75d..28d475e 100644
+--- a/common.c
++++ b/common.c
+@@ -1528,4 +1528,29 @@ int parse_values(char *strargv, unsigned char bitmap[], 
int max_val, const char
+ 
+       return 0;
+ }
++
++/*
++ ***************************************************************************
++ * Check if the multiplication of the 3 values may be greater than UINT_MAX.
++ *
++ * IN:
++ * @val1      First value.
++ * @val2      Second value.
++ * @val3      Third value.
++ ***************************************************************************
++ */
++void check_overflow(size_t val1, size_t val2, size_t val3)
++{
++      if ((unsigned long long) val1 *
++          (unsigned long long) val2 *
++          (unsigned long long) val3 > UINT_MAX) {
++#ifdef DEBUG
++              fprintf(stderr, "%s: Overflow detected (%llu). Aborting...\n",
++                      __FUNCTION__,
++                      (unsigned long long) val1 * (unsigned long long) val2 * 
(unsigned long long) val3);
++#endif
++      exit(4);
++      }
++}
++
+ #endif /* SOURCE_SADC undefined */
+diff --git a/common.h b/common.h
+index 86905ba..75f837a 100644
+--- a/common.h
++++ b/common.h
+@@ -249,6 +249,8 @@ int get_wwnid_from_pretty
+       (char *, unsigned long long *, unsigned int *);
+ 
+ #ifndef SOURCE_SADC
++void check_overflow
++      (size_t, size_t, size_t);
+ int count_bits
+       (void *, int);
+ int count_csvalues
+diff --git a/sa_common.c b/sa_common.c
+index 8a03099..ff90c1f 100644
+--- a/sa_common.c
++++ b/sa_common.c
+@@ -452,7 +452,13 @@ void allocate_structures(struct activity *act[])
+       int i, j;
+ 
+       for (i = 0; i < NR_ACT; i++) {
++
+               if (act[i]->nr_ini > 0) {
++
++                      /* Look for a possible overflow */
++                      check_overflow((size_t) act[i]->msize, (size_t) 
act[i]->nr_ini,
++                                     (size_t) act[i]->nr2);
++
+                       for (j = 0; j < 3; j++) {
+                               SREALLOC(act[i]->buf[j], void,
+                                               (size_t) act[i]->msize * 
(size_t) act[i]->nr_ini * (size_t) act[i]->nr2);
+-- 
+2.25.1
+
diff --git a/meta/recipes-extended/sysstat/sysstat_12.2.1.bb 
b/meta/recipes-extended/sysstat/sysstat_12.2.1.bb
index 2a90f89d25..2c0d5c8136 100644
--- a/meta/recipes-extended/sysstat/sysstat_12.2.1.bb
+++ b/meta/recipes-extended/sysstat/sysstat_12.2.1.bb
@@ -2,7 +2,9 @@ require sysstat.inc
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=a23a74b3f4caf9616230789d94217acb"
 
-SRC_URI += "file://0001-configure.in-remove-check-for-chkconfig.patch"
+SRC_URI += "file://0001-configure.in-remove-check-for-chkconfig.patch \
+            file://CVE-2022-39377.patch \
+           "
 
 SRC_URI[md5sum] = "9dfff5fac24e35bd92fb7896debf2ffb"
 SRC_URI[sha256sum] = 
"8edb0e19b514ac560a098a02933a4735b881296d61014db89bf80f05dd7a4732"
-- 
2.25.1

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#174749): 
https://lists.openembedded.org/g/openembedded-core/message/174749
Mute This Topic: https://lists.openembedded.org/mt/95710968/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 05/13] sysstat: fix CVE-2022-39377

Reply via email to