* [PATCH] glibc: Fix CVE-2021-35942 @ 2021-07-28 7:52 Vinay Kumar 2021-08-15 7:49 ` Vinay Kumar 0 siblings, 1 reply; 8+ messages in thread From: Vinay Kumar @ 2021-07-28 7:52 UTC (permalink / raw) To: openembedded-core Cc: anuj.mittal, richard.purdie, rwmacleod, umesh.kalappa0, vinay.kumar, Vinay Kumar Source: https://sourceware.org/git/glibc.git Tracking -- https://sourceware.org/bugzilla/show_bug.cgi?id=28011 Backported upstream commit 5adda61f62b77384718b4c0d8336ade8f2b4b35c to glibc-2.33 source. Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c] Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com> --- .../glibc/glibc/CVE-2021-35942.patch | 44 +++++++++++++++++++ meta/recipes-core/glibc/glibc_2.33.bb | 1 + 2 files changed, 45 insertions(+) create mode 100644 meta/recipes-core/glibc/glibc/CVE-2021-35942.patch diff --git a/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch b/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch new file mode 100644 index 0000000000..5cae1bc91c --- /dev/null +++ b/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch @@ -0,0 +1,44 @@ +From 5adda61f62b77384718b4c0d8336ade8f2b4b35c Mon Sep 17 00:00:00 2001 +From: Andreas Schwab <schwab@linux-m68k.org> +Date: Fri, 25 Jun 2021 15:02:47 +0200 +Subject: [PATCH] wordexp: handle overflow in positional parameter number (bug + 28011) + +Use strtoul instead of atoi so that overflow can be detected. + +Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c] +CVE: CVE-2021-35942 +Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com> +--- + posix/wordexp-test.c | 1 + + posix/wordexp.c | 2 +- + 2 files changed, 2 insertions(+), 1 deletion(-) + +diff --git a/posix/wordexp-test.c b/posix/wordexp-test.c +index f93a546d7e..9df02dbbb3 100644 +--- a/posix/wordexp-test.c ++++ b/posix/wordexp-test.c +@@ -183,6 +183,7 @@ struct test_case_struct + { 0, NULL, "$var", 0, 0, { NULL, }, IFS }, + { 0, NULL, "\"\\n\"", 0, 1, { "\\n", }, IFS }, + { 0, NULL, "", 0, 0, { NULL, }, IFS }, ++ { 0, NULL, "${1234567890123456789012}", 0, 0, { NULL, }, IFS }, + + /* Flags not already covered (testit() has special handling for these) */ + { 0, NULL, "one two", WRDE_DOOFFS, 2, { "one", "two", }, IFS }, +diff --git a/posix/wordexp.c b/posix/wordexp.c +index bcbe96e48d..1f3b09f721 100644 +--- a/posix/wordexp.c ++++ b/posix/wordexp.c +@@ -1399,7 +1399,7 @@ envsubst: + /* Is it a numeric parameter? */ + else if (isdigit (env[0])) + { +- int n = atoi (env); ++ unsigned long n = strtoul (env, NULL, 10); + + if (n >= __libc_argc) + /* Substitute NULL. */ +-- +2.17.1 + diff --git a/meta/recipes-core/glibc/glibc_2.33.bb b/meta/recipes-core/glibc/glibc_2.33.bb index e9f01a14c5..abb01f8468 100644 --- a/meta/recipes-core/glibc/glibc_2.33.bb +++ b/meta/recipes-core/glibc/glibc_2.33.bb @@ -58,6 +58,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \ file://0030-powerpc-Do-not-ask-compiler-for-finding-arch.patch \ file://mte-backports.patch \ file://CVE-2021-33574.patch \ + file://CVE-2021-35942.patch \ " S = "${WORKDIR}/git" B = "${WORKDIR}/build-${TARGET_SYS}" -- 2.31.1 ^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH] glibc: Fix CVE-2021-35942 2021-07-28 7:52 [PATCH] glibc: Fix CVE-2021-35942 Vinay Kumar @ 2021-08-15 7:49 ` Vinay Kumar 2021-08-15 9:19 ` Alexandre Belloni 0 siblings, 1 reply; 8+ messages in thread From: Vinay Kumar @ 2021-08-15 7:49 UTC (permalink / raw) To: Richard Purdie Cc: Mittal, Anuj, Randy MacLeod, Patches and discussions about the oe-core layer, umesh kalappa0, vinay.kumar, alexandre.belloni Hi Richard, Any update on the above patch. Please let me know if anything is pending from my side. Regards, Vinay On Wed, Jul 28, 2021 at 1:22 PM Vinay Kumar <vinay.m.engg@gmail.com> wrote: > > Source: https://sourceware.org/git/glibc.git > Tracking -- https://sourceware.org/bugzilla/show_bug.cgi?id=28011 > > Backported upstream commit 5adda61f62b77384718b4c0d8336ade8f2b4b35c to > glibc-2.33 source. > > Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c] > > Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com> > --- > .../glibc/glibc/CVE-2021-35942.patch | 44 +++++++++++++++++++ > meta/recipes-core/glibc/glibc_2.33.bb | 1 + > 2 files changed, 45 insertions(+) > create mode 100644 meta/recipes-core/glibc/glibc/CVE-2021-35942.patch > > diff --git a/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch b/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch > new file mode 100644 > index 0000000000..5cae1bc91c > --- /dev/null > +++ b/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch > @@ -0,0 +1,44 @@ > +From 5adda61f62b77384718b4c0d8336ade8f2b4b35c Mon Sep 17 00:00:00 2001 > +From: Andreas Schwab <schwab@linux-m68k.org> > +Date: Fri, 25 Jun 2021 15:02:47 +0200 > +Subject: [PATCH] wordexp: handle overflow in positional parameter number (bug > + 28011) > + > +Use strtoul instead of atoi so that overflow can be detected. > + > +Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c] > +CVE: CVE-2021-35942 > +Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com> > +--- > + posix/wordexp-test.c | 1 + > + posix/wordexp.c | 2 +- > + 2 files changed, 2 insertions(+), 1 deletion(-) > + > +diff --git a/posix/wordexp-test.c b/posix/wordexp-test.c > +index f93a546d7e..9df02dbbb3 100644 > +--- a/posix/wordexp-test.c > ++++ b/posix/wordexp-test.c > +@@ -183,6 +183,7 @@ struct test_case_struct > + { 0, NULL, "$var", 0, 0, { NULL, }, IFS }, > + { 0, NULL, "\"\\n\"", 0, 1, { "\\n", }, IFS }, > + { 0, NULL, "", 0, 0, { NULL, }, IFS }, > ++ { 0, NULL, "${1234567890123456789012}", 0, 0, { NULL, }, IFS }, > + > + /* Flags not already covered (testit() has special handling for these) */ > + { 0, NULL, "one two", WRDE_DOOFFS, 2, { "one", "two", }, IFS }, > +diff --git a/posix/wordexp.c b/posix/wordexp.c > +index bcbe96e48d..1f3b09f721 100644 > +--- a/posix/wordexp.c > ++++ b/posix/wordexp.c > +@@ -1399,7 +1399,7 @@ envsubst: > + /* Is it a numeric parameter? */ > + else if (isdigit (env[0])) > + { > +- int n = atoi (env); > ++ unsigned long n = strtoul (env, NULL, 10); > + > + if (n >= __libc_argc) > + /* Substitute NULL. */ > +-- > +2.17.1 > + > diff --git a/meta/recipes-core/glibc/glibc_2.33.bb b/meta/recipes-core/glibc/glibc_2.33.bb > index e9f01a14c5..abb01f8468 100644 > --- a/meta/recipes-core/glibc/glibc_2.33.bb > +++ b/meta/recipes-core/glibc/glibc_2.33.bb > @@ -58,6 +58,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \ > file://0030-powerpc-Do-not-ask-compiler-for-finding-arch.patch \ > file://mte-backports.patch \ > file://CVE-2021-33574.patch \ > + file://CVE-2021-35942.patch \ > " > S = "${WORKDIR}/git" > B = "${WORKDIR}/build-${TARGET_SYS}" > -- > 2.31.1 > ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] glibc: Fix CVE-2021-35942 2021-08-15 7:49 ` Vinay Kumar @ 2021-08-15 9:19 ` Alexandre Belloni 2021-08-15 9:53 ` Vinay Kumar 2021-08-15 17:31 ` [OE-core] " Khem Raj 0 siblings, 2 replies; 8+ messages in thread From: Alexandre Belloni @ 2021-08-15 9:19 UTC (permalink / raw) To: Vinay Kumar Cc: Richard Purdie, Mittal, Anuj, Randy MacLeod, Patches and discussions about the oe-core layer, umesh kalappa0, vinay.kumar Hello, On 15/08/2021 13:19:33+0530, Vinay Kumar wrote: > Hi Richard, > > Any update on the above patch. > Please let me know if anything is pending from my side. > I didn't test because the plan is to switch to glibc2.34 which IIRC has the fix. > Regards, > Vinay > > On Wed, Jul 28, 2021 at 1:22 PM Vinay Kumar <vinay.m.engg@gmail.com> wrote: > > > > Source: https://sourceware.org/git/glibc.git > > Tracking -- https://sourceware.org/bugzilla/show_bug.cgi?id=28011 > > > > Backported upstream commit 5adda61f62b77384718b4c0d8336ade8f2b4b35c to > > glibc-2.33 source. > > > > Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c] > > > > Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com> > > --- > > .../glibc/glibc/CVE-2021-35942.patch | 44 +++++++++++++++++++ > > meta/recipes-core/glibc/glibc_2.33.bb | 1 + > > 2 files changed, 45 insertions(+) > > create mode 100644 meta/recipes-core/glibc/glibc/CVE-2021-35942.patch > > > > diff --git a/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch b/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch > > new file mode 100644 > > index 0000000000..5cae1bc91c > > --- /dev/null > > +++ b/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch > > @@ -0,0 +1,44 @@ > > +From 5adda61f62b77384718b4c0d8336ade8f2b4b35c Mon Sep 17 00:00:00 2001 > > +From: Andreas Schwab <schwab@linux-m68k.org> > > +Date: Fri, 25 Jun 2021 15:02:47 +0200 > > +Subject: [PATCH] wordexp: handle overflow in positional parameter number (bug > > + 28011) > > + > > +Use strtoul instead of atoi so that overflow can be detected. > > + > > +Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c] > > +CVE: CVE-2021-35942 > > +Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com> > > +--- > > + posix/wordexp-test.c | 1 + > > + posix/wordexp.c | 2 +- > > + 2 files changed, 2 insertions(+), 1 deletion(-) > > + > > +diff --git a/posix/wordexp-test.c b/posix/wordexp-test.c > > +index f93a546d7e..9df02dbbb3 100644 > > +--- a/posix/wordexp-test.c > > ++++ b/posix/wordexp-test.c > > +@@ -183,6 +183,7 @@ struct test_case_struct > > + { 0, NULL, "$var", 0, 0, { NULL, }, IFS }, > > + { 0, NULL, "\"\\n\"", 0, 1, { "\\n", }, IFS }, > > + { 0, NULL, "", 0, 0, { NULL, }, IFS }, > > ++ { 0, NULL, "${1234567890123456789012}", 0, 0, { NULL, }, IFS }, > > + > > + /* Flags not already covered (testit() has special handling for these) */ > > + { 0, NULL, "one two", WRDE_DOOFFS, 2, { "one", "two", }, IFS }, > > +diff --git a/posix/wordexp.c b/posix/wordexp.c > > +index bcbe96e48d..1f3b09f721 100644 > > +--- a/posix/wordexp.c > > ++++ b/posix/wordexp.c > > +@@ -1399,7 +1399,7 @@ envsubst: > > + /* Is it a numeric parameter? */ > > + else if (isdigit (env[0])) > > + { > > +- int n = atoi (env); > > ++ unsigned long n = strtoul (env, NULL, 10); > > + > > + if (n >= __libc_argc) > > + /* Substitute NULL. */ > > +-- > > +2.17.1 > > + > > diff --git a/meta/recipes-core/glibc/glibc_2.33.bb b/meta/recipes-core/glibc/glibc_2.33.bb > > index e9f01a14c5..abb01f8468 100644 > > --- a/meta/recipes-core/glibc/glibc_2.33.bb > > +++ b/meta/recipes-core/glibc/glibc_2.33.bb > > @@ -58,6 +58,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \ > > file://0030-powerpc-Do-not-ask-compiler-for-finding-arch.patch \ > > file://mte-backports.patch \ > > file://CVE-2021-33574.patch \ > > + file://CVE-2021-35942.patch \ > > " > > S = "${WORKDIR}/git" > > B = "${WORKDIR}/build-${TARGET_SYS}" > > -- > > 2.31.1 > > -- Alexandre Belloni, co-owner and COO, Bootlin Embedded Linux and Kernel engineering https://bootlin.com ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] glibc: Fix CVE-2021-35942 2021-08-15 9:19 ` Alexandre Belloni @ 2021-08-15 9:53 ` Vinay Kumar 2021-08-15 17:31 ` [OE-core] " Khem Raj 1 sibling, 0 replies; 8+ messages in thread From: Vinay Kumar @ 2021-08-15 9:53 UTC (permalink / raw) To: Alexandre Belloni Cc: Richard Purdie, Mittal, Anuj, Randy MacLeod, Patches and discussions about the oe-core layer, umesh kalappa0, vinay.kumar Hi Alexandre, Thanks for confirming. Regards, Vinay On Sun, Aug 15, 2021 at 2:49 PM Alexandre Belloni <alexandre.belloni@bootlin.com> wrote: > > Hello, > > On 15/08/2021 13:19:33+0530, Vinay Kumar wrote: > > Hi Richard, > > > > Any update on the above patch. > > Please let me know if anything is pending from my side. > > > > I didn't test because the plan is to switch to glibc2.34 which IIRC has > the fix. > > > Regards, > > Vinay > > > > On Wed, Jul 28, 2021 at 1:22 PM Vinay Kumar <vinay.m.engg@gmail.com> wrote: > > > > > > Source: https://sourceware.org/git/glibc.git > > > Tracking -- https://sourceware.org/bugzilla/show_bug.cgi?id=28011 > > > > > > Backported upstream commit 5adda61f62b77384718b4c0d8336ade8f2b4b35c to > > > glibc-2.33 source. > > > > > > Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c] > > > > > > Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com> > > > --- > > > .../glibc/glibc/CVE-2021-35942.patch | 44 +++++++++++++++++++ > > > meta/recipes-core/glibc/glibc_2.33.bb | 1 + > > > 2 files changed, 45 insertions(+) > > > create mode 100644 meta/recipes-core/glibc/glibc/CVE-2021-35942.patch > > > > > > diff --git a/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch b/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch > > > new file mode 100644 > > > index 0000000000..5cae1bc91c > > > --- /dev/null > > > +++ b/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch > > > @@ -0,0 +1,44 @@ > > > +From 5adda61f62b77384718b4c0d8336ade8f2b4b35c Mon Sep 17 00:00:00 2001 > > > +From: Andreas Schwab <schwab@linux-m68k.org> > > > +Date: Fri, 25 Jun 2021 15:02:47 +0200 > > > +Subject: [PATCH] wordexp: handle overflow in positional parameter number (bug > > > + 28011) > > > + > > > +Use strtoul instead of atoi so that overflow can be detected. > > > + > > > +Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c] > > > +CVE: CVE-2021-35942 > > > +Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com> > > > +--- > > > + posix/wordexp-test.c | 1 + > > > + posix/wordexp.c | 2 +- > > > + 2 files changed, 2 insertions(+), 1 deletion(-) > > > + > > > +diff --git a/posix/wordexp-test.c b/posix/wordexp-test.c > > > +index f93a546d7e..9df02dbbb3 100644 > > > +--- a/posix/wordexp-test.c > > > ++++ b/posix/wordexp-test.c > > > +@@ -183,6 +183,7 @@ struct test_case_struct > > > + { 0, NULL, "$var", 0, 0, { NULL, }, IFS }, > > > + { 0, NULL, "\"\\n\"", 0, 1, { "\\n", }, IFS }, > > > + { 0, NULL, "", 0, 0, { NULL, }, IFS }, > > > ++ { 0, NULL, "${1234567890123456789012}", 0, 0, { NULL, }, IFS }, > > > + > > > + /* Flags not already covered (testit() has special handling for these) */ > > > + { 0, NULL, "one two", WRDE_DOOFFS, 2, { "one", "two", }, IFS }, > > > +diff --git a/posix/wordexp.c b/posix/wordexp.c > > > +index bcbe96e48d..1f3b09f721 100644 > > > +--- a/posix/wordexp.c > > > ++++ b/posix/wordexp.c > > > +@@ -1399,7 +1399,7 @@ envsubst: > > > + /* Is it a numeric parameter? */ > > > + else if (isdigit (env[0])) > > > + { > > > +- int n = atoi (env); > > > ++ unsigned long n = strtoul (env, NULL, 10); > > > + > > > + if (n >= __libc_argc) > > > + /* Substitute NULL. */ > > > +-- > > > +2.17.1 > > > + > > > diff --git a/meta/recipes-core/glibc/glibc_2.33.bb b/meta/recipes-core/glibc/glibc_2.33.bb > > > index e9f01a14c5..abb01f8468 100644 > > > --- a/meta/recipes-core/glibc/glibc_2.33.bb > > > +++ b/meta/recipes-core/glibc/glibc_2.33.bb > > > @@ -58,6 +58,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \ > > > file://0030-powerpc-Do-not-ask-compiler-for-finding-arch.patch \ > > > file://mte-backports.patch \ > > > file://CVE-2021-33574.patch \ > > > + file://CVE-2021-35942.patch \ > > > " > > > S = "${WORKDIR}/git" > > > B = "${WORKDIR}/build-${TARGET_SYS}" > > > -- > > > 2.31.1 > > > > > -- > Alexandre Belloni, co-owner and COO, Bootlin > Embedded Linux and Kernel engineering > https://bootlin.com ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [OE-core] [PATCH] glibc: Fix CVE-2021-35942 2021-08-15 9:19 ` Alexandre Belloni 2021-08-15 9:53 ` Vinay Kumar @ 2021-08-15 17:31 ` Khem Raj 2021-08-16 8:59 ` Vinay Kumar 1 sibling, 1 reply; 8+ messages in thread From: Khem Raj @ 2021-08-15 17:31 UTC (permalink / raw) To: Alexandre Belloni Cc: Vinay Kumar, Richard Purdie, Mittal, Anuj, Randy MacLeod, Patches and discussions about the oe-core layer, umesh kalappa0, vinay.kumar On Sun, Aug 15, 2021 at 2:19 AM Alexandre Belloni <alexandre.belloni@bootlin.com> wrote: > > Hello, > > On 15/08/2021 13:19:33+0530, Vinay Kumar wrote: > > Hi Richard, > > > > Any update on the above patch. > > Please let me know if anything is pending from my side. > > > > I didn't test because the plan is to switch to glibc2.34 which IIRC has > the fix. We perhaps still need it for hardknott. > > > Regards, > > Vinay > > > > On Wed, Jul 28, 2021 at 1:22 PM Vinay Kumar <vinay.m.engg@gmail.com> wrote: > > > > > > Source: https://sourceware.org/git/glibc.git > > > Tracking -- https://sourceware.org/bugzilla/show_bug.cgi?id=28011 > > > > > > Backported upstream commit 5adda61f62b77384718b4c0d8336ade8f2b4b35c to > > > glibc-2.33 source. > > > > > > Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c] > > > > > > Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com> > > > --- > > > .../glibc/glibc/CVE-2021-35942.patch | 44 +++++++++++++++++++ > > > meta/recipes-core/glibc/glibc_2.33.bb | 1 + > > > 2 files changed, 45 insertions(+) > > > create mode 100644 meta/recipes-core/glibc/glibc/CVE-2021-35942.patch > > > > > > diff --git a/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch b/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch > > > new file mode 100644 > > > index 0000000000..5cae1bc91c > > > --- /dev/null > > > +++ b/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch > > > @@ -0,0 +1,44 @@ > > > +From 5adda61f62b77384718b4c0d8336ade8f2b4b35c Mon Sep 17 00:00:00 2001 > > > +From: Andreas Schwab <schwab@linux-m68k.org> > > > +Date: Fri, 25 Jun 2021 15:02:47 +0200 > > > +Subject: [PATCH] wordexp: handle overflow in positional parameter number (bug > > > + 28011) > > > + > > > +Use strtoul instead of atoi so that overflow can be detected. > > > + > > > +Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c] > > > +CVE: CVE-2021-35942 > > > +Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com> > > > +--- > > > + posix/wordexp-test.c | 1 + > > > + posix/wordexp.c | 2 +- > > > + 2 files changed, 2 insertions(+), 1 deletion(-) > > > + > > > +diff --git a/posix/wordexp-test.c b/posix/wordexp-test.c > > > +index f93a546d7e..9df02dbbb3 100644 > > > +--- a/posix/wordexp-test.c > > > ++++ b/posix/wordexp-test.c > > > +@@ -183,6 +183,7 @@ struct test_case_struct > > > + { 0, NULL, "$var", 0, 0, { NULL, }, IFS }, > > > + { 0, NULL, "\"\\n\"", 0, 1, { "\\n", }, IFS }, > > > + { 0, NULL, "", 0, 0, { NULL, }, IFS }, > > > ++ { 0, NULL, "${1234567890123456789012}", 0, 0, { NULL, }, IFS }, > > > + > > > + /* Flags not already covered (testit() has special handling for these) */ > > > + { 0, NULL, "one two", WRDE_DOOFFS, 2, { "one", "two", }, IFS }, > > > +diff --git a/posix/wordexp.c b/posix/wordexp.c > > > +index bcbe96e48d..1f3b09f721 100644 > > > +--- a/posix/wordexp.c > > > ++++ b/posix/wordexp.c > > > +@@ -1399,7 +1399,7 @@ envsubst: > > > + /* Is it a numeric parameter? */ > > > + else if (isdigit (env[0])) > > > + { > > > +- int n = atoi (env); > > > ++ unsigned long n = strtoul (env, NULL, 10); > > > + > > > + if (n >= __libc_argc) > > > + /* Substitute NULL. */ > > > +-- > > > +2.17.1 > > > + > > > diff --git a/meta/recipes-core/glibc/glibc_2.33.bb b/meta/recipes-core/glibc/glibc_2.33.bb > > > index e9f01a14c5..abb01f8468 100644 > > > --- a/meta/recipes-core/glibc/glibc_2.33.bb > > > +++ b/meta/recipes-core/glibc/glibc_2.33.bb > > > @@ -58,6 +58,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \ > > > file://0030-powerpc-Do-not-ask-compiler-for-finding-arch.patch \ > > > file://mte-backports.patch \ > > > file://CVE-2021-33574.patch \ > > > + file://CVE-2021-35942.patch \ > > > " > > > S = "${WORKDIR}/git" > > > B = "${WORKDIR}/build-${TARGET_SYS}" > > > -- > > > 2.31.1 > > > > > -- > Alexandre Belloni, co-owner and COO, Bootlin > Embedded Linux and Kernel engineering > https://bootlin.com > > > ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [OE-core] [PATCH] glibc: Fix CVE-2021-35942 2021-08-15 17:31 ` [OE-core] " Khem Raj @ 2021-08-16 8:59 ` Vinay Kumar 2021-08-16 15:14 ` Khem Raj 0 siblings, 1 reply; 8+ messages in thread From: Vinay Kumar @ 2021-08-16 8:59 UTC (permalink / raw) To: Khem Raj Cc: Alexandre Belloni, Richard Purdie, Mittal, Anuj, Randy MacLeod, Patches and discussions about the oe-core layer, umesh kalappa0, vinay.kumar Hi Khen Raj, The patch for hardknott branch was also submitted. https://lists.openembedded.org/g/openembedded-core/message/154810 Regards, Vinay On Sun, Aug 15, 2021 at 11:01 PM Khem Raj <raj.khem@gmail.com> wrote: > > On Sun, Aug 15, 2021 at 2:19 AM Alexandre Belloni > <alexandre.belloni@bootlin.com> wrote: > > > > Hello, > > > > On 15/08/2021 13:19:33+0530, Vinay Kumar wrote: > > > Hi Richard, > > > > > > Any update on the above patch. > > > Please let me know if anything is pending from my side. > > > > > > > I didn't test because the plan is to switch to glibc2.34 which IIRC has > > the fix. > > We perhaps still need it for hardknott. > > > > > > Regards, > > > Vinay > > > > > > On Wed, Jul 28, 2021 at 1:22 PM Vinay Kumar <vinay.m.engg@gmail.com> wrote: > > > > > > > > Source: https://sourceware.org/git/glibc.git > > > > Tracking -- https://sourceware.org/bugzilla/show_bug.cgi?id=28011 > > > > > > > > Backported upstream commit 5adda61f62b77384718b4c0d8336ade8f2b4b35c to > > > > glibc-2.33 source. > > > > > > > > Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c] > > > > > > > > Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com> > > > > --- > > > > .../glibc/glibc/CVE-2021-35942.patch | 44 +++++++++++++++++++ > > > > meta/recipes-core/glibc/glibc_2.33.bb | 1 + > > > > 2 files changed, 45 insertions(+) > > > > create mode 100644 meta/recipes-core/glibc/glibc/CVE-2021-35942.patch > > > > > > > > diff --git a/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch b/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch > > > > new file mode 100644 > > > > index 0000000000..5cae1bc91c > > > > --- /dev/null > > > > +++ b/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch > > > > @@ -0,0 +1,44 @@ > > > > +From 5adda61f62b77384718b4c0d8336ade8f2b4b35c Mon Sep 17 00:00:00 2001 > > > > +From: Andreas Schwab <schwab@linux-m68k.org> > > > > +Date: Fri, 25 Jun 2021 15:02:47 +0200 > > > > +Subject: [PATCH] wordexp: handle overflow in positional parameter number (bug > > > > + 28011) > > > > + > > > > +Use strtoul instead of atoi so that overflow can be detected. > > > > + > > > > +Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c] > > > > +CVE: CVE-2021-35942 > > > > +Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com> > > > > +--- > > > > + posix/wordexp-test.c | 1 + > > > > + posix/wordexp.c | 2 +- > > > > + 2 files changed, 2 insertions(+), 1 deletion(-) > > > > + > > > > +diff --git a/posix/wordexp-test.c b/posix/wordexp-test.c > > > > +index f93a546d7e..9df02dbbb3 100644 > > > > +--- a/posix/wordexp-test.c > > > > ++++ b/posix/wordexp-test.c > > > > +@@ -183,6 +183,7 @@ struct test_case_struct > > > > + { 0, NULL, "$var", 0, 0, { NULL, }, IFS }, > > > > + { 0, NULL, "\"\\n\"", 0, 1, { "\\n", }, IFS }, > > > > + { 0, NULL, "", 0, 0, { NULL, }, IFS }, > > > > ++ { 0, NULL, "${1234567890123456789012}", 0, 0, { NULL, }, IFS }, > > > > + > > > > + /* Flags not already covered (testit() has special handling for these) */ > > > > + { 0, NULL, "one two", WRDE_DOOFFS, 2, { "one", "two", }, IFS }, > > > > +diff --git a/posix/wordexp.c b/posix/wordexp.c > > > > +index bcbe96e48d..1f3b09f721 100644 > > > > +--- a/posix/wordexp.c > > > > ++++ b/posix/wordexp.c > > > > +@@ -1399,7 +1399,7 @@ envsubst: > > > > + /* Is it a numeric parameter? */ > > > > + else if (isdigit (env[0])) > > > > + { > > > > +- int n = atoi (env); > > > > ++ unsigned long n = strtoul (env, NULL, 10); > > > > + > > > > + if (n >= __libc_argc) > > > > + /* Substitute NULL. */ > > > > +-- > > > > +2.17.1 > > > > + > > > > diff --git a/meta/recipes-core/glibc/glibc_2.33.bb b/meta/recipes-core/glibc/glibc_2.33.bb > > > > index e9f01a14c5..abb01f8468 100644 > > > > --- a/meta/recipes-core/glibc/glibc_2.33.bb > > > > +++ b/meta/recipes-core/glibc/glibc_2.33.bb > > > > @@ -58,6 +58,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \ > > > > file://0030-powerpc-Do-not-ask-compiler-for-finding-arch.patch \ > > > > file://mte-backports.patch \ > > > > file://CVE-2021-33574.patch \ > > > > + file://CVE-2021-35942.patch \ > > > > " > > > > S = "${WORKDIR}/git" > > > > B = "${WORKDIR}/build-${TARGET_SYS}" > > > > -- > > > > 2.31.1 > > > > > > > > -- > > Alexandre Belloni, co-owner and COO, Bootlin > > Embedded Linux and Kernel engineering > > https://bootlin.com > > > > > > ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [OE-core] [PATCH] glibc: Fix CVE-2021-35942 2021-08-16 8:59 ` Vinay Kumar @ 2021-08-16 15:14 ` Khem Raj 2021-08-19 5:15 ` Vinay Kumar 0 siblings, 1 reply; 8+ messages in thread From: Khem Raj @ 2021-08-16 15:14 UTC (permalink / raw) To: Vinay Kumar Cc: Alexandre Belloni, Richard Purdie, Mittal, Anuj, Randy MacLeod, Patches and discussions about the oe-core layer, umesh kalappa0, vinay.kumar On Mon, Aug 16, 2021 at 1:59 AM Vinay Kumar <vinay.m.engg@gmail.com> wrote: > > Hi Khen Raj, > > The patch for hardknott branch was also submitted. > https://lists.openembedded.org/g/openembedded-core/message/154810 OK, now we have glibc 2.34 in master so the master version is not needed anymore but we still should pursue the hardknott version. Please bring it to hardknott maintainer's attention if need be. > > Regards, > Vinay > > On Sun, Aug 15, 2021 at 11:01 PM Khem Raj <raj.khem@gmail.com> wrote: > > > > On Sun, Aug 15, 2021 at 2:19 AM Alexandre Belloni > > <alexandre.belloni@bootlin.com> wrote: > > > > > > Hello, > > > > > > On 15/08/2021 13:19:33+0530, Vinay Kumar wrote: > > > > Hi Richard, > > > > > > > > Any update on the above patch. > > > > Please let me know if anything is pending from my side. > > > > > > > > > > I didn't test because the plan is to switch to glibc2.34 which IIRC has > > > the fix. > > > > We perhaps still need it for hardknott. > > > > > > > > > Regards, > > > > Vinay > > > > > > > > On Wed, Jul 28, 2021 at 1:22 PM Vinay Kumar <vinay.m.engg@gmail.com> wrote: > > > > > > > > > > Source: https://sourceware.org/git/glibc.git > > > > > Tracking -- https://sourceware.org/bugzilla/show_bug.cgi?id=28011 > > > > > > > > > > Backported upstream commit 5adda61f62b77384718b4c0d8336ade8f2b4b35c to > > > > > glibc-2.33 source. > > > > > > > > > > Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c] > > > > > > > > > > Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com> > > > > > --- > > > > > .../glibc/glibc/CVE-2021-35942.patch | 44 +++++++++++++++++++ > > > > > meta/recipes-core/glibc/glibc_2.33.bb | 1 + > > > > > 2 files changed, 45 insertions(+) > > > > > create mode 100644 meta/recipes-core/glibc/glibc/CVE-2021-35942.patch > > > > > > > > > > diff --git a/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch b/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch > > > > > new file mode 100644 > > > > > index 0000000000..5cae1bc91c > > > > > --- /dev/null > > > > > +++ b/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch > > > > > @@ -0,0 +1,44 @@ > > > > > +From 5adda61f62b77384718b4c0d8336ade8f2b4b35c Mon Sep 17 00:00:00 2001 > > > > > +From: Andreas Schwab <schwab@linux-m68k.org> > > > > > +Date: Fri, 25 Jun 2021 15:02:47 +0200 > > > > > +Subject: [PATCH] wordexp: handle overflow in positional parameter number (bug > > > > > + 28011) > > > > > + > > > > > +Use strtoul instead of atoi so that overflow can be detected. > > > > > + > > > > > +Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c] > > > > > +CVE: CVE-2021-35942 > > > > > +Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com> > > > > > +--- > > > > > + posix/wordexp-test.c | 1 + > > > > > + posix/wordexp.c | 2 +- > > > > > + 2 files changed, 2 insertions(+), 1 deletion(-) > > > > > + > > > > > +diff --git a/posix/wordexp-test.c b/posix/wordexp-test.c > > > > > +index f93a546d7e..9df02dbbb3 100644 > > > > > +--- a/posix/wordexp-test.c > > > > > ++++ b/posix/wordexp-test.c > > > > > +@@ -183,6 +183,7 @@ struct test_case_struct > > > > > + { 0, NULL, "$var", 0, 0, { NULL, }, IFS }, > > > > > + { 0, NULL, "\"\\n\"", 0, 1, { "\\n", }, IFS }, > > > > > + { 0, NULL, "", 0, 0, { NULL, }, IFS }, > > > > > ++ { 0, NULL, "${1234567890123456789012}", 0, 0, { NULL, }, IFS }, > > > > > + > > > > > + /* Flags not already covered (testit() has special handling for these) */ > > > > > + { 0, NULL, "one two", WRDE_DOOFFS, 2, { "one", "two", }, IFS }, > > > > > +diff --git a/posix/wordexp.c b/posix/wordexp.c > > > > > +index bcbe96e48d..1f3b09f721 100644 > > > > > +--- a/posix/wordexp.c > > > > > ++++ b/posix/wordexp.c > > > > > +@@ -1399,7 +1399,7 @@ envsubst: > > > > > + /* Is it a numeric parameter? */ > > > > > + else if (isdigit (env[0])) > > > > > + { > > > > > +- int n = atoi (env); > > > > > ++ unsigned long n = strtoul (env, NULL, 10); > > > > > + > > > > > + if (n >= __libc_argc) > > > > > + /* Substitute NULL. */ > > > > > +-- > > > > > +2.17.1 > > > > > + > > > > > diff --git a/meta/recipes-core/glibc/glibc_2.33.bb b/meta/recipes-core/glibc/glibc_2.33.bb > > > > > index e9f01a14c5..abb01f8468 100644 > > > > > --- a/meta/recipes-core/glibc/glibc_2.33.bb > > > > > +++ b/meta/recipes-core/glibc/glibc_2.33.bb > > > > > @@ -58,6 +58,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \ > > > > > file://0030-powerpc-Do-not-ask-compiler-for-finding-arch.patch \ > > > > > file://mte-backports.patch \ > > > > > file://CVE-2021-33574.patch \ > > > > > + file://CVE-2021-35942.patch \ > > > > > " > > > > > S = "${WORKDIR}/git" > > > > > B = "${WORKDIR}/build-${TARGET_SYS}" > > > > > -- > > > > > 2.31.1 > > > > > > > > > > > -- > > > Alexandre Belloni, co-owner and COO, Bootlin > > > Embedded Linux and Kernel engineering > > > https://bootlin.com > > > > > > > > > ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [OE-core] [PATCH] glibc: Fix CVE-2021-35942 2021-08-16 15:14 ` Khem Raj @ 2021-08-19 5:15 ` Vinay Kumar 0 siblings, 0 replies; 8+ messages in thread From: Vinay Kumar @ 2021-08-19 5:15 UTC (permalink / raw) To: Khem Raj Cc: Alexandre Belloni, Richard Purdie, Mittal, Anuj, Randy MacLeod, Patches and discussions about the oe-core layer, umesh kalappa0, vinay.kumar Hi Khem Raj, FYI, the patch is committed in hardknott branch, https://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?h=hardknott&id=9df882ce6835692774c649405fcb474ea0eacda4 Regards, Vinay On Mon, Aug 16, 2021 at 8:45 PM Khem Raj <raj.khem@gmail.com> wrote: > > On Mon, Aug 16, 2021 at 1:59 AM Vinay Kumar <vinay.m.engg@gmail.com> wrote: > > > > Hi Khen Raj, > > > > The patch for hardknott branch was also submitted. > > https://lists.openembedded.org/g/openembedded-core/message/154810 > > OK, now we have glibc 2.34 in master so the master version is not > needed anymore but we still should pursue the hardknott version. > Please bring it to hardknott maintainer's attention if need be. > > > > > Regards, > > Vinay > > > > On Sun, Aug 15, 2021 at 11:01 PM Khem Raj <raj.khem@gmail.com> wrote: > > > > > > On Sun, Aug 15, 2021 at 2:19 AM Alexandre Belloni > > > <alexandre.belloni@bootlin.com> wrote: > > > > > > > > Hello, > > > > > > > > On 15/08/2021 13:19:33+0530, Vinay Kumar wrote: > > > > > Hi Richard, > > > > > > > > > > Any update on the above patch. > > > > > Please let me know if anything is pending from my side. > > > > > > > > > > > > > I didn't test because the plan is to switch to glibc2.34 which IIRC has > > > > the fix. > > > > > > We perhaps still need it for hardknott. > > > > > > > > > > > > Regards, > > > > > Vinay > > > > > > > > > > On Wed, Jul 28, 2021 at 1:22 PM Vinay Kumar <vinay.m.engg@gmail.com> wrote: > > > > > > > > > > > > Source: https://sourceware.org/git/glibc.git > > > > > > Tracking -- https://sourceware.org/bugzilla/show_bug.cgi?id=28011 > > > > > > > > > > > > Backported upstream commit 5adda61f62b77384718b4c0d8336ade8f2b4b35c to > > > > > > glibc-2.33 source. > > > > > > > > > > > > Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c] > > > > > > > > > > > > Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com> > > > > > > --- > > > > > > .../glibc/glibc/CVE-2021-35942.patch | 44 +++++++++++++++++++ > > > > > > meta/recipes-core/glibc/glibc_2.33.bb | 1 + > > > > > > 2 files changed, 45 insertions(+) > > > > > > create mode 100644 meta/recipes-core/glibc/glibc/CVE-2021-35942.patch > > > > > > > > > > > > diff --git a/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch b/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch > > > > > > new file mode 100644 > > > > > > index 0000000000..5cae1bc91c > > > > > > --- /dev/null > > > > > > +++ b/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch > > > > > > @@ -0,0 +1,44 @@ > > > > > > +From 5adda61f62b77384718b4c0d8336ade8f2b4b35c Mon Sep 17 00:00:00 2001 > > > > > > +From: Andreas Schwab <schwab@linux-m68k.org> > > > > > > +Date: Fri, 25 Jun 2021 15:02:47 +0200 > > > > > > +Subject: [PATCH] wordexp: handle overflow in positional parameter number (bug > > > > > > + 28011) > > > > > > + > > > > > > +Use strtoul instead of atoi so that overflow can be detected. > > > > > > + > > > > > > +Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c] > > > > > > +CVE: CVE-2021-35942 > > > > > > +Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com> > > > > > > +--- > > > > > > + posix/wordexp-test.c | 1 + > > > > > > + posix/wordexp.c | 2 +- > > > > > > + 2 files changed, 2 insertions(+), 1 deletion(-) > > > > > > + > > > > > > +diff --git a/posix/wordexp-test.c b/posix/wordexp-test.c > > > > > > +index f93a546d7e..9df02dbbb3 100644 > > > > > > +--- a/posix/wordexp-test.c > > > > > > ++++ b/posix/wordexp-test.c > > > > > > +@@ -183,6 +183,7 @@ struct test_case_struct > > > > > > + { 0, NULL, "$var", 0, 0, { NULL, }, IFS }, > > > > > > + { 0, NULL, "\"\\n\"", 0, 1, { "\\n", }, IFS }, > > > > > > + { 0, NULL, "", 0, 0, { NULL, }, IFS }, > > > > > > ++ { 0, NULL, "${1234567890123456789012}", 0, 0, { NULL, }, IFS }, > > > > > > + > > > > > > + /* Flags not already covered (testit() has special handling for these) */ > > > > > > + { 0, NULL, "one two", WRDE_DOOFFS, 2, { "one", "two", }, IFS }, > > > > > > +diff --git a/posix/wordexp.c b/posix/wordexp.c > > > > > > +index bcbe96e48d..1f3b09f721 100644 > > > > > > +--- a/posix/wordexp.c > > > > > > ++++ b/posix/wordexp.c > > > > > > +@@ -1399,7 +1399,7 @@ envsubst: > > > > > > + /* Is it a numeric parameter? */ > > > > > > + else if (isdigit (env[0])) > > > > > > + { > > > > > > +- int n = atoi (env); > > > > > > ++ unsigned long n = strtoul (env, NULL, 10); > > > > > > + > > > > > > + if (n >= __libc_argc) > > > > > > + /* Substitute NULL. */ > > > > > > +-- > > > > > > +2.17.1 > > > > > > + > > > > > > diff --git a/meta/recipes-core/glibc/glibc_2.33.bb b/meta/recipes-core/glibc/glibc_2.33.bb > > > > > > index e9f01a14c5..abb01f8468 100644 > > > > > > --- a/meta/recipes-core/glibc/glibc_2.33.bb > > > > > > +++ b/meta/recipes-core/glibc/glibc_2.33.bb > > > > > > @@ -58,6 +58,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \ > > > > > > file://0030-powerpc-Do-not-ask-compiler-for-finding-arch.patch \ > > > > > > file://mte-backports.patch \ > > > > > > file://CVE-2021-33574.patch \ > > > > > > + file://CVE-2021-35942.patch \ > > > > > > " > > > > > > S = "${WORKDIR}/git" > > > > > > B = "${WORKDIR}/build-${TARGET_SYS}" > > > > > > -- > > > > > > 2.31.1 > > > > > > > > > > > > > > -- > > > > Alexandre Belloni, co-owner and COO, Bootlin > > > > Embedded Linux and Kernel engineering > > > > https://bootlin.com > > > > > > > > > > > > ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2021-08-19 5:15 UTC | newest] Thread overview: 8+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2021-07-28 7:52 [PATCH] glibc: Fix CVE-2021-35942 Vinay Kumar 2021-08-15 7:49 ` Vinay Kumar 2021-08-15 9:19 ` Alexandre Belloni 2021-08-15 9:53 ` Vinay Kumar 2021-08-15 17:31 ` [OE-core] " Khem Raj 2021-08-16 8:59 ` Vinay Kumar 2021-08-16 15:14 ` Khem Raj 2021-08-19 5:15 ` Vinay Kumar
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.