* [OE-Core][Kirkstone][PATCH] sysstat: fix CVE-2022-39377
@ 2022-11-19 8:17 Xiangyu Chen
0 siblings, 0 replies; 3+ messages in thread
From: Xiangyu Chen @ 2022-11-19 8:17 UTC (permalink / raw)
To: openembedded-core
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
---
.../sysstat/sysstat/CVE-2022-39377.patch | 93 +++++++++++++++++++
.../sysstat/sysstat_12.4.5.bb | 3 +-
2 files changed, 95 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-extended/sysstat/sysstat/CVE-2022-39377.patch
diff --git a/meta/recipes-extended/sysstat/sysstat/CVE-2022-39377.patch b/meta/recipes-extended/sysstat/sysstat/CVE-2022-39377.patch
new file mode 100644
index 0000000000..dce7b0d61f
--- /dev/null
+++ b/meta/recipes-extended/sysstat/sysstat/CVE-2022-39377.patch
@@ -0,0 +1,93 @@
+From 9c4eaf150662ad40607923389d4519bc83b93540 Mon Sep 17 00:00:00 2001
+From: Sebastien <seb@fedora-2.home>
+Date: Sat, 15 Oct 2022 14:24:22 +0200
+Subject: [PATCH] Fix size_t overflow in sa_common.c (GHSL-2022-074)
+
+allocate_structures function located in sa_common.c insufficiently
+checks bounds before arithmetic multiplication allowing for an
+overflow in the size allocated for the buffer representing system
+activities.
+
+This patch checks that the post-multiplied value is not greater than
+UINT_MAX.
+
+Signed-off-by: Sebastien <seb@fedora-2.home>
+
+Upstream-Status: Backport from
+[https://github.com/sysstat/sysstat/commit/a953ee3307d51255cc96e1f211882e97f795eed9]
+
+Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
+---
+ common.c | 25 +++++++++++++++++++++++++
+ common.h | 2 ++
+ sa_common.c | 6 ++++++
+ 3 files changed, 33 insertions(+)
+
+diff --git a/common.c b/common.c
+index 81c7762..1a84b05 100644
+--- a/common.c
++++ b/common.c
+@@ -1655,4 +1655,29 @@ int parse_values(char *strargv, unsigned char bitmap[], int max_val, const char
+
+ return 0;
+ }
++
++/*
++ ***************************************************************************
++ * Check if the multiplication of the 3 values may be greater than UINT_MAX.
++ *
++ * IN:
++ * @val1 First value.
++ * @val2 Second value.
++ * @val3 Third value.
++ ***************************************************************************
++ */
++void check_overflow(size_t val1, size_t val2, size_t val3)
++{
++ if ((unsigned long long) val1 *
++ (unsigned long long) val2 *
++ (unsigned long long) val3 > UINT_MAX) {
++#ifdef DEBUG
++ fprintf(stderr, "%s: Overflow detected (%llu). Aborting...\n",
++ __FUNCTION__,
++ (unsigned long long) val1 * (unsigned long long) val2 * (unsigned long long) val3);
++#endif
++ exit(4);
++ }
++}
++
+ #endif /* SOURCE_SADC undefined */
+diff --git a/common.h b/common.h
+index 55b6657..e8ab98a 100644
+--- a/common.h
++++ b/common.h
+@@ -260,6 +260,8 @@ int check_dir
+ (char *);
+
+ #ifndef SOURCE_SADC
++void check_overflow
++ (size_t, size_t, size_t);
+ int count_bits
+ (void *, int);
+ int count_csvalues
+diff --git a/sa_common.c b/sa_common.c
+index 3699a84..b2cec4a 100644
+--- a/sa_common.c
++++ b/sa_common.c
+@@ -459,7 +459,13 @@ void allocate_structures(struct activity *act[])
+ int i, j;
+
+ for (i = 0; i < NR_ACT; i++) {
++
+ if (act[i]->nr_ini > 0) {
++
++ /* Look for a possible overflow */
++ check_overflow((size_t) act[i]->msize, (size_t) act[i]->nr_ini,
++ (size_t) act[i]->nr2);
++
+ for (j = 0; j < 3; j++) {
+ SREALLOC(act[i]->buf[j], void,
+ (size_t) act[i]->msize * (size_t) act[i]->nr_ini * (size_t) act[i]->nr2);
+--
+2.34.1
+
diff --git a/meta/recipes-extended/sysstat/sysstat_12.4.5.bb b/meta/recipes-extended/sysstat/sysstat_12.4.5.bb
index fe3db4d8a5..3a3d1fb6ba 100644
--- a/meta/recipes-extended/sysstat/sysstat_12.4.5.bb
+++ b/meta/recipes-extended/sysstat/sysstat_12.4.5.bb
@@ -2,6 +2,7 @@ require sysstat.inc
LIC_FILES_CHKSUM = "file://COPYING;md5=a23a74b3f4caf9616230789d94217acb"
-SRC_URI += "file://0001-configure.in-remove-check-for-chkconfig.patch"
+SRC_URI += "file://0001-configure.in-remove-check-for-chkconfig.patch \
+ file://CVE-2022-39377.patch"
SRC_URI[sha256sum] = "ef445acea301bbb996e410842f6290a8d049e884d4868cfef7e85dc04b7eee5b"
--
2.34.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [OE-Core][Kirkstone][PATCH] sysstat: fix CVE-2022-39377
[not found] <1728EE7C5FA3921A.29986@lists.openembedded.org>
@ 2022-12-07 1:02 ` Xiangyu Chen
2022-12-07 1:30 ` Steve Sakoman
0 siblings, 1 reply; 3+ messages in thread
From: Xiangyu Chen @ 2022-12-07 1:02 UTC (permalink / raw)
To: openembedded-core, Steve Sakoman
Friendly ping.
On 11/19/22 16:17, Xiangyu Chen wrote:
> Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
> ---
> .../sysstat/sysstat/CVE-2022-39377.patch | 93 +++++++++++++++++++
> .../sysstat/sysstat_12.4.5.bb | 3 +-
> 2 files changed, 95 insertions(+), 1 deletion(-)
> create mode 100644 meta/recipes-extended/sysstat/sysstat/CVE-2022-39377.patch
>
> diff --git a/meta/recipes-extended/sysstat/sysstat/CVE-2022-39377.patch b/meta/recipes-extended/sysstat/sysstat/CVE-2022-39377.patch
> new file mode 100644
> index 0000000000..dce7b0d61f
> --- /dev/null
> +++ b/meta/recipes-extended/sysstat/sysstat/CVE-2022-39377.patch
> @@ -0,0 +1,93 @@
> +From 9c4eaf150662ad40607923389d4519bc83b93540 Mon Sep 17 00:00:00 2001
> +From: Sebastien <seb@fedora-2.home>
> +Date: Sat, 15 Oct 2022 14:24:22 +0200
> +Subject: [PATCH] Fix size_t overflow in sa_common.c (GHSL-2022-074)
> +
> +allocate_structures function located in sa_common.c insufficiently
> +checks bounds before arithmetic multiplication allowing for an
> +overflow in the size allocated for the buffer representing system
> +activities.
> +
> +This patch checks that the post-multiplied value is not greater than
> +UINT_MAX.
> +
> +Signed-off-by: Sebastien <seb@fedora-2.home>
> +
> +Upstream-Status: Backport from
> +[https://github.com/sysstat/sysstat/commit/a953ee3307d51255cc96e1f211882e97f795eed9]
> +
> +Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
> +---
> + common.c | 25 +++++++++++++++++++++++++
> + common.h | 2 ++
> + sa_common.c | 6 ++++++
> + 3 files changed, 33 insertions(+)
> +
> +diff --git a/common.c b/common.c
> +index 81c7762..1a84b05 100644
> +--- a/common.c
> ++++ b/common.c
> +@@ -1655,4 +1655,29 @@ int parse_values(char *strargv, unsigned char bitmap[], int max_val, const char
> +
> + return 0;
> + }
> ++
> ++/*
> ++ ***************************************************************************
> ++ * Check if the multiplication of the 3 values may be greater than UINT_MAX.
> ++ *
> ++ * IN:
> ++ * @val1 First value.
> ++ * @val2 Second value.
> ++ * @val3 Third value.
> ++ ***************************************************************************
> ++ */
> ++void check_overflow(size_t val1, size_t val2, size_t val3)
> ++{
> ++ if ((unsigned long long) val1 *
> ++ (unsigned long long) val2 *
> ++ (unsigned long long) val3 > UINT_MAX) {
> ++#ifdef DEBUG
> ++ fprintf(stderr, "%s: Overflow detected (%llu). Aborting...\n",
> ++ __FUNCTION__,
> ++ (unsigned long long) val1 * (unsigned long long) val2 * (unsigned long long) val3);
> ++#endif
> ++ exit(4);
> ++ }
> ++}
> ++
> + #endif /* SOURCE_SADC undefined */
> +diff --git a/common.h b/common.h
> +index 55b6657..e8ab98a 100644
> +--- a/common.h
> ++++ b/common.h
> +@@ -260,6 +260,8 @@ int check_dir
> + (char *);
> +
> + #ifndef SOURCE_SADC
> ++void check_overflow
> ++ (size_t, size_t, size_t);
> + int count_bits
> + (void *, int);
> + int count_csvalues
> +diff --git a/sa_common.c b/sa_common.c
> +index 3699a84..b2cec4a 100644
> +--- a/sa_common.c
> ++++ b/sa_common.c
> +@@ -459,7 +459,13 @@ void allocate_structures(struct activity *act[])
> + int i, j;
> +
> + for (i = 0; i < NR_ACT; i++) {
> ++
> + if (act[i]->nr_ini > 0) {
> ++
> ++ /* Look for a possible overflow */
> ++ check_overflow((size_t) act[i]->msize, (size_t) act[i]->nr_ini,
> ++ (size_t) act[i]->nr2);
> ++
> + for (j = 0; j < 3; j++) {
> + SREALLOC(act[i]->buf[j], void,
> + (size_t) act[i]->msize * (size_t) act[i]->nr_ini * (size_t) act[i]->nr2);
> +--
> +2.34.1
> +
> diff --git a/meta/recipes-extended/sysstat/sysstat_12.4.5.bb b/meta/recipes-extended/sysstat/sysstat_12.4.5.bb
> index fe3db4d8a5..3a3d1fb6ba 100644
> --- a/meta/recipes-extended/sysstat/sysstat_12.4.5.bb
> +++ b/meta/recipes-extended/sysstat/sysstat_12.4.5.bb
> @@ -2,6 +2,7 @@ require sysstat.inc
>
> LIC_FILES_CHKSUM = "file://COPYING;md5=a23a74b3f4caf9616230789d94217acb"
>
> -SRC_URI += "file://0001-configure.in-remove-check-for-chkconfig.patch"
> +SRC_URI += "file://0001-configure.in-remove-check-for-chkconfig.patch \
> + file://CVE-2022-39377.patch"
>
> SRC_URI[sha256sum] = "ef445acea301bbb996e410842f6290a8d049e884d4868cfef7e85dc04b7eee5b"
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#173512): https://lists.openembedded.org/g/openembedded-core/message/173512
> Mute This Topic: https://lists.openembedded.org/mt/95129830/7175143
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [xiangyu.chen@eng.windriver.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [OE-Core][Kirkstone][PATCH] sysstat: fix CVE-2022-39377
2022-12-07 1:02 ` Xiangyu Chen
@ 2022-12-07 1:30 ` Steve Sakoman
0 siblings, 0 replies; 3+ messages in thread
From: Steve Sakoman @ 2022-12-07 1:30 UTC (permalink / raw)
To: Xiangyu Chen; +Cc: openembedded-core
On Tue, Dec 6, 2022 at 3:02 PM Xiangyu Chen
<xiangyu.chen@eng.windriver.com> wrote:
>
> Friendly ping.
Not sure how I missed this! I've got it now.
Thanks,
Steve
> On 11/19/22 16:17, Xiangyu Chen wrote:
> > Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
> > ---
> > .../sysstat/sysstat/CVE-2022-39377.patch | 93 +++++++++++++++++++
> > .../sysstat/sysstat_12.4.5.bb | 3 +-
> > 2 files changed, 95 insertions(+), 1 deletion(-)
> > create mode 100644 meta/recipes-extended/sysstat/sysstat/CVE-2022-39377.patch
> >
> > diff --git a/meta/recipes-extended/sysstat/sysstat/CVE-2022-39377.patch b/meta/recipes-extended/sysstat/sysstat/CVE-2022-39377.patch
> > new file mode 100644
> > index 0000000000..dce7b0d61f
> > --- /dev/null
> > +++ b/meta/recipes-extended/sysstat/sysstat/CVE-2022-39377.patch
> > @@ -0,0 +1,93 @@
> > +From 9c4eaf150662ad40607923389d4519bc83b93540 Mon Sep 17 00:00:00 2001
> > +From: Sebastien <seb@fedora-2.home>
> > +Date: Sat, 15 Oct 2022 14:24:22 +0200
> > +Subject: [PATCH] Fix size_t overflow in sa_common.c (GHSL-2022-074)
> > +
> > +allocate_structures function located in sa_common.c insufficiently
> > +checks bounds before arithmetic multiplication allowing for an
> > +overflow in the size allocated for the buffer representing system
> > +activities.
> > +
> > +This patch checks that the post-multiplied value is not greater than
> > +UINT_MAX.
> > +
> > +Signed-off-by: Sebastien <seb@fedora-2.home>
> > +
> > +Upstream-Status: Backport from
> > +[https://github.com/sysstat/sysstat/commit/a953ee3307d51255cc96e1f211882e97f795eed9]
> > +
> > +Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
> > +---
> > + common.c | 25 +++++++++++++++++++++++++
> > + common.h | 2 ++
> > + sa_common.c | 6 ++++++
> > + 3 files changed, 33 insertions(+)
> > +
> > +diff --git a/common.c b/common.c
> > +index 81c7762..1a84b05 100644
> > +--- a/common.c
> > ++++ b/common.c
> > +@@ -1655,4 +1655,29 @@ int parse_values(char *strargv, unsigned char bitmap[], int max_val, const char
> > +
> > + return 0;
> > + }
> > ++
> > ++/*
> > ++ ***************************************************************************
> > ++ * Check if the multiplication of the 3 values may be greater than UINT_MAX.
> > ++ *
> > ++ * IN:
> > ++ * @val1 First value.
> > ++ * @val2 Second value.
> > ++ * @val3 Third value.
> > ++ ***************************************************************************
> > ++ */
> > ++void check_overflow(size_t val1, size_t val2, size_t val3)
> > ++{
> > ++ if ((unsigned long long) val1 *
> > ++ (unsigned long long) val2 *
> > ++ (unsigned long long) val3 > UINT_MAX) {
> > ++#ifdef DEBUG
> > ++ fprintf(stderr, "%s: Overflow detected (%llu). Aborting...\n",
> > ++ __FUNCTION__,
> > ++ (unsigned long long) val1 * (unsigned long long) val2 * (unsigned long long) val3);
> > ++#endif
> > ++ exit(4);
> > ++ }
> > ++}
> > ++
> > + #endif /* SOURCE_SADC undefined */
> > +diff --git a/common.h b/common.h
> > +index 55b6657..e8ab98a 100644
> > +--- a/common.h
> > ++++ b/common.h
> > +@@ -260,6 +260,8 @@ int check_dir
> > + (char *);
> > +
> > + #ifndef SOURCE_SADC
> > ++void check_overflow
> > ++ (size_t, size_t, size_t);
> > + int count_bits
> > + (void *, int);
> > + int count_csvalues
> > +diff --git a/sa_common.c b/sa_common.c
> > +index 3699a84..b2cec4a 100644
> > +--- a/sa_common.c
> > ++++ b/sa_common.c
> > +@@ -459,7 +459,13 @@ void allocate_structures(struct activity *act[])
> > + int i, j;
> > +
> > + for (i = 0; i < NR_ACT; i++) {
> > ++
> > + if (act[i]->nr_ini > 0) {
> > ++
> > ++ /* Look for a possible overflow */
> > ++ check_overflow((size_t) act[i]->msize, (size_t) act[i]->nr_ini,
> > ++ (size_t) act[i]->nr2);
> > ++
> > + for (j = 0; j < 3; j++) {
> > + SREALLOC(act[i]->buf[j], void,
> > + (size_t) act[i]->msize * (size_t) act[i]->nr_ini * (size_t) act[i]->nr2);
> > +--
> > +2.34.1
> > +
> > diff --git a/meta/recipes-extended/sysstat/sysstat_12.4.5.bb b/meta/recipes-extended/sysstat/sysstat_12.4.5.bb
> > index fe3db4d8a5..3a3d1fb6ba 100644
> > --- a/meta/recipes-extended/sysstat/sysstat_12.4.5.bb
> > +++ b/meta/recipes-extended/sysstat/sysstat_12.4.5.bb
> > @@ -2,6 +2,7 @@ require sysstat.inc
> >
> > LIC_FILES_CHKSUM = "file://COPYING;md5=a23a74b3f4caf9616230789d94217acb"
> >
> > -SRC_URI += "file://0001-configure.in-remove-check-for-chkconfig.patch"
> > +SRC_URI += "file://0001-configure.in-remove-check-for-chkconfig.patch \
> > + file://CVE-2022-39377.patch"
> >
> > SRC_URI[sha256sum] = "ef445acea301bbb996e410842f6290a8d049e884d4868cfef7e85dc04b7eee5b"
> >
> > -=-=-=-=-=-=-=-=-=-=-=-
> > Links: You receive all messages sent to this group.
> > View/Reply Online (#173512): https://lists.openembedded.org/g/openembedded-core/message/173512
> > Mute This Topic: https://lists.openembedded.org/mt/95129830/7175143
> > Group Owner: openembedded-core+owner@lists.openembedded.org
> > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [xiangyu.chen@eng.windriver.com]
> > -=-=-=-=-=-=-=-=-=-=-=-
> >
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-12-07 1:30 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-11-19 8:17 [OE-Core][Kirkstone][PATCH] sysstat: fix CVE-2022-39377 Xiangyu Chen
[not found] <1728EE7C5FA3921A.29986@lists.openembedded.org>
2022-12-07 1:02 ` Xiangyu Chen
2022-12-07 1:30 ` Steve Sakoman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox