diff options
| author |   Xiangyu Chen <xiangyu.chen@windriver.com> | 2023-05-29 01:03:02 -0700 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2023-05-31 16:52:42 +0100 |
| commit | 7a6871590b908e4b749484d913da5e280c20d05f (patch) | |
| tree | e687ff3cc228f8bf203c33e53c8e19947a33d65e /meta/recipes-extended | |
| parent | 28f39769c27d257a60ff0152acc0c76f0276fa6a (diff) | |
| download | openembedded-core-contrib-7a6871590b908e4b749484d913da5e280c20d05f.tar.gz | |
sysstat: Fix CVE-2023-33204
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-33204
https://ubuntu.com/security/CVE-2023-33204
Upstream Patch:
https://github.com/sysstat/sysstat/commit/954ff2e2673c
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Sanjay Chitroda <schitrod@cisco.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-extended')
| -rw-r--r-- | meta/recipes-extended/sysstat/sysstat/CVE-2023-33204.patch | 46 | ||||
| -rw-r--r-- | meta/recipes-extended/sysstat/sysstat_12.6.2.bb | 4 |
2 files changed, 49 insertions, 1 deletions
diff --git a/meta/recipes-extended/sysstat/sysstat/CVE-2023-33204.patch b/meta/recipes-extended/sysstat/sysstat/CVE-2023-33204.patch new file mode 100644 index 0000000000..a7b51f3217 --- /dev/null +++ b/meta/recipes-extended/sysstat/sysstat/CVE-2023-33204.patch @@ -0,0 +1,46 @@ +From 0764cb56df4a5afdf04980c9eb6735f789f5aa42 Mon Sep 17 00:00:00 2001 +From: Pavel Kopylov <pkopylov@cloudlinux.com> +Date: Wed, 17 May 2023 11:33:45 +0200 +Subject: [PATCH] Fix an overflow which is still possible for some values. + +CVE: CVE-2023-33204 +Upstream-Status: Backport [https://github.com/sysstat/sysstat/commit/954ff2e2673c] + +Backport Changes: +Adopt additional changes as per following merge commit of pull request: +https://github.com/sysstat/sysstat/commit/6f8dc568e6ab + +Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> +Signed-off-by: Sanjay Chitroda <schitrod@cisco.com> +--- + common.c | 14 ++++++++------ + 1 file changed, 8 insertions(+), 6 deletions(-) + +diff --git a/common.c b/common.c +index a3d31a5..138920c 100644 +--- a/common.c ++++ b/common.c +@@ -447,15 +447,17 @@ int check_dir(char *dirname) + void check_overflow(unsigned int val1, unsigned int val2, + unsigned int val3) + { +- if ((unsigned long long) val1 * (unsigned long long) val2 * +- (unsigned long long) val3 > UINT_MAX) { ++ if ((val1 != 0) && (val2 != 0) && (val3 != 0) && ++ (((unsigned long long)UINT_MAX / (unsigned long long)val1 < ++ (unsigned long long)val2) || ++ ((unsigned long long)UINT_MAX / ((unsigned long long)val1 * ++ (unsigned long long)val2) < (unsigned long long)val3))) { + #ifdef DEBUG +- fprintf(stderr, "%s: Overflow detected (%llu). Aborting...\n", +- __FUNCTION__, (unsigned long long) val1 * (unsigned long long) val2 * +- (unsigned long long) val3); ++ fprintf(stderr, "%s: Overflow detected (%u,%u,%u). Aborting...\n", ++ __FUNCTION__, val1, val2, val3); + #endif + exit(4); +- } ++ } + } + + #ifndef SOURCE_SADC diff --git a/meta/recipes-extended/sysstat/sysstat_12.6.2.bb b/meta/recipes-extended/sysstat/sysstat_12.6.2.bb index f9e5778e76..b5014eaefb 100644 --- a/meta/recipes-extended/sysstat/sysstat_12.6.2.bb +++ b/meta/recipes-extended/sysstat/sysstat_12.6.2.bb @@ -2,6 +2,8 @@ require sysstat.inc LIC_FILES_CHKSUM = "file://COPYING;md5=a23a74b3f4caf9616230789d94217acb" -SRC_URI += "file://0001-configure.in-remove-check-for-chkconfig.patch" +SRC_URI += "file://0001-configure.in-remove-check-for-chkconfig.patch \ + file://CVE-2023-33204.patch \ + " SRC_URI[sha256sum] = "3e77134aedaa6fc57d9745da67edfd8990e19adee71ac47196229261c563fb48" |