diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2020-12-04 12:15:06 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2020-12-04 12:15:44 +0000 |
| commit | 586b7d7e26bdeab6e26edd088930ac57e3389662 (patch) | |
| tree | 9173bbbe96b7661718e57760243a4a63513698c7 | |
| parent | 61ef7bca46dea33cb74aad83d005402af22948b8 (diff) | |
main/librsync: backport memory corruption fix
| -rw-r--r-- | main/librsync/APKBUILD | 9 | ||||
| -rw-r--r-- | main/librsync/Fix-heap-corruption-from-too-small-kbloom.patch | 23 |
2 files changed, 29 insertions, 3 deletions
diff --git a/main/librsync/APKBUILD b/main/librsync/APKBUILD index a16578cd0f6..31c0886cf24 100644 --- a/main/librsync/APKBUILD +++ b/main/librsync/APKBUILD @@ -2,14 +2,16 @@ # Maintainer: Jeremy Thomerson <jeremy@thomersonfamily.com> pkgname=librsync pkgver=2.3.1 -pkgrel=0 +pkgrel=1 pkgdesc="librsync implements the rolling-checksum algorithm of rsync" url="https://github.com/librsync/librsync" arch="all" license="LGPL-2.1-or-later" makedepends="cmake popt-dev bzip2-dev zlib-dev perl" subpackages="$pkgname-dev $pkgname-doc" -source="$pkgname-$pkgver.tar.gz::https://github.com/librsync/librsync/archive/v$pkgver.tar.gz" +source="$pkgname-$pkgver.tar.gz::https://github.com/librsync/librsync/archive/v$pkgver.tar.gz + Fix-heap-corruption-from-too-small-kbloom.patch + " prepare() { default_prepare @@ -35,4 +37,5 @@ package() { install -D -m644 doc/librsync.3 "$pkgdir/usr/share/man/man3/librsync.3" } -sha512sums="89e5b5ad960b8036acce41df09f5e50601d7eb57d48a2bd21c4ee54a3a375f62ee514036b9a562277b5656735b84cadf6f54cbf48c364bbf0c04f2d95ae3b5a6 librsync-2.3.1.tar.gz" +sha512sums="89e5b5ad960b8036acce41df09f5e50601d7eb57d48a2bd21c4ee54a3a375f62ee514036b9a562277b5656735b84cadf6f54cbf48c364bbf0c04f2d95ae3b5a6 librsync-2.3.1.tar.gz +4a5c21ed149da9aee720d4e9b178a34f4d7c9e6b94de629216ca59d0b7bd831b04bcb4b5b138e6a224a060c5aa51dc8f621623031d3bbbb7b97556a6164b95d1 Fix-heap-corruption-from-too-small-kbloom.patch" diff --git a/main/librsync/Fix-heap-corruption-from-too-small-kbloom.patch b/main/librsync/Fix-heap-corruption-from-too-small-kbloom.patch new file mode 100644 index 00000000000..582607c32a1 --- /dev/null +++ b/main/librsync/Fix-heap-corruption-from-too-small-kbloom.patch @@ -0,0 +1,23 @@ +From d89f2cd4714f717e6cc5468c6066e18f22b5fea6 Mon Sep 17 00:00:00 2001 +From: ljusten <ljusten@google.com> +Date: Mon, 21 Sep 2020 17:52:58 +0200 +Subject: [PATCH] Fix heap corruption from too small kbloom + +kbloom is a bitmask with 'size2' bits, where 'size2' is the next power of 2 of 'size'. Thus, if 'size' is smaller than 4, 'size2' is smaller than 8, so that size2 / 8 == 0 and calloc allocates 0 bytes. This causes heap corruption when kbloom is subsequently written to. See discussion on https://groups.google.com/g/librsync/c/vmqzQS1QjIw. +--- + src/hashtable.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/hashtable.c b/src/hashtable.c +index 4ffd9bf..ff3f29c 100644 +--- a/src/hashtable.c ++++ b/src/hashtable.c +@@ -52,7 +52,7 @@ hashtable_t *_hashtable_new(int size) + t->count = 0; + t->tmask = size2 - 1; + #ifndef HASHTABLE_NBLOOM +- if (!(t->kbloom = calloc(size2 / 8, sizeof(unsigned char)))) { ++ if (!(t->kbloom = calloc((size2 + 7) / 8, sizeof(unsigned char)))) { + _hashtable_free(t); + return NULL; + } |