diff options
| author | Leo <thinkabit.ukim@gmail.com> | 2021-02-22 16:09:32 -0300 |
|---|---|---|
| committer | Leo <thinkabit.ukim@gmail.com> | 2021-02-22 16:09:32 -0300 |
| commit | e7f3394bf8c774cf6ba3d2000fd9bd597c0118d1 (patch) | |
| tree | 3f47c2b86c0651685dd773713904ee9e74b42b7b | |
| parent | 521fb0cd4c5225b346da321eb354e4f0e817e378 (diff) | |
main/libbsd: fix CVE-2019-20367
See: #12454
| -rw-r--r-- | main/libbsd/APKBUILD | 11 | ||||
| -rw-r--r-- | main/libbsd/CVE-2019-20367.patch | 42 |
2 files changed, 51 insertions, 2 deletions
diff --git a/main/libbsd/APKBUILD b/main/libbsd/APKBUILD index 4fa127bf286..73e8005cd6b 100644 --- a/main/libbsd/APKBUILD +++ b/main/libbsd/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Drew DeVault <sir@cmpwn.com> pkgname=libbsd pkgver=0.9.1 -pkgrel=0 +pkgrel=1 pkgdesc="commonly-used BSD functions not implemented by all libcs" url="https://libbsd.freedesktop.org/" arch="all" @@ -15,9 +15,15 @@ subpackages="$pkgname-dev $pkgname-doc" source="https://libbsd.freedesktop.org/releases/$pkgname-$pkgver.tar.xz disable-fpurge-test.patch headers.patch + CVE-2019-20367.patch " builddir="$srcdir/$pkgname-$pkgver" + +# secfixes: +# 0.9.1-r1: +# - CVE-2019-20367 + prepare() { default_prepare @@ -50,4 +56,5 @@ package() { sha512sums="435822b8f2495a5e2705e5ab5c834a4f0f3a177b3e5c46a7c6162924507ca984e957e94a512b5ebd0067ecb413bac458fade357709ef199e9b75edf0315de91c libbsd-0.9.1.tar.xz 34ab57a9b67c0d6035312dff78e6dd0d1c48442c6a1b6e769b6ebb6dccb0dac80ccc2c309724e39c097cdac944bdbd9522582f93f2567da8c6615990e2d0238b disable-fpurge-test.patch -594d598bc7f6d34bff080a26f8d726bf779d3827423f242ee7caa9a58fc89c89d80e0677c03e9c640e0074afbdc34636fa8ffa47a99fd9c576845e3039a7ccbd headers.patch" +594d598bc7f6d34bff080a26f8d726bf779d3827423f242ee7caa9a58fc89c89d80e0677c03e9c640e0074afbdc34636fa8ffa47a99fd9c576845e3039a7ccbd headers.patch +6e77f28b4e8f5214528e6b5e4fdf482e6e3b09780bae028d2d5c381410060fc5e006bcccb4013bea4fb4caa8e125961824230f292ced5c80763887c9566089fc CVE-2019-20367.patch" diff --git a/main/libbsd/CVE-2019-20367.patch b/main/libbsd/CVE-2019-20367.patch new file mode 100644 index 00000000000..eb1fffba902 --- /dev/null +++ b/main/libbsd/CVE-2019-20367.patch @@ -0,0 +1,42 @@ +From 9d917aad37778a9f4a96ba358415f077f3f36f3b Mon Sep 17 00:00:00 2001 +From: Guillem Jover <guillem@hadrons.org> +Date: Wed, 7 Aug 2019 22:58:30 +0200 +Subject: [PATCH] nlist: Fix out-of-bounds read on strtab + +When doing a string comparison for a symbol name from the string table, +we should make sure we do a bounded comparison, otherwise a non-NUL +terminated string might make the code read out-of-bounds. + +Warned-by: coverity +--- + src/nlist.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/src/nlist.c b/src/nlist.c +index 8aa46a2..228c220 100644 +--- a/src/nlist.c ++++ b/src/nlist.c +@@ -236,16 +236,18 @@ __fdnlist(int fd, struct nlist *list) + symsize -= cc; + for (s = sbuf; cc > 0 && nent > 0; ++s, cc -= sizeof(*s)) { + char *name; ++ Elf_Word size; + struct nlist *p; + + name = strtab + s->st_name; + if (name[0] == '\0') + continue; ++ size = symstrsize - s->st_name; + + for (p = list; !ISLAST(p); p++) { + if ((p->n_un.n_name[0] == '_' && +- strcmp(name, p->n_un.n_name+1) == 0) +- || strcmp(name, p->n_un.n_name) == 0) { ++ strncmp(name, p->n_un.n_name+1, size) == 0) || ++ strncmp(name, p->n_un.n_name, size) == 0) { + elf_sym_to_nlist(p, s, shdr, + ehdr.e_shnum); + if (--nent <= 0) +-- +GitLab + |