commit libdwarf for openSUSE:Factory

Source-Sync Wed, 08 Jun 2022 05:25:20 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package libdwarf for openSUSE:Factory 
checked in at 2022-06-08 14:24:45
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libdwarf (Old)
 and      /work/SRC/openSUSE:Factory/.libdwarf.new.1548 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "libdwarf"

Wed Jun  8 14:24:45 2022 rev:25 rq:981183 version:0.4.0

Changes:
--------
--- /work/SRC/openSUSE:Factory/libdwarf/libdwarf.changes        2022-05-02 
16:25:54.348860641 +0200
+++ /work/SRC/openSUSE:Factory/.libdwarf.new.1548/libdwarf.changes      
2022-06-08 14:25:04.168513408 +0200
@@ -1,0 +2,5 @@
+Tue Jun  7 16:24:08 UTC 2022 - Dirk M??ller <dmuel...@suse.com>
+
+- add fix-CVE-2022-32200.patch (bsc#1200291, CVE-2022-32200)
+
+-------------------------------------------------------------------

New:
----
  fix-CVE-2022-32200.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ libdwarf.spec ++++++
--- /var/tmp/diff_new_pack.3lKG17/_old  2022-06-08 14:25:04.720514093 +0200
+++ /var/tmp/diff_new_pack.3lKG17/_new  2022-06-08 14:25:04.724514098 +0200
@@ -24,6 +24,7 @@
 Group:          Development/Libraries/C and C++
 URL:            https://prevanders.net/dwarf.html
 Source:         
https://github.com/davea42/libdwarf-code/releases/download/v%{version}/libdwarf-%{version}.tar.xz
+Patch1:         
https://github.com/davea42/libdwarf-code/commit/8151575a6ace77d005ca5bb5d71c1bfdba3f7069.patch#/fix-CVE-2022-32200.patch
 BuildRequires:  binutils-devel
 BuildRequires:  libelf-devel
 

++++++ fix-CVE-2022-32200.patch ++++++
>From 8151575a6ace77d005ca5bb5d71c1bfdba3f7069 Mon Sep 17 00:00:00 2001
From: David Anderson <dave...@linuxmail.org>
Date: Sun, 29 May 2022 09:35:39 -0700
Subject: [PATCH] Fixes vulnerability DW202205-001 Reports error instead of
 crashing the when reading a specially crafted (corrupted) .debug_pubnames or
 .debug_pubtypes section.       modified:   src/lib/libdwarf/dwarf_global.c

---
 src/lib/libdwarf/dwarf_global.c | 81 +++++++++++++++++++++++++++++----
 1 file changed, 73 insertions(+), 8 deletions(-)

diff --git a/src/lib/libdwarf/dwarf_global.c b/src/lib/libdwarf/dwarf_global.c
index 03ee0cd2..6cfe883f 100644
--- a/src/lib/libdwarf/dwarf_global.c
+++ b/src/lib/libdwarf/dwarf_global.c
@@ -31,7 +31,6 @@
 #include <config.h>
 
 #include <string.h> /* strlen() */
-
 #if defined(_WIN32) && defined(HAVE_STDAFX_H)
 #include "stdafx.h"
 #endif /* HAVE_STDAFX_H */
@@ -83,6 +82,33 @@ _dwarf_fix_up_offset_irix(Dwarf_Debug dbg,
 }
 #endif /* __sgi */
 
+#if 0
+/*  Debugging only. Requires start. can calulate one of len, end */
+static void
+debug_print_range(const char *msg,
+    int lineno,
+    void *start, signed long len,
+    void *end)
+{
+
+    char *st = (char *)start;
+    char *en = (char *)end;
+    signed long le = len;
+
+    if (len) {
+        if (en) {
+            le = (long)(en-st);
+        } else {
+            en= start+len;
+        }
+    } else if (en) {
+        le = (long)(en-st);
+    }
+    printf("RANGEdebug %s  st=0x%lx le=%ld en=0x%lx line %d\n",
+        msg,(unsigned long)st,le,(unsigned long)en,lineno);
+}
+#endif
+
 static void
 dealloc_globals_chain(Dwarf_Debug dbg,
     Dwarf_Chain head_chain)
@@ -287,9 +313,9 @@ _dwarf_internal_get_pubnames_like_data(Dwarf_Debug dbg,
     Dwarf_Off pubnames_section_offset = 0;
     Dwarf_Small *section_end_ptr = section_data_ptr +section_length;
 
-    /*  Points to the context for the current set of global names, and
-        contains information to identify the compilation-unit that the
-        set refers to. */
+    /*  Points to the context for the current set of global names,
+        and contains information to identify the compilation-unit
+        that the set refers to. */
     Dwarf_Global_Context pubnames_context = 0;
     Dwarf_Bool           pubnames_context_on_list = FALSE;
 
@@ -301,6 +327,10 @@ _dwarf_internal_get_pubnames_like_data(Dwarf_Debug dbg,
 
     Dwarf_Unsigned global_count = 0;
 
+    /*  The count is just to improve the error message
+        a few lines above. */
+    Dwarf_Unsigned context_count = 0;
+
     /*  Used to chain the Dwarf_Global_s structs for
         creating contiguous list of pointers to the structs. */
     Dwarf_Chain head_chain = 0;
@@ -384,6 +414,41 @@ _dwarf_internal_get_pubnames_like_data(Dwarf_Debug dbg,
             }
             return mres;
         }
+        {
+            Dwarf_Small * localend =pubnames_like_ptr + length;
+
+            if ((length > section_length) ||
+                (localend > section_end_ptr)){
+                /*  The length field  is corrupted */
+                dwarfstring m;
+
+                dwarfstring_constructor(&m);
+                dwarfstring_append_printf_u(&m,
+                    "DW_DLE_PUBNAMES_LENGTH_BAD (or similar) "
+                    "A DWARF length field in cu context %u ",
+                    context_count);
+                dwarfstring_append_printf_s(&m,"of section %s ",
+                    (char *)secname);
+                dwarfstring_append_printf_u(&m,"of "
+                    "%u bytes ",length);
+                dwarfstring_append_printf_u(&m,
+                    "runs off the end of "
+                    "the %u bytes of the real section",
+                    section_length);
+                _dwarf_error_string(dbg, error,length_err_num,
+                    dwarfstring_string(&m));
+                dwarfstring_destructor(&m);
+                dealloc_globals_chain(dbg,head_chain);
+                if (!pubnames_context_on_list) {
+                    dwarf_dealloc(dbg,pubnames_context,
+                        context_DLA_code);
+                }
+                return DW_DLV_ERROR;
+            }
+        }
+        /*  The count is just to improve the error message
+            a few lines above. */
+        ++context_count;
         pubnames_context->pu_alloc_type = context_DLA_code;
         pubnames_context->pu_length_size = local_length_size;
         pubnames_context->pu_length = length;
@@ -393,8 +458,7 @@ _dwarf_internal_get_pubnames_like_data(Dwarf_Debug dbg,
         pubnames_ptr_past_end_cu = pubnames_like_ptr + length;
         pubnames_context->pu_pub_entries_end_ptr =
             pubnames_ptr_past_end_cu;
-
-        if ((pubnames_like_ptr + (DWARF_HALF_SIZE) ) >
+        if ((pubnames_like_ptr + (DWARF_HALF_SIZE) ) >=
             /* A minimum size needed */
             section_end_ptr) {
             pubnames_error_length(dbg,error,
@@ -554,6 +618,7 @@ _dwarf_internal_get_pubnames_like_data(Dwarf_Debug dbg,
         while (die_offset_in_cu) {
             int res = 0;
             unsigned char *glname = 0;
+            Dwarf_Unsigned nstrlen = 0;
 
             /*  non-zero die_offset_in_cu already read, so
                 pubnames_like_ptr points to a string.  */
@@ -570,8 +635,8 @@ _dwarf_internal_get_pubnames_like_data(Dwarf_Debug dbg,
                 return res;
             }
             glname = (unsigned char *)pubnames_like_ptr;
-            pubnames_like_ptr = pubnames_like_ptr +
-                strlen((char *) pubnames_like_ptr) + 1;
+            nstrlen = strlen((char *)pubnames_like_ptr);
+            pubnames_like_ptr += nstrlen + 1;
             /*  Already read offset and verified string, glname
                 now points to the string. */
             res = _dwarf_make_global_add_to_chain(dbg,

commit libdwarf for openSUSE:Factory

Reply via email to