Re: [OE-core] [PATCH] glibc: Fix CVE-2021-35942

Mon, 16 Aug 2021 01:59:50 -0700 

Hi Khen Raj,

The patch for hardknott branch was also submitted.
https://lists.openembedded.org/g/openembedded-core/message/154810

Regards,
Vinay

On Sun, Aug 15, 2021 at 11:01 PM Khem Raj <raj.k...@gmail.com> wrote:
>
> On Sun, Aug 15, 2021 at 2:19 AM Alexandre Belloni
> <alexandre.bell...@bootlin.com> wrote:
> >
> > Hello,
> >
> > On 15/08/2021 13:19:33+0530, Vinay Kumar wrote:
> > > Hi Richard,
> > >
> > > Any update on the above patch.
> > > Please let me know if anything is pending from my side.
> > >
> >
> > I didn't test because the plan is to switch to glibc2.34 which IIRC has
> > the fix.
>
> We perhaps still need it for hardknott.
>
> >
> > > Regards,
> > > Vinay
> > >
> > > On Wed, Jul 28, 2021 at 1:22 PM Vinay Kumar <vinay.m.e...@gmail.com> 
> > > wrote:
> > > >
> > > > Source: https://sourceware.org/git/glibc.git
> > > > Tracking -- https://sourceware.org/bugzilla/show_bug.cgi?id=28011
> > > >
> > > > Backported upstream commit 5adda61f62b77384718b4c0d8336ade8f2b4b35c to
> > > > glibc-2.33 source.
> > > >
> > > > Upstream-Status: Backport 
> > > > [https://sourceware.org/git/?p=glibc.git;a=commit;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c]
> > > >
> > > > Signed-off-by: Vinay Kumar <vinay.m.e...@gmail.com>
> > > > ---
> > > >  .../glibc/glibc/CVE-2021-35942.patch          | 44 +++++++++++++++++++
> > > >  meta/recipes-core/glibc/glibc_2.33.bb         |  1 +
> > > >  2 files changed, 45 insertions(+)
> > > >  create mode 100644 meta/recipes-core/glibc/glibc/CVE-2021-35942.patch
> > > >
> > > > diff --git a/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch 
> > > > b/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch
> > > > new file mode 100644
> > > > index 0000000000..5cae1bc91c
> > > > --- /dev/null
> > > > +++ b/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch
> > > > @@ -0,0 +1,44 @@
> > > > +From 5adda61f62b77384718b4c0d8336ade8f2b4b35c Mon Sep 17 00:00:00 2001
> > > > +From: Andreas Schwab <sch...@linux-m68k.org>
> > > > +Date: Fri, 25 Jun 2021 15:02:47 +0200
> > > > +Subject: [PATCH] wordexp: handle overflow in positional parameter 
> > > > number (bug
> > > > + 28011)
> > > > +
> > > > +Use strtoul instead of atoi so that overflow can be detected.
> > > > +
> > > > +Upstream-Status: Backport 
> > > > [https://sourceware.org/git/?p=glibc.git;a=commit;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c]
> > > > +CVE: CVE-2021-35942
> > > > +Signed-off-by: Vinay Kumar <vinay.m.e...@gmail.com>
> > > > +---
> > > > + posix/wordexp-test.c | 1 +
> > > > + posix/wordexp.c      | 2 +-
> > > > + 2 files changed, 2 insertions(+), 1 deletion(-)
> > > > +
> > > > +diff --git a/posix/wordexp-test.c b/posix/wordexp-test.c
> > > > +index f93a546d7e..9df02dbbb3 100644
> > > > +--- a/posix/wordexp-test.c
> > > > ++++ b/posix/wordexp-test.c
> > > > +@@ -183,6 +183,7 @@ struct test_case_struct
> > > > +     { 0, NULL, "$var", 0, 0, { NULL, }, IFS },
> > > > +     { 0, NULL, "\"\\n\"", 0, 1, { "\\n", }, IFS },
> > > > +     { 0, NULL, "", 0, 0, { NULL, }, IFS },
> > > > ++    { 0, NULL, "${1234567890123456789012}", 0, 0, { NULL, }, IFS },
> > > > +
> > > > +     /* Flags not already covered (testit() has special handling for 
> > > > these) */
> > > > +     { 0, NULL, "one two", WRDE_DOOFFS, 2, { "one", "two", }, IFS },
> > > > +diff --git a/posix/wordexp.c b/posix/wordexp.c
> > > > +index bcbe96e48d..1f3b09f721 100644
> > > > +--- a/posix/wordexp.c
> > > > ++++ b/posix/wordexp.c
> > > > +@@ -1399,7 +1399,7 @@ envsubst:
> > > > +   /* Is it a numeric parameter? */
> > > > +   else if (isdigit (env[0]))
> > > > +     {
> > > > +-      int n = atoi (env);
> > > > ++      unsigned long n = strtoul (env, NULL, 10);
> > > > +
> > > > +       if (n >= __libc_argc)
> > > > +       /* Substitute NULL. */
> > > > +--
> > > > +2.17.1
> > > > +
> > > > diff --git a/meta/recipes-core/glibc/glibc_2.33.bb 
> > > > b/meta/recipes-core/glibc/glibc_2.33.bb
> > > > index e9f01a14c5..abb01f8468 100644
> > > > --- a/meta/recipes-core/glibc/glibc_2.33.bb
> > > > +++ b/meta/recipes-core/glibc/glibc_2.33.bb
> > > > @@ -58,6 +58,7 @@ SRC_URI =  
> > > > "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
> > > >             
> > > > file://0030-powerpc-Do-not-ask-compiler-for-finding-arch.patch \
> > > >             file://mte-backports.patch \
> > > >             file://CVE-2021-33574.patch \
> > > > +           file://CVE-2021-35942.patch \
> > > >             "
> > > >  S = "${WORKDIR}/git"
> > > >  B = "${WORKDIR}/build-${TARGET_SYS}"
> > > > --
> > > > 2.31.1
> > > >
> >
> > --
> > Alexandre Belloni, co-owner and COO, Bootlin
> > Embedded Linux and Kernel engineering
> > https://bootlin.com
> >
> > 
> >

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154829): 
https://lists.openembedded.org/g/openembedded-core/message/154829
Mute This Topic: https://lists.openembedded.org/mt/84500620/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to