glibc-32: added patch for CVE-2013-4332
See http://www.openwall.com/lists/oss-security/2013/09/11/2 for more info
This commit is contained in:
parent
f07e0a474e
commit
f768256838
@ -1,5 +1,6 @@
|
|||||||
80b181b02ab249524ec92822c0174cf7 glibc-2.16.0.tar.xz
|
80b181b02ab249524ec92822c0174cf7 glibc-2.16.0.tar.xz
|
||||||
c3f3499e0a6272cba7b6e46bfe6bbcea glibc-32-2.16.0-multilib-dirs.patch
|
c3f3499e0a6272cba7b6e46bfe6bbcea glibc-32-2.16.0-multilib-dirs.patch
|
||||||
|
3a51662cd99783b3d01ceac2dca19597 glibc-CVE-2013-4332.patch
|
||||||
d4a2a19efe1e9b59b86fd15a968f7e10 glibc-regexp_buffer_overrun.patch
|
d4a2a19efe1e9b59b86fd15a968f7e10 glibc-regexp_buffer_overrun.patch
|
||||||
7e6a5a13c37f93213db9803d9790b7de glibc-resolv_assert.patch
|
7e6a5a13c37f93213db9803d9790b7de glibc-resolv_assert.patch
|
||||||
99ed7b88221475d51a073f00d7ee9c42 glibc-segfault_in_strncasecmp.patch
|
99ed7b88221475d51a073f00d7ee9c42 glibc-segfault_in_strncasecmp.patch
|
||||||
|
@ -4,7 +4,7 @@
|
|||||||
|
|
||||||
name=glibc-32
|
name=glibc-32
|
||||||
version=2.16.0
|
version=2.16.0
|
||||||
release=5
|
release=6
|
||||||
source=(http://ftp.gnu.org/gnu/glibc/glibc-$version.tar.xz \
|
source=(http://ftp.gnu.org/gnu/glibc/glibc-$version.tar.xz \
|
||||||
http://crux.nu/files/distfiles/kernel-headers-3.4.11.tar.xz \
|
http://crux.nu/files/distfiles/kernel-headers-3.4.11.tar.xz \
|
||||||
$name-$version-multilib-dirs.patch \
|
$name-$version-multilib-dirs.patch \
|
||||||
@ -13,7 +13,8 @@ source=(http://ftp.gnu.org/gnu/glibc/glibc-$version.tar.xz \
|
|||||||
glibc-resolv_assert.patch \
|
glibc-resolv_assert.patch \
|
||||||
glibc-segfault_in_strncasecmp.patch \
|
glibc-segfault_in_strncasecmp.patch \
|
||||||
glibc-strtod_integer_overflow.patch \
|
glibc-strtod_integer_overflow.patch \
|
||||||
glibc-regexp_buffer_overrun.patch)
|
glibc-regexp_buffer_overrun.patch
|
||||||
|
glibc-CVE-2013-4332.patch)
|
||||||
|
|
||||||
build() {
|
build() {
|
||||||
# install kernel headers
|
# install kernel headers
|
||||||
@ -26,6 +27,7 @@ build() {
|
|||||||
patch -p1 -d glibc-$version -i $SRC/glibc-strtod_integer_overflow.patch
|
patch -p1 -d glibc-$version -i $SRC/glibc-strtod_integer_overflow.patch
|
||||||
patch -p1 -d glibc-$version -i $SRC/glibc-regexp_buffer_overrun.patch
|
patch -p1 -d glibc-$version -i $SRC/glibc-regexp_buffer_overrun.patch
|
||||||
patch -p1 -d glibc-$version -i $SRC/$name-$version-multilib-dirs.patch
|
patch -p1 -d glibc-$version -i $SRC/$name-$version-multilib-dirs.patch
|
||||||
|
patch -p1 -d glibc-$version -i $SRC/glibc-CVE-2013-4332.patch
|
||||||
|
|
||||||
mkdir build
|
mkdir build
|
||||||
cd build
|
cd build
|
||||||
|
64
glibc-32/glibc-CVE-2013-4332.patch
Normal file
64
glibc-32/glibc-CVE-2013-4332.patch
Normal file
@ -0,0 +1,64 @@
|
|||||||
|
From 0d6085cb1b4330b835ad08a3ec8f80b30f0cadb4 Mon Sep 17 00:00:00 2001
|
||||||
|
From: mancha <mancha1@hush.com>
|
||||||
|
Date: Wed, 11 Sep 2013
|
||||||
|
Subject: CVE-2013-4332
|
||||||
|
|
||||||
|
malloc: Check for integer overflow in pvalloc, valloc, and memalign.
|
||||||
|
|
||||||
|
A large bytes parameter to pvalloc, valloc, or memalign could cause
|
||||||
|
an integer overflow and corrupt allocator internals. Check the
|
||||||
|
overflow does not occur before continuing with the allocation.
|
||||||
|
|
||||||
|
Note: This is a backport to glibc 2.17 of the following three commits:
|
||||||
|
* https://sourceware.org/git/?p=glibc.git;a=commit;h=1159a193696a
|
||||||
|
* https://sourceware.org/git/?p=glibc.git;a=commit;h=55e17aadc1ef
|
||||||
|
* https://sourceware.org/git/?p=glibc.git;a=commit;h=b73ed247781d
|
||||||
|
---
|
||||||
|
|
||||||
|
malloc.c | 21 +++++++++++++++++++++
|
||||||
|
1 file changed, 21 insertions(+)
|
||||||
|
|
||||||
|
--- a/malloc/malloc.c
|
||||||
|
+++ b/malloc/malloc.c
|
||||||
|
@@ -3020,6 +3020,13 @@ __libc_memalign(size_t alignment, size_t
|
||||||
|
/* Otherwise, ensure that it is at least a minimum chunk size */
|
||||||
|
if (alignment < MINSIZE) alignment = MINSIZE;
|
||||||
|
|
||||||
|
+ /* Check for overflow. */
|
||||||
|
+ if (bytes > SIZE_MAX - alignment - MINSIZE)
|
||||||
|
+ {
|
||||||
|
+ __set_errno (ENOMEM);
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
arena_get(ar_ptr, bytes + alignment + MINSIZE);
|
||||||
|
if(!ar_ptr)
|
||||||
|
return 0;
|
||||||
|
@@ -3051,6 +3058,13 @@ __libc_valloc(size_t bytes)
|
||||||
|
|
||||||
|
size_t pagesz = GLRO(dl_pagesize);
|
||||||
|
|
||||||
|
+ /* Check for overflow. */
|
||||||
|
+ if (bytes > SIZE_MAX - pagesz - MINSIZE)
|
||||||
|
+ {
|
||||||
|
+ __set_errno (ENOMEM);
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
__malloc_ptr_t (*hook) __MALLOC_PMT ((size_t, size_t,
|
||||||
|
const __malloc_ptr_t)) =
|
||||||
|
force_reg (__memalign_hook);
|
||||||
|
@@ -3088,6 +3102,13 @@ __libc_pvalloc(size_t bytes)
|
||||||
|
size_t page_mask = GLRO(dl_pagesize) - 1;
|
||||||
|
size_t rounded_bytes = (bytes + page_mask) & ~(page_mask);
|
||||||
|
|
||||||
|
+ /* Check for overflow. */
|
||||||
|
+ if (bytes > SIZE_MAX - 2*pagesz - MINSIZE)
|
||||||
|
+ {
|
||||||
|
+ __set_errno (ENOMEM);
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
__malloc_ptr_t (*hook) __MALLOC_PMT ((size_t, size_t,
|
||||||
|
const __malloc_ptr_t)) =
|
||||||
|
force_reg (__memalign_hook);
|
Loading…
Reference in New Issue
Block a user