Commit e7f3394b authored by Leo's avatar Leo

main/libbsd: fix CVE-2019-20367

See: #12454
parent 521fb0cd
Pipeline #73117 passed with stages
in 22 minutes and 55 seconds
......@@ -2,7 +2,7 @@
# Maintainer: Drew DeVault <sir@cmpwn.com>
pkgname=libbsd
pkgver=0.9.1
pkgrel=0
pkgrel=1
pkgdesc="commonly-used BSD functions not implemented by all libcs"
url="https://libbsd.freedesktop.org/"
arch="all"
......@@ -15,9 +15,15 @@ subpackages="$pkgname-dev $pkgname-doc"
source="https://libbsd.freedesktop.org/releases/$pkgname-$pkgver.tar.xz
disable-fpurge-test.patch
headers.patch
CVE-2019-20367.patch
"
builddir="$srcdir/$pkgname-$pkgver"
# secfixes:
# 0.9.1-r1:
# - CVE-2019-20367
prepare() {
default_prepare
......@@ -50,4 +56,5 @@ package() {
sha512sums="435822b8f2495a5e2705e5ab5c834a4f0f3a177b3e5c46a7c6162924507ca984e957e94a512b5ebd0067ecb413bac458fade357709ef199e9b75edf0315de91c libbsd-0.9.1.tar.xz
34ab57a9b67c0d6035312dff78e6dd0d1c48442c6a1b6e769b6ebb6dccb0dac80ccc2c309724e39c097cdac944bdbd9522582f93f2567da8c6615990e2d0238b disable-fpurge-test.patch
594d598bc7f6d34bff080a26f8d726bf779d3827423f242ee7caa9a58fc89c89d80e0677c03e9c640e0074afbdc34636fa8ffa47a99fd9c576845e3039a7ccbd headers.patch"
594d598bc7f6d34bff080a26f8d726bf779d3827423f242ee7caa9a58fc89c89d80e0677c03e9c640e0074afbdc34636fa8ffa47a99fd9c576845e3039a7ccbd headers.patch
6e77f28b4e8f5214528e6b5e4fdf482e6e3b09780bae028d2d5c381410060fc5e006bcccb4013bea4fb4caa8e125961824230f292ced5c80763887c9566089fc CVE-2019-20367.patch"
From 9d917aad37778a9f4a96ba358415f077f3f36f3b Mon Sep 17 00:00:00 2001
From: Guillem Jover <guillem@hadrons.org>
Date: Wed, 7 Aug 2019 22:58:30 +0200
Subject: [PATCH] nlist: Fix out-of-bounds read on strtab
When doing a string comparison for a symbol name from the string table,
we should make sure we do a bounded comparison, otherwise a non-NUL
terminated string might make the code read out-of-bounds.
Warned-by: coverity
---
src/nlist.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/nlist.c b/src/nlist.c
index 8aa46a2..228c220 100644
--- a/src/nlist.c
+++ b/src/nlist.c
@@ -236,16 +236,18 @@ __fdnlist(int fd, struct nlist *list)
symsize -= cc;
for (s = sbuf; cc > 0 && nent > 0; ++s, cc -= sizeof(*s)) {
char *name;
+ Elf_Word size;
struct nlist *p;
name = strtab + s->st_name;
if (name[0] == '\0')
continue;
+ size = symstrsize - s->st_name;
for (p = list; !ISLAST(p); p++) {
if ((p->n_un.n_name[0] == '_' &&
- strcmp(name, p->n_un.n_name+1) == 0)
- || strcmp(name, p->n_un.n_name) == 0) {
+ strncmp(name, p->n_un.n_name+1, size) == 0) ||
+ strncmp(name, p->n_un.n_name, size) == 0) {
elf_sym_to_nlist(p, s, shdr,
ehdr.e_shnum);
if (--nent <= 0)
--
GitLab
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment