Skip to content
GitLab
Explore
Sign in
Register
Primary navigation
Search or go to…
Project
aports
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Model registry
Monitor
Service Desk
Analyze
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Terms and privacy
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
alpine
aports
Commits
089e41c4
Commit
089e41c4
authored
3 years ago
by
Ariadne Conill
Browse files
Options
Downloads
Patches
Plain Diff
main/aspell: add mitigation for CVE-2019-25051 / OSV-2020-521
parent
136e0f8c
No related branches found
No related tags found
No related merge requests found
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
main/aspell/APKBUILD
+9
-3
9 additions, 3 deletions
main/aspell/APKBUILD
main/aspell/CVE-2019-25051.patch
+96
-0
96 additions, 0 deletions
main/aspell/CVE-2019-25051.patch
with
105 additions
and
3 deletions
main/aspell/APKBUILD
+
9
−
3
View file @
089e41c4
...
...
@@ -2,7 +2,7 @@
# Contributor: Valery Kartel <valery.kartel@gmail.com>
pkgname
=
aspell
pkgver
=
0.60.8
pkgrel
=
0
pkgrel
=
1
pkgdesc
=
"A spell checker designed to eventually replace Ispell"
url
=
"http://aspell.net/"
arch
=
"all"
...
...
@@ -11,9 +11,12 @@ subpackages="$pkgname-compat::noarch $pkgname-utils $pkgname-dev $pkgname-doc
$pkgname
-lang
$pkgname
-libs"
depends_dev
=
"
$pkgname
-utils"
makedepends
=
"ncurses-dev perl gettext-dev"
source
=
"https://ftp.gnu.org/gnu/aspell/aspell-
$pkgver
.tar.gz"
source
=
"https://ftp.gnu.org/gnu/aspell/aspell-
$pkgver
.tar.gz
CVE-2019-25051.patch"
# secfixes:
# 0.60.8-r1:
# - CVE-2019-25051
# 0.60.8-r0:
# - CVE-2019-17544
...
...
@@ -63,4 +66,7 @@ libs() {
rm
-fr
"
$pkgdir
"
/usr/lib
}
sha512sums
=
"8ef4952c553b6234dfe777240d2d97beb13ef9201e18d56bee3b5068d13525db3625b7130d9f5122f7c529da0ccb0c70eb852a81472a7d15fb7c4ee5ba21cd29 aspell-0.60.8.tar.gz"
sha512sums
=
"
8ef4952c553b6234dfe777240d2d97beb13ef9201e18d56bee3b5068d13525db3625b7130d9f5122f7c529da0ccb0c70eb852a81472a7d15fb7c4ee5ba21cd29 aspell-0.60.8.tar.gz
529f3f4737d2e19f7571f4c8666b1cd089cc4e9dfdaa52dc468919f01ce9f8f8112d8fe8afda295b3dfb92f5e0c2bbd79bf1ec69f06c163c32eb28f0168ab263 CVE-2019-25051.patch
"
This diff is collapsed.
Click to expand it.
main/aspell/CVE-2019-25051.patch
0 → 100644
+
96
−
0
View file @
089e41c4
From 0718b375425aad8e54e1150313b862e4c6fd324a Mon Sep 17 00:00:00 2001
From: Kevin Atkinson <kevina@gnu.org>
Date: Sat, 21 Dec 2019 20:32:47 +0000
Subject: [PATCH] objstack: assert that the alloc size will fit within a chunk
to prevent a buffer overflow
Bug found using OSS-Fuze.
---
common/objstack.hpp | 18 ++++++++++++++----
1 file changed, 14 insertions(+), 4 deletions(-)
diff --git a/common/objstack.hpp b/common/objstack.hpp
index 3997bf7..bd97ccd 100644
--- a/common/objstack.hpp
+++ b/common/objstack.hpp
@@ -5,6 +5,7 @@
#include "parm_string.hpp"
#include <stdlib.h>
#include <assert.h>
+#include <stddef.h>
namespace acommon {
@@ -26,6 +27,12 @@
class ObjStack
byte * temp_end;
void setup_chunk();
void new_chunk();
+ bool will_overflow(size_t sz) const {
+ return offsetof(Node,data) + sz > chunk_size;
+ }
+ void check_size(size_t sz) {
+ assert(!will_overflow(sz));
+ }
ObjStack(const ObjStack &);
void operator=(const ObjStack &);
@@ -56,7 +63,7 @@
class ObjStack
void * alloc_bottom(size_t size) {
byte * tmp = bottom;
bottom += size;
- if (bottom > top) {new_chunk(); tmp = bottom; bottom += size;}
+ if (bottom > top) {check_size(size); new_chunk(); tmp = bottom; bottom += size;}
return tmp;
}
// This alloc_bottom will insure that the object is aligned based on the
@@ -66,7 +73,7 @@
class ObjStack
align_bottom(align);
byte * tmp = bottom;
bottom += size;
- if (bottom > top) {new_chunk(); goto loop;}
+ if (bottom > top) {check_size(size); new_chunk(); goto loop;}
return tmp;
}
char * dup_bottom(ParmString str) {
@@ -79,7 +86,7 @@
class ObjStack
// always be aligned as such.
void * alloc_top(size_t size) {
top -= size;
- if (top < bottom) {new_chunk(); top -= size;}
+ if (top < bottom) {check_size(size); new_chunk(); top -= size;}
return top;
}
// This alloc_top will insure that the object is aligned based on
@@ -88,7 +95,7 @@
class ObjStack
{loop:
top -= size;
align_top(align);
- if (top < bottom) {new_chunk(); goto loop;}
+ if (top < bottom) {check_size(size); new_chunk(); goto loop;}
return top;
}
char * dup_top(ParmString str) {
@@ -117,6 +124,7 @@
class ObjStack
void * alloc_temp(size_t size) {
temp_end = bottom + size;
if (temp_end > top) {
+ check_size(size);
new_chunk();
temp_end = bottom + size;
}
@@ -131,6 +139,7 @@
class ObjStack
} else {
size_t s = temp_end - bottom;
byte * p = bottom;
+ check_size(size);
new_chunk();
memcpy(bottom, p, s);
temp_end = bottom + size;
@@ -150,6 +159,7 @@
class ObjStack
} else {
size_t s = temp_end - bottom;
byte * p = bottom;
+ check_size(size);
new_chunk();
memcpy(bottom, p, s);
temp_end = bottom + size;
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment