mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-06-13 17:39:57 +00:00
Gyorgy Sarvari
dab398c7e0
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-31870 Pick patch mentioned in the nvd report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
46 lines
1.3 KiB
Diff
46 lines
1.3 KiB
Diff
From 15c0e066ac8a75bdb3189dd5d77dc0f3539afefd Mon Sep 17 00:00:00 2001
|
|
From: Ben Hutchings <ben@decadent.org.uk>
|
|
Date: Wed, 28 Apr 2021 04:29:50 +0200
|
|
Subject: [PATCH] calloc: Fail if multiplication overflows
|
|
|
|
calloc() multiplies its 2 arguments together and passes the result to
|
|
malloc(). Since the factors and product both have type size_t, this
|
|
can result in an integer overflow and subsequent buffer overflow.
|
|
Check for this and fail if it happens.
|
|
|
|
CVE-2021-31870
|
|
|
|
CVE: CVE-2021-31870
|
|
Upstream-Status: Backport [https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=292650f04c2b5348b4efbad61fb014ed09b4f3f2]
|
|
|
|
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
|
---
|
|
usr/klibc/calloc.c | 11 ++++++++---
|
|
1 file changed, 8 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/usr/klibc/calloc.c b/usr/klibc/calloc.c
|
|
index 53dcc6b..4a81cda 100644
|
|
--- a/usr/klibc/calloc.c
|
|
+++ b/usr/klibc/calloc.c
|
|
@@ -2,12 +2,17 @@
|
|
* calloc.c
|
|
*/
|
|
|
|
+#include <errno.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
|
|
-/* FIXME: This should look for multiplication overflow */
|
|
-
|
|
void *calloc(size_t nmemb, size_t size)
|
|
{
|
|
- return zalloc(nmemb * size);
|
|
+ unsigned long prod;
|
|
+
|
|
+ if (__builtin_umull_overflow(nmemb, size, &prod)) {
|
|
+ errno = ENOMEM;
|
|
+ return NULL;
|
|
+ }
|
|
+ return zalloc(prod);
|
|
}
|