* [hardknott][PATCH v2] glibc: Fix CVE-2021-35942
@ 2021-08-09 8:39 Vinay Kumar
2021-08-15 7:53 ` Vinay Kumar
0 siblings, 1 reply; 3+ messages in thread
From: Vinay Kumar @ 2021-08-09 8:39 UTC (permalink / raw)
To: anuj.mittal
Cc: richard.purdie, openembedded-core, rwmacleod, umesh.kalappa0,
vinay.kumar, Vinay Kumar
Source: https://sourceware.org/git/glibc.git
Tracking -- https://sourceware.org/bugzilla/show_bug.cgi?id=28011
Backported upstream commit 5adda61f62b77384718b4c0d8336ade8f2b4b35c to
glibc-2.33 source.
Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c]
Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com>
---
.../glibc/glibc/CVE-2021-35942.patch | 44 +++++++++++++++++++
meta/recipes-core/glibc/glibc_2.33.bb | 1 +
2 files changed, 45 insertions(+)
create mode 100644 meta/recipes-core/glibc/glibc/CVE-2021-35942.patch
diff --git a/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch b/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch
new file mode 100644
index 0000000000..5cae1bc91c
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch
@@ -0,0 +1,44 @@
+From 5adda61f62b77384718b4c0d8336ade8f2b4b35c Mon Sep 17 00:00:00 2001
+From: Andreas Schwab <schwab@linux-m68k.org>
+Date: Fri, 25 Jun 2021 15:02:47 +0200
+Subject: [PATCH] wordexp: handle overflow in positional parameter number (bug
+ 28011)
+
+Use strtoul instead of atoi so that overflow can be detected.
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c]
+CVE: CVE-2021-35942
+Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com>
+---
+ posix/wordexp-test.c | 1 +
+ posix/wordexp.c | 2 +-
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/posix/wordexp-test.c b/posix/wordexp-test.c
+index f93a546d7e..9df02dbbb3 100644
+--- a/posix/wordexp-test.c
++++ b/posix/wordexp-test.c
+@@ -183,6 +183,7 @@ struct test_case_struct
+ { 0, NULL, "$var", 0, 0, { NULL, }, IFS },
+ { 0, NULL, "\"\\n\"", 0, 1, { "\\n", }, IFS },
+ { 0, NULL, "", 0, 0, { NULL, }, IFS },
++ { 0, NULL, "${1234567890123456789012}", 0, 0, { NULL, }, IFS },
+
+ /* Flags not already covered (testit() has special handling for these) */
+ { 0, NULL, "one two", WRDE_DOOFFS, 2, { "one", "two", }, IFS },
+diff --git a/posix/wordexp.c b/posix/wordexp.c
+index bcbe96e48d..1f3b09f721 100644
+--- a/posix/wordexp.c
++++ b/posix/wordexp.c
+@@ -1399,7 +1399,7 @@ envsubst:
+ /* Is it a numeric parameter? */
+ else if (isdigit (env[0]))
+ {
+- int n = atoi (env);
++ unsigned long n = strtoul (env, NULL, 10);
+
+ if (n >= __libc_argc)
+ /* Substitute NULL. */
+--
+2.17.1
+
diff --git a/meta/recipes-core/glibc/glibc_2.33.bb b/meta/recipes-core/glibc/glibc_2.33.bb
index bb35c50c98..7f516d2bbe 100644
--- a/meta/recipes-core/glibc/glibc_2.33.bb
+++ b/meta/recipes-core/glibc/glibc_2.33.bb
@@ -63,6 +63,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
file://0001-nptl-Remove-private-futex-optimization-BZ-27304.patch \
file://CVE-2021-33574_1.patch \
file://CVE-2021-33574_2.patch \
+ file://CVE-2021-35942.patch \
"
S = "${WORKDIR}/git"
B = "${WORKDIR}/build-${TARGET_SYS}"
--
2.31.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [hardknott][PATCH v2] glibc: Fix CVE-2021-35942
2021-08-09 8:39 [hardknott][PATCH v2] glibc: Fix CVE-2021-35942 Vinay Kumar
@ 2021-08-15 7:53 ` Vinay Kumar
2021-08-15 15:49 ` [OE-core] " Anuj Mittal
0 siblings, 1 reply; 3+ messages in thread
From: Vinay Kumar @ 2021-08-15 7:53 UTC (permalink / raw)
To: Mittal, Anuj
Cc: Richard Purdie, Patches and discussions about the oe-core layer,
Randy MacLeod, umesh kalappa0, vinay.kumar
Hi Anuj,
Please let me know in case any corrections are needed.
Regards,
Vinay
On Mon, Aug 9, 2021 at 2:10 PM Vinay Kumar <vinay.m.engg@gmail.com> wrote:
>
> Source: https://sourceware.org/git/glibc.git
> Tracking -- https://sourceware.org/bugzilla/show_bug.cgi?id=28011
>
> Backported upstream commit 5adda61f62b77384718b4c0d8336ade8f2b4b35c to
> glibc-2.33 source.
>
> Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c]
> Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com>
> ---
> .../glibc/glibc/CVE-2021-35942.patch | 44 +++++++++++++++++++
> meta/recipes-core/glibc/glibc_2.33.bb | 1 +
> 2 files changed, 45 insertions(+)
> create mode 100644 meta/recipes-core/glibc/glibc/CVE-2021-35942.patch
>
> diff --git a/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch b/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch
> new file mode 100644
> index 0000000000..5cae1bc91c
> --- /dev/null
> +++ b/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch
> @@ -0,0 +1,44 @@
> +From 5adda61f62b77384718b4c0d8336ade8f2b4b35c Mon Sep 17 00:00:00 2001
> +From: Andreas Schwab <schwab@linux-m68k.org>
> +Date: Fri, 25 Jun 2021 15:02:47 +0200
> +Subject: [PATCH] wordexp: handle overflow in positional parameter number (bug
> + 28011)
> +
> +Use strtoul instead of atoi so that overflow can be detected.
> +
> +Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c]
> +CVE: CVE-2021-35942
> +Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com>
> +---
> + posix/wordexp-test.c | 1 +
> + posix/wordexp.c | 2 +-
> + 2 files changed, 2 insertions(+), 1 deletion(-)
> +
> +diff --git a/posix/wordexp-test.c b/posix/wordexp-test.c
> +index f93a546d7e..9df02dbbb3 100644
> +--- a/posix/wordexp-test.c
> ++++ b/posix/wordexp-test.c
> +@@ -183,6 +183,7 @@ struct test_case_struct
> + { 0, NULL, "$var", 0, 0, { NULL, }, IFS },
> + { 0, NULL, "\"\\n\"", 0, 1, { "\\n", }, IFS },
> + { 0, NULL, "", 0, 0, { NULL, }, IFS },
> ++ { 0, NULL, "${1234567890123456789012}", 0, 0, { NULL, }, IFS },
> +
> + /* Flags not already covered (testit() has special handling for these) */
> + { 0, NULL, "one two", WRDE_DOOFFS, 2, { "one", "two", }, IFS },
> +diff --git a/posix/wordexp.c b/posix/wordexp.c
> +index bcbe96e48d..1f3b09f721 100644
> +--- a/posix/wordexp.c
> ++++ b/posix/wordexp.c
> +@@ -1399,7 +1399,7 @@ envsubst:
> + /* Is it a numeric parameter? */
> + else if (isdigit (env[0]))
> + {
> +- int n = atoi (env);
> ++ unsigned long n = strtoul (env, NULL, 10);
> +
> + if (n >= __libc_argc)
> + /* Substitute NULL. */
> +--
> +2.17.1
> +
> diff --git a/meta/recipes-core/glibc/glibc_2.33.bb b/meta/recipes-core/glibc/glibc_2.33.bb
> index bb35c50c98..7f516d2bbe 100644
> --- a/meta/recipes-core/glibc/glibc_2.33.bb
> +++ b/meta/recipes-core/glibc/glibc_2.33.bb
> @@ -63,6 +63,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
> file://0001-nptl-Remove-private-futex-optimization-BZ-27304.patch \
> file://CVE-2021-33574_1.patch \
> file://CVE-2021-33574_2.patch \
> + file://CVE-2021-35942.patch \
> "
> S = "${WORKDIR}/git"
> B = "${WORKDIR}/build-${TARGET_SYS}"
> --
> 2.31.1
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [OE-core] [hardknott][PATCH v2] glibc: Fix CVE-2021-35942
2021-08-15 7:53 ` Vinay Kumar
@ 2021-08-15 15:49 ` Anuj Mittal
0 siblings, 0 replies; 3+ messages in thread
From: Anuj Mittal @ 2021-08-15 15:49 UTC (permalink / raw)
To: vinay.m.engg
Cc: vinay.kumar, richard.purdie, openembedded-core, rwmacleod,
umesh.kalappa0
Hello,
On Sun, 2021-08-15 at 13:23 +0530, Vinay Kumar wrote:
> Hi Anuj,
>
> Please let me know in case any corrections are needed.
I have taken this patch and it will be in the next pull request.
Thanks,
Anuj
>
> Regards,
> Vinay
>
> On Mon, Aug 9, 2021 at 2:10 PM Vinay Kumar <vinay.m.engg@gmail.com>
> wrote:
> >
> > Source: https://sourceware.org/git/glibc.git
> > Tracking -- https://sourceware.org/bugzilla/show_bug.cgi?id=28011
> >
> > Backported upstream commit 5adda61f62b77384718b4c0d8336ade8f2b4b35c
> > to
> > glibc-2.33 source.
> >
> > Upstream-Status: Backport
> > [https://sourceware.org/git/?p=glibc.git;a=commit;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c
> > ]
> > Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com>
> > ---
> > .../glibc/glibc/CVE-2021-35942.patch | 44
> > +++++++++++++++++++
> > meta/recipes-core/glibc/glibc_2.33.bb | 1 +
> > 2 files changed, 45 insertions(+)
> > create mode 100644 meta/recipes-core/glibc/glibc/CVE-2021-
> > 35942.patch
> >
> > diff --git a/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch
> > b/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch
> > new file mode 100644
> > index 0000000000..5cae1bc91c
> > --- /dev/null
> > +++ b/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch
> > @@ -0,0 +1,44 @@
> > +From 5adda61f62b77384718b4c0d8336ade8f2b4b35c Mon Sep 17 00:00:00
> > 2001
> > +From: Andreas Schwab <schwab@linux-m68k.org>
> > +Date: Fri, 25 Jun 2021 15:02:47 +0200
> > +Subject: [PATCH] wordexp: handle overflow in positional parameter
> > number (bug
> > + 28011)
> > +
> > +Use strtoul instead of atoi so that overflow can be detected.
> > +
> > +Upstream-Status: Backport
> > [https://sourceware.org/git/?p=glibc.git;a=commit;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c
> > ]
> > +CVE: CVE-2021-35942
> > +Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com>
> > +---
> > + posix/wordexp-test.c | 1 +
> > + posix/wordexp.c | 2 +-
> > + 2 files changed, 2 insertions(+), 1 deletion(-)
> > +
> > +diff --git a/posix/wordexp-test.c b/posix/wordexp-test.c
> > +index f93a546d7e..9df02dbbb3 100644
> > +--- a/posix/wordexp-test.c
> > ++++ b/posix/wordexp-test.c
> > +@@ -183,6 +183,7 @@ struct test_case_struct
> > + { 0, NULL, "$var", 0, 0, { NULL, }, IFS },
> > + { 0, NULL, "\"\\n\"", 0, 1, { "\\n", }, IFS },
> > + { 0, NULL, "", 0, 0, { NULL, }, IFS },
> > ++ { 0, NULL, "${1234567890123456789012}", 0, 0, { NULL, }, IFS
> > },
> > +
> > + /* Flags not already covered (testit() has special handling
> > for these) */
> > + { 0, NULL, "one two", WRDE_DOOFFS, 2, { "one", "two", }, IFS
> > },
> > +diff --git a/posix/wordexp.c b/posix/wordexp.c
> > +index bcbe96e48d..1f3b09f721 100644
> > +--- a/posix/wordexp.c
> > ++++ b/posix/wordexp.c
> > +@@ -1399,7 +1399,7 @@ envsubst:
> > + /* Is it a numeric parameter? */
> > + else if (isdigit (env[0]))
> > + {
> > +- int n = atoi (env);
> > ++ unsigned long n = strtoul (env, NULL, 10);
> > +
> > + if (n >= __libc_argc)
> > + /* Substitute NULL. */
> > +--
> > +2.17.1
> > +
> > diff --git a/meta/recipes-core/glibc/glibc_2.33.bb b/meta/recipes-
> > core/glibc/glibc_2.33.bb
> > index bb35c50c98..7f516d2bbe 100644
> > --- a/meta/recipes-core/glibc/glibc_2.33.bb
> > +++ b/meta/recipes-core/glibc/glibc_2.33.bb
> > @@ -63,6 +63,7 @@ SRC_URI =
> > "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
> >
> > file://0001-nptl-Remove-private-futex-optimization-BZ-27304.patch \
> > file://CVE-2021-33574_1.patch \
> > file://CVE-2021-33574_2.patch \
> > + file://CVE-2021-35942.patch \
> > "
> > S = "${WORKDIR}/git"
> > B = "${WORKDIR}/build-${TARGET_SYS}"
> > --
> > 2.31.1
> >
>
>
>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-08-15 15:49 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-09 8:39 [hardknott][PATCH v2] glibc: Fix CVE-2021-35942 Vinay Kumar
2021-08-15 7:53 ` Vinay Kumar
2021-08-15 15:49 ` [OE-core] " Anuj Mittal
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.