!11 fix CVE-2021-28831
From: @caihaomin Reviewed-by: @leizhongkai,@yangzhao_kl Signed-off-by: @leizhongkai,@yangzhao_kl
This commit is contained in:
openeuler-ci-bot
Gitee
commit
ebb788a1dd
42
backport-CVE-2021-28831.patch
Executable file
42
backport-CVE-2021-28831.patch
Executable file
@ -0,0 +1,42 @@
|
||||
From 26d06cef6684055a30cce5922095d22e8a9a91e3 Mon Sep 17 00:00:00 2001
|
||||
From: leizhongkai <leizhongkai@huawei.com>
|
||||
Date: Sat, 17 Apr 2021 14:27:23 +0800
|
||||
Subject: [PATCH] busybox: fix CVE-2021-28831
|
||||
|
||||
backoprt from upstream:
|
||||
https://git.busybox.net/busybox/patch/?id=dbd3b883a891f076911d752f56f7a906d5650a17
|
||||
|
||||
Signed-off-by: leizhongkai <leizhongkai@huawei.com>
|
||||
---
|
||||
archival/libarchive/decompress_gunzip.c | 11 +++++++++++
|
||||
1 file changed, 11 insertions(+)
|
||||
|
||||
diff --git a/archival/libarchive/decompress_gunzip.c b/archival/libarchive/decompress_gunzip.c
|
||||
index 7f9046b..3eeae76 100644
|
||||
--- a/archival/libarchive/decompress_gunzip.c
|
||||
+++ b/archival/libarchive/decompress_gunzip.c
|
||||
@@ -222,10 +222,21 @@ static const uint8_t border[] ALIGN1 = {
|
||||
* each table.
|
||||
* t: table to free
|
||||
*/
|
||||
+#define BAD_HUFT(p) ((uintptr_t)(p) & 1)
|
||||
+#define ERR_RET ((huft_t*)(uintptr_t)1)
|
||||
static void huft_free(huft_t *p)
|
||||
{
|
||||
huft_t *q;
|
||||
|
||||
+ /*
|
||||
+ * If 'p' has the error bit set we have to clear it, otherwise we might run
|
||||
+ * into a segmentation fault or an invalid pointer to free(p)
|
||||
+ */
|
||||
+ if (BAD_HUFT(p)) {
|
||||
+ p = (huft_t*)((uintptr_t)(p) ^ (uintptr_t)(ERR_RET));
|
||||
+ }
|
||||
+
|
||||
+
|
||||
/* Go through linked list, freeing from the malloced (t[-1]) address. */
|
||||
while (p) {
|
||||
q = (--p)->v.t;
|
||||
--
|
||||
2.23.0
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
%endif
|
||||
|
||||
%if "%{!?RELEASE:1}"
|
||||
%define RELEASE 7
|
||||
%define RELEASE 8
|
||||
%endif
|
||||
|
||||
Name: busybox
|
||||
@ -22,6 +22,7 @@ Source3: busybox-dynamic.config
|
||||
#backport
|
||||
Patch6000: backport-bugfix-remove-stime-calls.patch
|
||||
Patch6001: backport-CVE-2018-1000500.patch
|
||||
Patch6002: backport-CVE-2021-28831.patch
|
||||
|
||||
BuildRoot: %_topdir/BUILDROOT
|
||||
#Dependency
|
||||
@ -97,6 +98,12 @@ install -m 644 docs/busybox.dynamic.1 $RPM_BUILD_ROOT/%{_mandir}/man1/busybox.1
|
||||
%{_mandir}/man1/busybox.petitboot.1.gz
|
||||
|
||||
%changelog
|
||||
* Fri Apr 30 2021 caihaomin <caihaomin@huawei.com> - 1:1.31.1-8
|
||||
- Type:CVE
|
||||
- CVE:CVE-2021-28831
|
||||
- SUG:NA
|
||||
- DESC:fix CVE-2021-28831
|
||||
|
||||
* Tue Feb 09 2021 xieliuhua <xieliuhua@huawei.com> - 1:1.31.1-7
|
||||
- Type:CVE
|
||||
- CVE:CVE-2018-1000500
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user