packages/glibc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!989 [sync] PR-986: fix CVE-2019-1010023

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @liqingqing_1229 
Signed-off-by: @liqingqing_1229
This commit is contained in:
openeuler-ci-bot 2025-02-07 09:19:08 +00:00 committed by Gitee
commit 2f571cfc1d
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 72 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
fix-CVE-2019-1010023.patch Normal file
View File

@ -0,0 +1,66 @@
From fe1ffef2eec9c6634a1e9af951eb68f0f5614470 Mon Sep 17 00:00:00 2001
From: xujing <xujing99@huawei.com>
Date: Thu, 2 Dec 2021 11:41:46 +0800
Subject: [PATCH] glibc: fix CVE-2019-1010023
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
| PT_LOAD
|
| […] Loadable segment entries in the program header table appear in
| ascending order, sorted on the p_vaddr member.
http://www.sco.com/developers/gabi/latest/ch5.pheader.html
Some check needed to fix vulnerability in load commands mapping reported by
https://sourceware.org/bugzilla/show_bug.cgi?id=22851
Signed-off-by: lvying <lvying6@huawei.com>
Signed-off-by: xujing <xujing99@huawei.com>
---
elf/dl-map-segments.h | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/elf/dl-map-segments.h b/elf/dl-map-segments.h
index 084076a2..a41ae73b 100644
--- a/elf/dl-map-segments.h
+++ b/elf/dl-map-segments.h
@@ -33,6 +33,7 @@ _dl_map_segments (struct link_map *l, int fd,
struct link_map *loader)
{
const struct loadcmd *c = loadcmds;
+ ElfW(Addr) l_map_end_aligned;
if (__glibc_likely (type == ET_DYN))
{
@@ -61,6 +62,8 @@ _dl_map_segments (struct link_map *l, int fd,
return DL_MAP_SEGMENTS_ERROR_MAP_SEGMENT;
l->l_map_end = l->l_map_start + maplength;
+ l_map_end_aligned = ((l->l_map_end + GLRO(dl_pagesize) - 1)
+ & ~(GLRO(dl_pagesize) - 1));
l->l_addr = l->l_map_start - c->mapstart;
if (has_holes)
@@ -85,10 +88,16 @@ _dl_map_segments (struct link_map *l, int fd,
/* Remember which part of the address space this object uses. */
l->l_map_start = c->mapstart + l->l_addr;
l->l_map_end = l->l_map_start + maplength;
+ l_map_end_aligned = ((l->l_map_end + GLRO(dl_pagesize) - 1)
+ & ~(GLRO(dl_pagesize) - 1));
l->l_contiguous = !has_holes;
while (c < &loadcmds[nloadcmds])
{
+ if ((l->l_addr + c->mapend) > l_map_end_aligned ||
+ (l->l_addr + c->mapstart) < l->l_map_start)
+ return DL_MAP_SEGMENTS_ERROR_MAP_SEGMENT;
+
if (c->mapend > c->mapstart
/* Map the segment contents from the file. */
&& (__mmap ((void *) (l->l_addr + c->mapstart),
--
2.23.0

7
glibc.spec
View File

@ -67,7 +67,7 @@
##############################################################################
Name: glibc
Version: 2.38
Release: 52
Release: 53
Summary: The GNU libc libraries
License: %{all_license}
URL: http://www.gnu.org/software/glibc/
@ -310,6 +310,8 @@ Patch9034: 0001-x86-Set-preferred-CPU-features-on-the-KH-40000-and-K.patch
Patch9035: 0002-x86_64-Optimize-large-size-copy-in-memmove-ssse3.patch
Patch9036: 0003-x86-Set-default-non_temporal_threshold-for-Zhaoxin-p.patch
Patch9037: fix-CVE-2019-1010023.patch
Provides: ldconfig rtld(GNU_HASH) bundled(gnulib)
BuildRequires: audit-libs-devel >= 1.1.3, sed >= 3.95, libcap-devel, gettext
@ -1486,6 +1488,9 @@ fi
%endif
%changelog
* Thu Feb 06 2025 shixuantong <shixuantong1@huawei.com> - 2.38-53
- fix CVE-2019-1010023
* Sun Jan 26 2025 Qingqing Li <liqingqing3@huawei.com> - 2.38-52
- stdlib: Test using setenv with updated environ [BZ #32588]
- Fix underallocation of abort_msg_s struct (CVE-2025-0395)