Fix CVE-2022-44370

2023-04-12 16:20:17 +08:00 · 2023-04-12 16:20:17 +08:00 · a5eae9aa51
commit a5eae9aa51
parent fe6437915a
2 changed files with 100 additions and 1 deletions
--- a/CVE-2022-44370.patch
+++ b/CVE-2022-44370.patch
@ -0,0 +1,94 @@
+From 2d4e6952417ec6f08b6f135d2b5d0e19b7dae30d Mon Sep 17 00:00:00 2001
+From: "H. Peter Anvin" <hpa@zytor.com>
+Date: Mon, 7 Nov 2022 10:26:03 -0800
+Subject: [PATCH] quote_for_pmake: fix counter underrun resulting in segfault
+
+while (nbs--) { ... } ends with nbs == -1. Rather than a minimal fix,
+introduce mempset() to make these kinds of errors less likely in the
+future.
+
+Fixes: https://bugzilla.nasm.us/show_bug.cgi?id=3392815
+Reported-by: <13579and24680@gmail.com>
+Signed-off-by: H. Peter Anvin <hpa@zytor.com>
+---
+ asm/nasm.c         | 12 +++++-------
+ configure.ac       |  1 +
+ include/compiler.h |  7 +++++++
+ 3 files changed, 13 insertions(+), 7 deletions(-)
+
+diff --git a/asm/nasm.c b/asm/nasm.c
+index 6af927547..1e337c7ba 100644
+--- a/asm/nasm.c
+++ b/asm/nasm.c
+@@ -1,6 +1,6 @@
+ /* ----------------------------------------------------------------------- *
+  *
+- *   Copyright 1996-2020 The NASM Authors - All Rights Reserved
+ *   Copyright 1996-2022 The NASM Authors - All Rights Reserved
+  *   See the file AUTHORS included with the NASM distribution for
+  *   the specific copyright holders.
+  *
+@@ -817,8 +817,7 @@ static char *quote_for_pmake(const char *str)
+     }
+ 
+     /* Convert N backslashes at the end of filename to 2N backslashes */
+-    if (nbs)
+-        n += nbs;
+    n += nbs;
+ 
+     os = q = nasm_malloc(n);
+ 
+@@ -827,10 +826,10 @@ static char *quote_for_pmake(const char *str)
+         switch (*p) {
+         case ' ':
+         case '\t':
+-            while (nbs--)
+-                *q++ = '\\';
+            q = mempset(q, '\\', nbs);
+             *q++ = '\\';
+             *q++ = *p;
+            nbs = 0;
+             break;
+         case '$':
+             *q++ = *p;
+@@ -852,9 +851,8 @@ static char *quote_for_pmake(const char *str)
+             break;
+         }
+     }
+-    while (nbs--)
+-        *q++ = '\\';
+ 
+    q = mempset(q, '\\', nbs);
+     *q = '\0';
+ 
+     return os;
+diff --git a/configure.ac b/configure.ac
+index 04a9f648b..42cd19884 100644
+--- a/configure.ac
+++ b/configure.ac
+@@ -200,6 +200,7 @@ AC_CHECK_FUNCS(strrchrnul)
+ AC_CHECK_FUNCS(iscntrl)
+ AC_CHECK_FUNCS(isascii)
+ AC_CHECK_FUNCS(mempcpy)
+AC_CHECK_FUNCS(mempset)
+ 
+ AC_CHECK_FUNCS(getuid)
+ AC_CHECK_FUNCS(getgid)
+diff --git a/include/compiler.h b/include/compiler.h
+index c5bac6e57..407c16093 100644
+--- a/include/compiler.h
+++ b/include/compiler.h
+@@ -252,6 +252,13 @@ static inline void *mempcpy(void *dst, const void *src, size_t n)
+ }
+ #endif
+ 
+#ifndef HAVE_MEMPSET
+static inline void *mempset(void *dst, int c, size_t n)
+{
+    return (char *)memset(dst, c, n) + n;
+}
+#endif
+
+ /*
+  * Hack to support external-linkage inline functions
+  */
--- a/nasm.spec
+++ b/nasm.spec
@ -8,7 +8,7 @@

 Name:     nasm
 Version:  2.15.05
-Release:  4
+Release:  5
 Summary:  The Netwide Assembler, a portable x86 assembler with Intel-like syntax
 License:  BSD-2-Clause
 URL:      http://www.nasm.us
@ -17,6 +17,8 @@ Source1:  http://www.nasm.us/pub/nasm/releasebuilds/%{version}/%{name}-%{version

 Patch6000: enable-make-check.patch
 Patch6001: fix-help-info-error.patch 
+# https://github.com/netwide-assembler/nasm/commit/2d4e6952417ec6f08b6f135d2b5d0e19b7dae30d
+Patch6002: CVE-2022-44370.patch
 #https://bugzilla.nasm.us/attachment.cgi?id=411648
 BuildRequires: perl(Env) autoconf asciidoc xmlto gcc make git

@ -89,6 +91,9 @@ make test
 %{_mandir}/man1/ld*

 %changelog
+* Wed Apr 12 2023 yaoxin <yao_xin001@hoperun.com> - 2.15.05-5
+- Fix CVE-2022-44370
+
 * Thu Jan 19 2023 yangchenguang <yangchenguang@uniontech.com> - 2.15.05-4
 - Fix help info error