packet init

0001-correctly-check-for-out-of-bounds-allocation-reqs.patch

@@ -0,0 +1,107 @@
+From aa106b29a6a8a1b0df9e334704292cbc32f2d44e Mon Sep 17 00:00:00 2001
+From: Corinna Vinschen <vinschen@redhat.com>
+Date: Tue, 17 Nov 2020 10:50:57 +0100
+Subject: [PATCH] malloc/nano-malloc: correctly check for out-of-bounds
+ allocation reqs
+CVE: CVE-2021-3420
+Reference: https://sourceware.org/git/?p=newlib-cygwin.git;a=commit;h=aa106b29a6a8a1b0df9e334704292cbc32f2d44e
+
+The overflow check in mEMALIGn erroneously checks for INT_MAX,
+albeit the input parameter is size_t.  Fix this to check for
+__SIZE_MAX__ instead.  Also, it misses to check the req against
+adding the alignment before calling mALLOc.
+
+While at it, add out-of-bounds checks to pvALLOc, nano_memalign,
+nano_valloc, and Cygwin's (unused) dlpvalloc.
+
+Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
+---
+ newlib/libc/stdlib/mallocr.c      |  7 ++++++-
+ newlib/libc/stdlib/nano-mallocr.c | 22 +++++++++++++++++++++-
+ winsup/cygwin/malloc.cc           |  4 ++++
+ 3 files changed, 31 insertions(+), 2 deletions(-)
+
+diff --git a/newlib/libc/stdlib/mallocr.c b/newlib/libc/stdlib/mallocr.c
+index 26d1c89c..af877605 100644
+--- a/newlib/libc/stdlib/mallocr.c
++++ b/newlib/libc/stdlib/mallocr.c
+@@ -3055,7 +3055,7 @@ Void_t* mEMALIGn(RARG alignment, bytes) RDECL size_t alignment; size_t bytes;
+   nb = request2size(bytes);
+ 
+   /* Check for overflow. */
+-  if (nb > INT_MAX || nb < bytes)
++  if (nb > __SIZE_MAX__ - (alignment + MINSIZE) || nb < bytes)
+   {
+     RERRNO = ENOMEM;
+     return 0;
+@@ -3172,6 +3172,11 @@ Void_t* pvALLOc(RARG bytes) RDECL size_t bytes;
+ #endif
+ {
+   size_t pagesize = malloc_getpagesize;
++  if (bytes > __SIZE_MAX__ - pagesize)
++  {
++    RERRNO = ENOMEM;
++    return 0;
++  }
+   return mEMALIGn (RCALL pagesize, (bytes + pagesize - 1) & ~(pagesize - 1));
+ }
+ 
+diff --git a/newlib/libc/stdlib/nano-mallocr.c b/newlib/libc/stdlib/nano-mallocr.c
+index 13b72c99..edf68e7a 100644
+--- a/newlib/libc/stdlib/nano-mallocr.c
++++ b/newlib/libc/stdlib/nano-mallocr.c
+@@ -568,8 +568,22 @@ void * nano_memalign(RARG size_t align, size_t s)
+     if ((align & (align-1)) != 0) return NULL;
+ 
+     align = MAX(align, MALLOC_ALIGN);
++
++   /* Make sure ma_size does not overflow */
++   if (s > __SIZE_MAX__ - CHUNK_ALIGN)
++   {
++	RERRNO = ENOMEM;
++	return NULL;
++   }
+     ma_size = ALIGN_TO(MAX(s, MALLOC_MINSIZE), CHUNK_ALIGN);
+-    size_with_padding = ma_size + align - MALLOC_ALIGN;
++
++   /* Make sure size_with_padding does not overflow */
++   if (ma_size > __SIZE_MAX__ - (align - MALLOC_ALIGN))
++   {
++	RERRNO = ENOMEM;
++	return NULL;
++   }
++   size_with_padding = ma_size + (align - MALLOC_ALIGN);
+ 
+     allocated = nano_malloc(RCALL size_with_padding);
+     if (allocated == NULL) return NULL;
+@@ -632,6 +646,12 @@ void * nano_valloc(RARG size_t s)
+ #ifdef DEFINE_PVALLOC
+ void * nano_pvalloc(RARG size_t s)
+ {
++   /* Make sure size given to nano_valloc does not overflow */
++   if (s > __SIZE_MAX__ - MALLOC_PAGE_ALIGN)
++   {
++	RERRNO = ENOMEM;
++	return NULL;
++   }
+     return nano_valloc(RCALL ALIGN_TO(s, MALLOC_PAGE_ALIGN));
+ }
+ #endif /* DEFINE_PVALLOC */
+diff --git a/winsup/cygwin/malloc.cc b/winsup/cygwin/malloc.cc
+index 23c35407..8a1fc257 100644
+--- a/winsup/cygwin/malloc.cc
++++ b/winsup/cygwin/malloc.cc
+@@ -5298,6 +5298,10 @@ void* dlpvalloc(size_t bytes) {
+   size_t pagesz;
+   ensure_initialization();
+   pagesz = mparams.page_size;
++  if (bytes > MAX_REQUEST) {
++    MALLOC_FAILURE_ACTION;
++    return NULL;
++  }
+   return dlmemalign(pagesz, (bytes + pagesz - SIZE_T_ONE) & ~(pagesz - SIZE_T_ONE));
+ }
+ 
+-- 
+2.33.0.windows.2
+

newlib.spec

@@ -0,0 +1,56 @@
+%global debug_package %{nil}
+%global _newlib newlib
+Name:           newlib
+Version:        3.3.0
+Release:        1%{?dist}
+Summary:        Newlib is a C library intended for use on embedded systems.
+
+License:        BSD
+URL:            https://sourceware.org/newlib/
+Source0:        ftp://sourceware.org/pub/newlib/newlib-%{version}.tar.gz
+
+BuildRequires:  make gcc binutils texinfo texinfo-tex
+
+%description
+
+Newlib is a C library intended for use on embedded systems. It is a conglomeration of several library parts, all under free software licenses that make them easily usable on embedded products. 
+
+
+%prep
+%autosetup
+
+
+%build
+rm -rf build-newlib
+mkdir build-newlib
+cd build-newlib
+export CFLAGS="-O2 -D_FORTIFY_SOURCE=0"
+../newlib/configure --prefix=%{_prefix}
+make %{?_smp_mflags}
+cd ..
+
+
+%install
+rm -rf %{buildroot}
+cd build-newlib
+make DESTDIR=%{buildroot}%{_prefix}/%{_newlib} install install-info
+cd ..
+
+
+%files
+%license COPYING*
+%{_prefix}/%{_newlib}%{_prefix}/include/*.h
+%{_prefix}/%{_newlib}%{_prefix}/include/sys/*.h
+%{_prefix}/%{_newlib}%{_prefix}/include/ssp/*.h
+%{_prefix}/%{_newlib}%{_prefix}/include/machine/*.h
+%{_prefix}/%{_newlib}%{_prefix}/lib/lib{c,m,g}.a
+%doc
+%{_prefix}/%{_newlib}%{_prefix}/share/info/dir
+%{_prefix}/%{_newlib}%{_prefix}/share/info/libc.info
+%{_prefix}/%{_newlib}%{_prefix}/share/info/libc.info-{1,2}
+%{_prefix}/%{_newlib}%{_prefix}/share/info/libm.info
+
+
+%changelog
+* Sat Sep 25 2021 Lijinpei <lijinpei@huawei.com>
+- Package init