!70 fix CVE-2021-37600

From: @tong_1001 Reviewed-by: @openeuler-basic Signed-off-by: @openeuler-basic
2021-08-10 06:27:55 +00:00 · 2021-08-10 06:27:55 +00:00 · bfe93b8797
commit bfe93b8797
parent 6672e76d4e 26e0d5772f
2 changed files with 33 additions and 1 deletions
--- a/backport-CVE-2021-37600.patch
+++ b/backport-CVE-2021-37600.patch
@ -0,0 +1,25 @@
+From 1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Tue, 27 Jul 2021 11:58:31 +0200
+Subject: [PATCH] sys-utils/ipcutils: be careful when call calloc() for uint64
+ nmembs
+
+Fix: https://github.com/karelzak/util-linux/issues/1395
+Signed-off-by: Karel Zak <kzak@redhat.com>
+---
+ sys-utils/ipcutils.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/sys-utils/ipcutils.c b/sys-utils/ipcutils.c
+index e784c4dcb9..18868cfd38 100644
+--- a/sys-utils/ipcutils.c
+++ b/sys-utils/ipcutils.c
+@@ -218,7 +218,7 @@ static void get_sem_elements(struct sem_data *p)
+ {
+ 	size_t i;
+ 
+-	if (!p || !p->sem_nsems || p->sem_perm.id < 0)
+	if (!p || !p->sem_nsems || p->sem_nsems > SIZE_MAX || p->sem_perm.id < 0)
+ 		return;
+ 
+ 	p->elements = xcalloc(p->sem_nsems, sizeof(struct sem_elem));
--- a/util-linux.spec
+++ b/util-linux.spec
@ -3,7 +3,7 @@

 Name:           util-linux
 Version:        2.36.1
-Release:        4
+Release:        5
 Summary:        A random collection of Linux utilities
 License:        GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain
 URL:            https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git
@ -41,6 +41,7 @@ Patch2:         backport-libfdisk-make-fdisk_partname-more-robust.patch
 Patch3:         backport-libmount-fix-tab-parser-for-badly-terminated-lines.patch
 Patch4:         backport-libblkid-improve-debug-for-proc-partitions.patch
 Patch5:         backport-libblkid-use-sys-to-read-all-block-devices.patch
+Patch6000:      backport-CVE-2021-37600.patch

 Patch9000:	Add-check-to-resolve-uname26-version-test-failed.patch

@ -390,6 +391,12 @@ fi
 %{_mandir}/man8/{swapoff.8*,swapon.8*,switch_root.8*,umount.8*,wdctl.8.gz,wipefs.8*,zramctl.8*}

 %changelog
+* Tue Aug 10 2021 shixuantong<shixuantong@huawei.com> - 2.36.1-5
+- Type:CVE
+- ID:CVE-2021-37600
+- SUG:NA
+- DESC:fix CVE-2021-37600
+
 * Thu Jul 22 2021 shixuantong<shixuantong@huawei.com> - 2.36.1-4
 - Type:bugfix
 - ID:NA