Fix: Integer overflow and resultant buffer overflow via crafted input
Resolves: CVE-2021-43618
This commit is contained in:
parent
5dc243739b
commit
2d52bc522d
25
cve-2021-43618.patch
Normal file
25
cve-2021-43618.patch
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
|
||||||
|
# HG changeset patch
|
||||||
|
# User Marco Bodrato <bodrato@mail.dm.unipi.it>
|
||||||
|
# Date 1634836009 -7200
|
||||||
|
# Node ID 561a9c25298e17bb01896801ff353546c6923dbd
|
||||||
|
# Parent e1fd9db13b475209a864577237ea4b9105b3e96e
|
||||||
|
mpz/inp_raw.c: Avoid bit size overflows
|
||||||
|
|
||||||
|
diff -r e1fd9db13b47 -r 561a9c25298e mpz/inp_raw.c
|
||||||
|
--- a/mpz/inp_raw.c Tue Dec 22 23:49:51 2020 +0100
|
||||||
|
+++ b/mpz/inp_raw.c Thu Oct 21 19:06:49 2021 +0200
|
||||||
|
@@ -88,8 +88,11 @@
|
||||||
|
|
||||||
|
abs_csize = ABS (csize);
|
||||||
|
|
||||||
|
+ if (UNLIKELY (abs_csize > ~(mp_bitcnt_t) 0 / 8))
|
||||||
|
+ return 0; /* Bit size overflows */
|
||||||
|
+
|
||||||
|
/* round up to a multiple of limbs */
|
||||||
|
- abs_xsize = BITS_TO_LIMBS (abs_csize*8);
|
||||||
|
+ abs_xsize = BITS_TO_LIMBS ((mp_bitcnt_t) abs_csize * 8);
|
||||||
|
|
||||||
|
if (abs_xsize != 0)
|
||||||
|
{
|
||||||
|
|
7
gmp.spec
7
gmp.spec
@ -6,7 +6,7 @@
|
|||||||
Summary: A GNU arbitrary precision library
|
Summary: A GNU arbitrary precision library
|
||||||
Name: gmp
|
Name: gmp
|
||||||
Version: 6.2.0
|
Version: 6.2.0
|
||||||
Release: 10%{?dist}
|
Release: 11%{?dist}
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
URL: http://gmplib.org/
|
URL: http://gmplib.org/
|
||||||
Source0: ftp://ftp.gmplib.org/pub/gmp-%{version}/gmp-%{version}.tar.bz2
|
Source0: ftp://ftp.gmplib.org/pub/gmp-%{version}/gmp-%{version}.tar.bz2
|
||||||
@ -15,6 +15,7 @@ Source2: gmp.h
|
|||||||
Source3: gmp-mparam.h
|
Source3: gmp-mparam.h
|
||||||
Patch2: gmp-6.0.0-debuginfo.patch
|
Patch2: gmp-6.0.0-debuginfo.patch
|
||||||
Patch3: gmp-intel-cet.patch
|
Patch3: gmp-intel-cet.patch
|
||||||
|
Patch4: cve-2021-43618.patch
|
||||||
License: LGPLv3+ or GPLv2+
|
License: LGPLv3+ or GPLv2+
|
||||||
BuildRequires: autoconf automake libtool
|
BuildRequires: autoconf automake libtool
|
||||||
BuildRequires: gcc
|
BuildRequires: gcc
|
||||||
@ -182,6 +183,10 @@ export LD_LIBRARY_PATH=`pwd`/.libs
|
|||||||
%{_libdir}/libgmpxx.a
|
%{_libdir}/libgmpxx.a
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Jun 06 2023 Jakub Martisko <jamartis@redhat.com> - 1:6.2.0-11
|
||||||
|
Fix: Integer overflow and resultant buffer overflow via crafted input
|
||||||
|
Resolves: CVE-2021-43618
|
||||||
|
|
||||||
* Fri Aug 27 2021 Jakub Martisko <jamartis@redhat.com> - 1:6.2.0-10
|
* Fri Aug 27 2021 Jakub Martisko <jamartis@redhat.com> - 1:6.2.0-10
|
||||||
- Add the support for intel CET
|
- Add the support for intel CET
|
||||||
Resolves: rhbz#1977890
|
Resolves: rhbz#1977890
|
||||||
|
Loading…
Reference in New Issue
Block a user