Fix: cve-2021-43618

Resolves: CVE-2021-43618
This commit is contained in:
Jakub Martisko 2024-01-29 19:14:14 +01:00
parent ac11ff049a
commit 477aaeab66
2 changed files with 30 additions and 0 deletions

25
cve-2021-43618.patch Normal file
View File

@ -0,0 +1,25 @@
# HG changeset patch
# User Marco Bodrato <bodrato@mail.dm.unipi.it>
# Date 1634836009 -7200
# Node ID 561a9c25298e17bb01896801ff353546c6923dbd
# Parent e1fd9db13b475209a864577237ea4b9105b3e96e
mpz/inp_raw.c: Avoid bit size overflows
diff -r e1fd9db13b47 -r 561a9c25298e mpz/inp_raw.c
--- a/mpz/inp_raw.c Tue Dec 22 23:49:51 2020 +0100
+++ b/mpz/inp_raw.c Thu Oct 21 19:06:49 2021 +0200
@@ -88,8 +88,11 @@
abs_csize = ABS (csize);
+ if (UNLIKELY (abs_csize > ~(mp_bitcnt_t) 0 / 8))
+ return 0; /* Bit size overflows */
+
/* round up to a multiple of limbs */
- abs_xsize = BITS_TO_LIMBS (abs_csize*8);
+ abs_xsize = BITS_TO_LIMBS ((mp_bitcnt_t) abs_csize * 8);
if (abs_xsize != 0)
{

View File

@ -15,6 +15,7 @@ Source2: gmp.h
Source3: gmp-mparam.h
Patch2: gmp-6.0.0-debuginfo.patch
Patch3: gmp-fcf-protection.patch
Patch4: cve-2021-43618.patch
License: LGPLv3+ or GPLv2+
Group: System Environment/Libraries
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@ -200,6 +201,10 @@ exit 0
%{_libdir}/libgmpxx.a
%changelog
* Mon Jan 29 2024 Jakub Martisko <jamartis@redhat.com> - 1:6.1.2-11
- Fix: CVE-2021-43618
Resolves: CVE-2021-43618
* Fri Jun 14 2019 Jakub Martisko <jamartis@redhat.com> - 1:6.1.2-10
- Add gating.yaml
Related: #1681026