Fix CVE-2023-2602
- Correctly check pthread_create() return value to avoid memory leak (CVE-2023-2602) Resolves: rhbz#2210644 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
This commit is contained in:
Anderson Toshiyuki Sasaki
parent
ab6da53ab5
commit
53ec0bda91
36
libcap-cve-2023-2602.patch
Normal file
36
libcap-cve-2023-2602.patch
Normal file
@ -0,0 +1,36 @@
|
||||
commit bc6b36682f188020ee4770fae1d41bde5b2c97bb
|
||||
Author: Andrew G. Morgan <morgan@kernel.org>
|
||||
Date: Wed May 3 19:18:36 2023 -0700
|
||||
|
||||
Correct the check of pthread_create()'s return value.
|
||||
|
||||
This function returns a positive number (errno) on error, so the code
|
||||
wasn't previously freeing some memory in this situation.
|
||||
|
||||
Discussion:
|
||||
|
||||
https://stackoverflow.com/a/3581020/14760867
|
||||
|
||||
Credit for finding this bug in libpsx goes to David Gstir of
|
||||
X41 D-Sec GmbH (https://x41-dsec.de/) who performed a security
|
||||
audit of the libcap source code in April of 2023. The audit
|
||||
was sponsored by the Open Source Technology Improvement Fund
|
||||
(https://ostif.org/).
|
||||
|
||||
Audit ref: LCAP-CR-23-01 (CVE-2023-2602)
|
||||
|
||||
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
||||
|
||||
diff --git a/psx/psx.c b/psx/psx.c
|
||||
index d9c0485..65eb2aa 100644
|
||||
--- a/psx/psx.c
|
||||
+++ b/psx/psx.c
|
||||
@@ -516,7 +516,7 @@ int __wrap_pthread_create(pthread_t *thread, const pthread_attr_t *attr,
|
||||
pthread_sigmask(SIG_BLOCK, &sigbit, NULL);
|
||||
|
||||
int ret = __real_pthread_create(thread, attr, _psx_start_fn, starter);
|
||||
- if (ret == -1) {
|
||||
+ if (ret > 0) {
|
||||
psx_new_state(_PSX_CREATE, _PSX_IDLE);
|
||||
memset(starter, 0, sizeof(*starter));
|
||||
free(starter);
|
||||
@ -14,6 +14,7 @@ Patch3: %{name}-fix-ambient-caps.patch
|
||||
Patch4: %{name}-fix-prctl-usage.patch
|
||||
Patch5: %{name}-check-allocation.patch
|
||||
Patch6: %{name}-cve-2023-2603.patch
|
||||
Patch7: %{name}-cve-2023-2602.patch
|
||||
|
||||
BuildRequires: libattr-devel pam-devel perl-interpreter
|
||||
BuildRequires: make
|
||||
@ -95,6 +96,8 @@ chmod +x %{buildroot}/%{_libdir}/*.so.*
|
||||
* Mon Jun 26 2023 Anderson Toshiyuki Sasaki <ansasaki@redhat.com> - 2.48-5
|
||||
- Fix integer overflow in _libcap_strdup() (CVE-2023-2603)
|
||||
Resolves: rhbz#2210637
|
||||
- Correctly check pthread_create() return value to avoid memory leak (CVE-2023-2602)
|
||||
Resolves: rhbz#2210644
|
||||
|
||||
* Tue May 17 2022 Anderson Toshiyuki Sasaki <ansasaki@redhat.com> - 2.48-4
|
||||
- check for successful memory allocation
|
||||
|
||||
Loading…
Reference in New Issue
Block a user