CVE-2023-4016: ps: possible buffer overflow
Resolves: rhbz#2228503
This commit is contained in:
parent
7a1d1e4fa1
commit
17a3c7437e
60
procps-ng-3.3.15-cve-2023-4016.patch
Normal file
60
procps-ng-3.3.15-cve-2023-4016.patch
Normal file
@ -0,0 +1,60 @@
|
|||||||
|
diff --git a/ps/parser.c b/ps/parser.c
|
||||||
|
index 4263a1f..b33f319 100644
|
||||||
|
--- a/ps/parser.c
|
||||||
|
+++ b/ps/parser.c
|
||||||
|
@@ -31,7 +31,7 @@
|
||||||
|
#include <sys/stat.h>
|
||||||
|
#include <sys/types.h>
|
||||||
|
|
||||||
|
-#include "../proc/alloc.h"
|
||||||
|
+#include "xalloc.h"
|
||||||
|
|
||||||
|
#include "common.h"
|
||||||
|
#include "c.h"
|
||||||
|
@@ -184,8 +184,8 @@ static const char *parse_list(const char *arg, const char *(*parse_fn)(char *, s
|
||||||
|
const char *err; /* error code that could or did happen */
|
||||||
|
/*** prepare to operate ***/
|
||||||
|
node = malloc(sizeof(selection_node));
|
||||||
|
- node->u = malloc(strlen(arg)*sizeof(sel_union)); /* waste is insignificant */
|
||||||
|
node->n = 0;
|
||||||
|
+ node->u = NULL;
|
||||||
|
buf = strdup(arg);
|
||||||
|
/*** sanity check and count items ***/
|
||||||
|
need_item = 1; /* true */
|
||||||
|
@@ -199,12 +199,13 @@ static const char *parse_list(const char *arg, const char *(*parse_fn)(char *, s
|
||||||
|
need_item=1;
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
- if(need_item) items++;
|
||||||
|
+ if(need_item && items<INT_MAX) items++;
|
||||||
|
need_item=0;
|
||||||
|
}
|
||||||
|
} while (*++walk);
|
||||||
|
if(need_item) goto parse_error;
|
||||||
|
node->n = items;
|
||||||
|
+ node->u = xcalloc(items, sizeof(sel_union));
|
||||||
|
/*** actually parse the list ***/
|
||||||
|
walk = buf;
|
||||||
|
while(items--){
|
||||||
|
@@ -1031,15 +1032,15 @@ static const char *parse_trailing_pids(void){
|
||||||
|
thisarg = ps_argc - 1; /* we must be at the end now */
|
||||||
|
|
||||||
|
pidnode = malloc(sizeof(selection_node));
|
||||||
|
- pidnode->u = malloc(i*sizeof(sel_union)); /* waste is insignificant */
|
||||||
|
+ pidnode->u = xcalloc(i, sizeof(sel_union)); /* waste is insignificant */
|
||||||
|
pidnode->n = 0;
|
||||||
|
|
||||||
|
grpnode = malloc(sizeof(selection_node));
|
||||||
|
- grpnode->u = malloc(i*sizeof(sel_union)); /* waste is insignificant */
|
||||||
|
+ grpnode->u = xcalloc(i, sizeof(sel_union)); /* waste is insignificant */
|
||||||
|
grpnode->n = 0;
|
||||||
|
|
||||||
|
sidnode = malloc(sizeof(selection_node));
|
||||||
|
- sidnode->u = malloc(i*sizeof(sel_union)); /* waste is insignificant */
|
||||||
|
+ sidnode->u = xcalloc(i, sizeof(sel_union)); /* waste is insignificant */
|
||||||
|
sidnode->n = 0;
|
||||||
|
|
||||||
|
while(i--){
|
||||||
|
--
|
||||||
|
2.40.1
|
||||||
|
|
@ -4,7 +4,7 @@
|
|||||||
Summary: System and process monitoring utilities
|
Summary: System and process monitoring utilities
|
||||||
Name: procps-ng
|
Name: procps-ng
|
||||||
Version: 3.3.15
|
Version: 3.3.15
|
||||||
Release: 13%{?dist}
|
Release: 14%{?dist}
|
||||||
License: GPL+ and GPLv2 and GPLv2+ and GPLv3+ and LGPLv2+
|
License: GPL+ and GPLv2 and GPLv2+ and GPLv3+ and LGPLv2+
|
||||||
Group: Applications/System
|
Group: Applications/System
|
||||||
URL: https://sourceforge.net/projects/procps-ng/
|
URL: https://sourceforge.net/projects/procps-ng/
|
||||||
@ -28,6 +28,7 @@ Patch9: procps-ng-3.3.15-pgrep-uid-gid-overflow.patch
|
|||||||
Patch10: procps-ng-3.3.15-display-sig-unsafe.patch
|
Patch10: procps-ng-3.3.15-display-sig-unsafe.patch
|
||||||
Patch11: procps-ng-3.3.15-ps-select.patch
|
Patch11: procps-ng-3.3.15-ps-select.patch
|
||||||
Patch12: procps-ng-3.3.15-ps-out-of-bonds-read.patch
|
Patch12: procps-ng-3.3.15-ps-out-of-bonds-read.patch
|
||||||
|
Patch13: procps-ng-3.3.15-cve-2023-4016.patch
|
||||||
|
|
||||||
BuildRequires: ncurses-devel
|
BuildRequires: ncurses-devel
|
||||||
BuildRequires: libtool
|
BuildRequires: libtool
|
||||||
@ -170,6 +171,10 @@ ln -s %{_bindir}/pidof %{buildroot}%{_sbindir}/pidof
|
|||||||
%files i18n -f %{name}.lang
|
%files i18n -f %{name}.lang
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Aug 15 2023 Jan Rybar <jrybar@redhat.com> - 3.3.15-14
|
||||||
|
- CVE-2023-4016: ps: possible buffer overflow
|
||||||
|
- Resolves: rhbz#2228503
|
||||||
|
|
||||||
* Tue Jan 17 2023 Jan Rybar <jrybar@redhat.com> - 3.3.15-13
|
* Tue Jan 17 2023 Jan Rybar <jrybar@redhat.com> - 3.3.15-13
|
||||||
- version bump requested to create -devel subpkg for CRB inclusion
|
- version bump requested to create -devel subpkg for CRB inclusion
|
||||||
- Resolves: rhbz#2164781
|
- Resolves: rhbz#2164781
|
||||||
|
Loading…
Reference in New Issue
Block a user