From 5dd19148d8863cb4ae42a064ee8afe4464e5cd90 Mon Sep 17 00:00:00 2001 From: Pavel Simovec Date: Tue, 11 Jul 2023 11:07:06 +0200 Subject: [PATCH] fix the arithmetic overflow in allocate_structures() that is still possible on some 32 bit systems (CVE-2023-33204) Resolves: CVE-2023-33204 --- CVE-2023-33204.patch | 23 +++++++++++++++++++++++ sysstat.spec | 8 ++++++-- 2 files changed, 29 insertions(+), 2 deletions(-) create mode 100644 CVE-2023-33204.patch diff --git a/CVE-2023-33204.patch b/CVE-2023-33204.patch new file mode 100644 index 0000000..c5afb4e --- /dev/null +++ b/CVE-2023-33204.patch @@ -0,0 +1,23 @@ +From 954ff2e2673cef48f0ed44668c466eab041db387 Mon Sep 17 00:00:00 2001 +From: Pavel Kopylov +Date: Wed, 17 May 2023 11:33:45 +0200 +Subject: [PATCH] Fix an overflow which is still possible for some values. +diff --git a/common.c b/common.c +index 583a0ca..6d73b1b 100644 +--- a/common.c ++++ b/common.c +@@ -1639,9 +1639,11 @@ int parse_values(char *strargv, unsigned char bitmap[], int max_val, const char + */ + void check_overflow(size_t val1, size_t val2, size_t val3) + { +- if ((unsigned long long) val1 * +- (unsigned long long) val2 * +- (unsigned long long) val3 > UINT_MAX) { ++if ((val1 != 0) && (val2 != 0) && (val3 != 0) && ++ (((unsigned long long)UINT_MAX / (unsigned long long)val1 < ++ (unsigned long long)val2) || ++ ((unsigned long long)UINT_MAX / ((unsigned long long)val1 * ++ (unsigned long long)val2) < (unsigned long long)val3))) { + #ifdef DEBUG + fprintf(stderr, "%s: Overflow detected (%llu). Aborting...\n", + __FUNCTION__, diff --git a/sysstat.spec b/sysstat.spec index f997e68..e2c9299 100644 --- a/sysstat.spec +++ b/sysstat.spec @@ -1,7 +1,7 @@ Summary: Collection of performance monitoring tools for Linux Name: sysstat Version: 11.7.3 -Release: 10%{?dist} +Release: 11%{?dist} License: GPLv2+ Group: Applications/System URL: http://sebastien.godard.pagesperso-orange.fr/ @@ -20,7 +20,7 @@ Patch05: 0001-sar-Fix-typo-in-manual-page.patch Patch06: CVE-2022-39377-arithmetic-overflow-in-allocate-structures-on-32-bit-systems.patch Patch07: 0001-sadc-Add-a-f-flag-to-force-fdatasync-use.patch Patch08: 0001-mpstat-incorrect-cpu-usage-iowait.patch - +Patch09: CVE-2023-33204.patch BuildRequires: gettext, lm_sensors-devel, systemd Requires: findutils, xz @@ -56,6 +56,7 @@ The cifsiostat command reports I/O statistics for CIFS file systems. %patch06 -p1 %patch07 -p1 %patch08 -p1 +%patch09 -p1 %build export CFLAGS="$RPM_OPT_FLAGS -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld" @@ -104,6 +105,9 @@ fi %{_localstatedir}/log/sa %changelog +* Fri Jul 07 2023 psimovec - 11.7.3-11 +- fix the arithmetic overflow in allocate_structures() that is still possible on some 32 bit systems (CVE-2023-33204) + * Thu Mar 16 2023 Lukáš Zaoral - 11.7.3-10 - Fix incorrect CPU usage on ALL CPU field for iowait in mpstat (#2178863)