import sysstat-12.5.4-5.el9
This commit is contained in:
parent
b6f3a69acd
commit
84e6cdd8c3
85
SOURCES/sysstat-12.5.4-CVE-2022-39377.patch
Normal file
85
SOURCES/sysstat-12.5.4-CVE-2022-39377.patch
Normal file
@ -0,0 +1,85 @@
|
||||
From 9c4eaf150662ad40607923389d4519bc83b93540 Mon Sep 17 00:00:00 2001
|
||||
From: Sebastien <seb@fedora-2.home>
|
||||
Date: Sat, 15 Oct 2022 14:24:22 +0200
|
||||
Subject: [PATCH] Fix size_t overflow in sa_common.c (GHSL-2022-074)
|
||||
|
||||
allocate_structures function located in sa_common.c insufficiently
|
||||
checks bounds before arithmetic multiplication allowing for an
|
||||
overflow in the size allocated for the buffer representing system
|
||||
activities.
|
||||
|
||||
This patch checks that the post-multiplied value is not greater than
|
||||
UINT_MAX.
|
||||
|
||||
Signed-off-by: Sebastien <seb@fedora-2.home>
|
||||
---
|
||||
common.c | 25 +++++++++++++++++++++++++
|
||||
common.h | 2 ++
|
||||
sa_common.c | 6 ++++++
|
||||
3 files changed, 33 insertions(+)
|
||||
|
||||
diff --git a/common.c b/common.c
|
||||
index 81c77624..1a84b052 100644
|
||||
--- a/common.c
|
||||
+++ b/common.c
|
||||
@@ -1655,4 +1655,29 @@ int parse_values(char *strargv, unsigned char bitmap[], int max_val, const char
|
||||
|
||||
return 0;
|
||||
}
|
||||
+
|
||||
+/*
|
||||
+ ***************************************************************************
|
||||
+ * Check if the multiplication of the 3 values may be greater than UINT_MAX.
|
||||
+ *
|
||||
+ * IN:
|
||||
+ * @val1 First value.
|
||||
+ * @val2 Second value.
|
||||
+ * @val3 Third value.
|
||||
+ ***************************************************************************
|
||||
+ */
|
||||
+void check_overflow(size_t val1, size_t val2, size_t val3)
|
||||
+{
|
||||
+ if ((unsigned long long) val1 *
|
||||
+ (unsigned long long) val2 *
|
||||
+ (unsigned long long) val3 > UINT_MAX) {
|
||||
+#ifdef DEBUG
|
||||
+ fprintf(stderr, "%s: Overflow detected (%llu). Aborting...\n",
|
||||
+ __FUNCTION__,
|
||||
+ (unsigned long long) val1 * (unsigned long long) val2 * (unsigned long long) val3);
|
||||
+#endif
|
||||
+ exit(4);
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
#endif /* SOURCE_SADC undefined */
|
||||
diff --git a/common.h b/common.h
|
||||
index 55b6657d..e8ab98ab 100644
|
||||
--- a/common.h
|
||||
+++ b/common.h
|
||||
@@ -260,6 +260,8 @@ int check_dir
|
||||
(char *);
|
||||
|
||||
#ifndef SOURCE_SADC
|
||||
+void check_overflow
|
||||
+ (size_t, size_t, size_t);
|
||||
int count_bits
|
||||
(void *, int);
|
||||
int count_csvalues
|
||||
diff --git a/sa_common.c b/sa_common.c
|
||||
index 3699a840..b2cec4ad 100644
|
||||
--- a/sa_common.c
|
||||
+++ b/sa_common.c
|
||||
@@ -459,7 +459,13 @@ void allocate_structures(struct activity *act[])
|
||||
int i, j;
|
||||
|
||||
for (i = 0; i < NR_ACT; i++) {
|
||||
+
|
||||
if (act[i]->nr_ini > 0) {
|
||||
+
|
||||
+ /* Look for a possible overflow */
|
||||
+ check_overflow((size_t) act[i]->msize, (size_t) act[i]->nr_ini,
|
||||
+ (size_t) act[i]->nr2);
|
||||
+
|
||||
for (j = 0; j < 3; j++) {
|
||||
SREALLOC(act[i]->buf[j], void,
|
||||
(size_t) act[i]->msize * (size_t) act[i]->nr_ini * (size_t) act[i]->nr2);
|
112
SOURCES/sysstat-12.5.4-bz2080650.patch
Normal file
112
SOURCES/sysstat-12.5.4-bz2080650.patch
Normal file
@ -0,0 +1,112 @@
|
||||
From 398585bfe7b1340d41143f50dfc868ef8ab9a5e4 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Zaoral?= <lzaoral@redhat.com>
|
||||
Date: Tue, 21 Feb 2023 12:43:42 +0100
|
||||
Subject: [PATCH] Tools that take --dec=X option should only accept digits
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Right now the argument of --dec is passed to atoi(3) which returns 0
|
||||
on conversion error. Therefore, --dec=A was not rejected and was
|
||||
equivalent to --dec=0 by mistake.
|
||||
|
||||
Signed-off-by: Lukáš Zaoral <lzaoral@redhat.com>
|
||||
---
|
||||
cifsiostat.c | 5 +++++
|
||||
iostat.c | 5 +++++
|
||||
mpstat.c | 5 +++++
|
||||
pidstat.c | 5 +++++
|
||||
sar.c | 6 ++++++
|
||||
5 files changed, 26 insertions(+)
|
||||
|
||||
diff --git a/cifsiostat.c b/cifsiostat.c
|
||||
index 375b1ff..849583b 100644
|
||||
--- a/cifsiostat.c
|
||||
+++ b/cifsiostat.c
|
||||
@@ -522,6 +522,11 @@ int main(int argc, char **argv)
|
||||
}
|
||||
|
||||
else if (!strncmp(argv[opt], "--dec=", 6) && (strlen(argv[opt]) == 7)) {
|
||||
+ /* Check that the argument is a digit */
|
||||
+ if (!isdigit(argv[opt][6])) {
|
||||
+ usage(argv[0]);
|
||||
+ }
|
||||
+
|
||||
/* Get number of decimal places */
|
||||
dplaces_nr = atoi(argv[opt] + 6);
|
||||
if ((dplaces_nr < 0) || (dplaces_nr > 2)) {
|
||||
diff --git a/iostat.c b/iostat.c
|
||||
index 1d7ea3c..7ac56ef 100644
|
||||
--- a/iostat.c
|
||||
+++ b/iostat.c
|
||||
@@ -2142,6 +2142,11 @@ int main(int argc, char **argv)
|
||||
#endif
|
||||
|
||||
else if (!strncmp(argv[opt], "--dec=", 6) && (strlen(argv[opt]) == 7)) {
|
||||
+ /* Check that the argument is a digit */
|
||||
+ if (!isdigit(argv[opt][6])) {
|
||||
+ usage(argv[0]);
|
||||
+ }
|
||||
+
|
||||
/* Get number of decimal places */
|
||||
dplaces_nr = atoi(argv[opt] + 6);
|
||||
if ((dplaces_nr < 0) || (dplaces_nr > 2)) {
|
||||
diff --git a/mpstat.c b/mpstat.c
|
||||
index 90d6226..5045e45 100644
|
||||
--- a/mpstat.c
|
||||
+++ b/mpstat.c
|
||||
@@ -2221,6 +2221,11 @@ int main(int argc, char **argv)
|
||||
while (++opt < argc) {
|
||||
|
||||
if (!strncmp(argv[opt], "--dec=", 6) && (strlen(argv[opt]) == 7)) {
|
||||
+ /* Check that the argument is a digit */
|
||||
+ if (!isdigit(argv[opt][6])) {
|
||||
+ usage(argv[0]);
|
||||
+ }
|
||||
+
|
||||
/* Get number of decimal places */
|
||||
dplaces_nr = atoi(argv[opt] + 6);
|
||||
if ((dplaces_nr < 0) || (dplaces_nr > 2)) {
|
||||
diff --git a/pidstat.c b/pidstat.c
|
||||
index 21fed6c..d550605 100644
|
||||
--- a/pidstat.c
|
||||
+++ b/pidstat.c
|
||||
@@ -2633,6 +2633,11 @@ int main(int argc, char **argv)
|
||||
}
|
||||
|
||||
else if (!strncmp(argv[opt], "--dec=", 6) && (strlen(argv[opt]) == 7)) {
|
||||
+ /* Check that the argument is a digit */
|
||||
+ if (!isdigit(argv[opt][6])) {
|
||||
+ usage(argv[0]);
|
||||
+ }
|
||||
+
|
||||
/* Get number of decimal places */
|
||||
dplaces_nr = atoi(argv[opt] + 6);
|
||||
if ((dplaces_nr < 0) || (dplaces_nr > 2)) {
|
||||
diff --git a/sar.c b/sar.c
|
||||
index 4f06172..7691793 100644
|
||||
--- a/sar.c
|
||||
+++ b/sar.c
|
||||
@@ -28,6 +28,7 @@
|
||||
#include <errno.h>
|
||||
#include <signal.h>
|
||||
#include <sys/stat.h>
|
||||
+#include <ctype.h>
|
||||
|
||||
#include "version.h"
|
||||
#include "sa.h"
|
||||
@@ -1372,6 +1373,11 @@ int main(int argc, char **argv)
|
||||
}
|
||||
|
||||
else if (!strncmp(argv[opt], "--dec=", 6) && (strlen(argv[opt]) == 7)) {
|
||||
+ /* Check that the argument is a digit */
|
||||
+ if (!isdigit(argv[opt][6])) {
|
||||
+ usage(argv[0]);
|
||||
+ }
|
||||
+
|
||||
/* Get number of decimal places */
|
||||
dplaces_nr = atoi(argv[opt] + 6);
|
||||
if ((dplaces_nr < 0) || (dplaces_nr > 2)) {
|
||||
--
|
||||
2.39.2
|
||||
|
@ -1,7 +1,7 @@
|
||||
Summary: Collection of performance monitoring tools for Linux
|
||||
Name: sysstat
|
||||
Version: 12.5.4
|
||||
Release: 3%{?dist}
|
||||
Release: 5%{?dist}
|
||||
License: GPLv2+
|
||||
URL: http://sebastien.godard.pagesperso-orange.fr/
|
||||
Source: https://github.com/sysstat/sysstat/archive/v%{version}.tar.gz
|
||||
@ -10,6 +10,11 @@ Source: https://github.com/sysstat/sysstat/archive/v%{version}.tar.gz
|
||||
Source1: colorsysstat.csh
|
||||
Source2: colorsysstat.sh
|
||||
|
||||
# arithmetic overflow in allocate_structures() on 32 bit systems (CVE-2022-39377)
|
||||
Patch1: sysstat-12.5.4-CVE-2022-39377.patch
|
||||
# {cifsio,io,mp,pid}stat --dec and sar --dec report values from single alphabet other than defined (bz2080650)
|
||||
Patch2: sysstat-12.5.4-bz2080650.patch
|
||||
|
||||
BuildRequires: make
|
||||
BuildRequires: gcc, gettext, lm_sensors-devel, pcp-libs-devel, systemd, git
|
||||
|
||||
@ -86,7 +91,13 @@ fi
|
||||
%{_localstatedir}/log/sa
|
||||
|
||||
%changelog
|
||||
* Mon Feb 21 2021 Michal Sekletar <msekleta@redhat.com> 12.5.4-3
|
||||
* Tue Feb 21 2023 Lukáš Zaoral <lzaoral@redhat.com> - 12.5.4-5
|
||||
- Fix --dec argument validation (rhbz#2080650)
|
||||
|
||||
* Thu Nov 10 2022 Lukáš Zaoral <lzaoral@redhat.com> - 12.5.4-4
|
||||
- arithmetic overflow in allocate_structures() on 32 bit systems (CVE-2022-39377)
|
||||
|
||||
* Mon Feb 21 2022 Michal Sekletar <msekleta@redhat.com> 12.5.4-3
|
||||
- sysstat's buildsystem doesn't really use LDFLAGS, we have to merge CFLAGS and LDFLAGS to get binaries with full RELRO (#2044893)
|
||||
|
||||
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 12.5.4-2
|
||||
|
Loading…
Reference in New Issue
Block a user