import sysstat-12.5.4-5.el9

This commit is contained in:
CentOS Sources 2023-03-28 12:17:37 +00:00 committed by Stepan Oksanichenko
parent ba04cda618
commit 851abb5a28
3 changed files with 210 additions and 2 deletions

View File

@ -0,0 +1,85 @@
From 9c4eaf150662ad40607923389d4519bc83b93540 Mon Sep 17 00:00:00 2001
From: Sebastien <seb@fedora-2.home>
Date: Sat, 15 Oct 2022 14:24:22 +0200
Subject: [PATCH] Fix size_t overflow in sa_common.c (GHSL-2022-074)
allocate_structures function located in sa_common.c insufficiently
checks bounds before arithmetic multiplication allowing for an
overflow in the size allocated for the buffer representing system
activities.
This patch checks that the post-multiplied value is not greater than
UINT_MAX.
Signed-off-by: Sebastien <seb@fedora-2.home>
---
common.c | 25 +++++++++++++++++++++++++
common.h | 2 ++
sa_common.c | 6 ++++++
3 files changed, 33 insertions(+)
diff --git a/common.c b/common.c
index 81c77624..1a84b052 100644
--- a/common.c
+++ b/common.c
@@ -1655,4 +1655,29 @@ int parse_values(char *strargv, unsigned char bitmap[], int max_val, const char
return 0;
}
+
+/*
+ ***************************************************************************
+ * Check if the multiplication of the 3 values may be greater than UINT_MAX.
+ *
+ * IN:
+ * @val1 First value.
+ * @val2 Second value.
+ * @val3 Third value.
+ ***************************************************************************
+ */
+void check_overflow(size_t val1, size_t val2, size_t val3)
+{
+ if ((unsigned long long) val1 *
+ (unsigned long long) val2 *
+ (unsigned long long) val3 > UINT_MAX) {
+#ifdef DEBUG
+ fprintf(stderr, "%s: Overflow detected (%llu). Aborting...\n",
+ __FUNCTION__,
+ (unsigned long long) val1 * (unsigned long long) val2 * (unsigned long long) val3);
+#endif
+ exit(4);
+ }
+}
+
#endif /* SOURCE_SADC undefined */
diff --git a/common.h b/common.h
index 55b6657d..e8ab98ab 100644
--- a/common.h
+++ b/common.h
@@ -260,6 +260,8 @@ int check_dir
(char *);
#ifndef SOURCE_SADC
+void check_overflow
+ (size_t, size_t, size_t);
int count_bits
(void *, int);
int count_csvalues
diff --git a/sa_common.c b/sa_common.c
index 3699a840..b2cec4ad 100644
--- a/sa_common.c
+++ b/sa_common.c
@@ -459,7 +459,13 @@ void allocate_structures(struct activity *act[])
int i, j;
for (i = 0; i < NR_ACT; i++) {
+
if (act[i]->nr_ini > 0) {
+
+ /* Look for a possible overflow */
+ check_overflow((size_t) act[i]->msize, (size_t) act[i]->nr_ini,
+ (size_t) act[i]->nr2);
+
for (j = 0; j < 3; j++) {
SREALLOC(act[i]->buf[j], void,
(size_t) act[i]->msize * (size_t) act[i]->nr_ini * (size_t) act[i]->nr2);

View File

@ -0,0 +1,112 @@
From 398585bfe7b1340d41143f50dfc868ef8ab9a5e4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Zaoral?= <lzaoral@redhat.com>
Date: Tue, 21 Feb 2023 12:43:42 +0100
Subject: [PATCH] Tools that take --dec=X option should only accept digits
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Right now the argument of --dec is passed to atoi(3) which returns 0
on conversion error. Therefore, --dec=A was not rejected and was
equivalent to --dec=0 by mistake.
Signed-off-by: Lukáš Zaoral <lzaoral@redhat.com>
---
cifsiostat.c | 5 +++++
iostat.c | 5 +++++
mpstat.c | 5 +++++
pidstat.c | 5 +++++
sar.c | 6 ++++++
5 files changed, 26 insertions(+)
diff --git a/cifsiostat.c b/cifsiostat.c
index 375b1ff..849583b 100644
--- a/cifsiostat.c
+++ b/cifsiostat.c
@@ -522,6 +522,11 @@ int main(int argc, char **argv)
}
else if (!strncmp(argv[opt], "--dec=", 6) && (strlen(argv[opt]) == 7)) {
+ /* Check that the argument is a digit */
+ if (!isdigit(argv[opt][6])) {
+ usage(argv[0]);
+ }
+
/* Get number of decimal places */
dplaces_nr = atoi(argv[opt] + 6);
if ((dplaces_nr < 0) || (dplaces_nr > 2)) {
diff --git a/iostat.c b/iostat.c
index 1d7ea3c..7ac56ef 100644
--- a/iostat.c
+++ b/iostat.c
@@ -2142,6 +2142,11 @@ int main(int argc, char **argv)
#endif
else if (!strncmp(argv[opt], "--dec=", 6) && (strlen(argv[opt]) == 7)) {
+ /* Check that the argument is a digit */
+ if (!isdigit(argv[opt][6])) {
+ usage(argv[0]);
+ }
+
/* Get number of decimal places */
dplaces_nr = atoi(argv[opt] + 6);
if ((dplaces_nr < 0) || (dplaces_nr > 2)) {
diff --git a/mpstat.c b/mpstat.c
index 90d6226..5045e45 100644
--- a/mpstat.c
+++ b/mpstat.c
@@ -2221,6 +2221,11 @@ int main(int argc, char **argv)
while (++opt < argc) {
if (!strncmp(argv[opt], "--dec=", 6) && (strlen(argv[opt]) == 7)) {
+ /* Check that the argument is a digit */
+ if (!isdigit(argv[opt][6])) {
+ usage(argv[0]);
+ }
+
/* Get number of decimal places */
dplaces_nr = atoi(argv[opt] + 6);
if ((dplaces_nr < 0) || (dplaces_nr > 2)) {
diff --git a/pidstat.c b/pidstat.c
index 21fed6c..d550605 100644
--- a/pidstat.c
+++ b/pidstat.c
@@ -2633,6 +2633,11 @@ int main(int argc, char **argv)
}
else if (!strncmp(argv[opt], "--dec=", 6) && (strlen(argv[opt]) == 7)) {
+ /* Check that the argument is a digit */
+ if (!isdigit(argv[opt][6])) {
+ usage(argv[0]);
+ }
+
/* Get number of decimal places */
dplaces_nr = atoi(argv[opt] + 6);
if ((dplaces_nr < 0) || (dplaces_nr > 2)) {
diff --git a/sar.c b/sar.c
index 4f06172..7691793 100644
--- a/sar.c
+++ b/sar.c
@@ -28,6 +28,7 @@
#include <errno.h>
#include <signal.h>
#include <sys/stat.h>
+#include <ctype.h>
#include "version.h"
#include "sa.h"
@@ -1372,6 +1373,11 @@ int main(int argc, char **argv)
}
else if (!strncmp(argv[opt], "--dec=", 6) && (strlen(argv[opt]) == 7)) {
+ /* Check that the argument is a digit */
+ if (!isdigit(argv[opt][6])) {
+ usage(argv[0]);
+ }
+
/* Get number of decimal places */
dplaces_nr = atoi(argv[opt] + 6);
if ((dplaces_nr < 0) || (dplaces_nr > 2)) {
--
2.39.2

View File

@ -1,7 +1,7 @@
Summary: Collection of performance monitoring tools for Linux
Name: sysstat
Version: 12.5.4
Release: 3%{?dist}
Release: 5%{?dist}
License: GPLv2+
URL: http://sebastien.godard.pagesperso-orange.fr/
Source: https://github.com/sysstat/sysstat/archive/v%{version}.tar.gz
@ -10,6 +10,11 @@ Source: https://github.com/sysstat/sysstat/archive/v%{version}.tar.gz
Source1: colorsysstat.csh
Source2: colorsysstat.sh
# arithmetic overflow in allocate_structures() on 32 bit systems (CVE-2022-39377)
Patch1: sysstat-12.5.4-CVE-2022-39377.patch
# {cifsio,io,mp,pid}stat --dec and sar --dec report values from single alphabet other than defined (bz2080650)
Patch2: sysstat-12.5.4-bz2080650.patch
BuildRequires: make
BuildRequires: gcc, gettext, lm_sensors-devel, pcp-libs-devel, systemd, git
@ -86,7 +91,13 @@ fi
%{_localstatedir}/log/sa
%changelog
* Mon Feb 21 2021 Michal Sekletar <msekleta@redhat.com> 12.5.4-3
* Tue Feb 21 2023 Lukáš Zaoral <lzaoral@redhat.com> - 12.5.4-5
- Fix --dec argument validation (rhbz#2080650)
* Thu Nov 10 2022 Lukáš Zaoral <lzaoral@redhat.com> - 12.5.4-4
- arithmetic overflow in allocate_structures() on 32 bit systems (CVE-2022-39377)
* Mon Feb 21 2022 Michal Sekletar <msekleta@redhat.com> 12.5.4-3
- sysstat's buildsystem doesn't really use LDFLAGS, we have to merge CFLAGS and LDFLAGS to get binaries with full RELRO (#2044893)
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 12.5.4-2