Compare commits
No commits in common. "c8" and "c8-beta" have entirely different histories.
@ -1,234 +0,0 @@
|
|||||||
From c9a11d35df4aecfcf22aef827bac6cd57def9d4e Mon Sep 17 00:00:00 2001
|
|
||||||
From: Sebastien GODARD <sysstat@users.noreply.github.com>
|
|
||||||
Date: Sun, 23 Oct 2022 16:22:28 +0200
|
|
||||||
Subject: [PATCH] Add more overflow checks
|
|
||||||
|
|
||||||
Signed-off-by: Sebastien GODARD <sysstat@users.noreply.github.com>
|
|
||||||
|
|
||||||
Cherry-picked-by: Lukáš Zaoral <lzaoral@redhat.com>
|
|
||||||
Upstream-commit: c9a11d35df4aecfcf22aef827bac6cd57def9d4e
|
|
||||||
---
|
|
||||||
diff --git a/common.c b/common.c
|
|
||||||
index 1a84b052..27249772 100644
|
|
||||||
--- a/common.c
|
|
||||||
+++ b/common.c
|
|
||||||
@@ -274,6 +274,28 @@ void sysstat_panic(const char *function, int error_code)
|
|
||||||
exit(1);
|
|
||||||
}
|
|
||||||
|
|
||||||
+/*
|
|
||||||
+ * **************************************************************************
|
|
||||||
+ * Check if the multiplication of the 3 values may be greater than UINT_MAX.
|
|
||||||
+ *
|
|
||||||
+ * IN:
|
|
||||||
+ * @val1 First value.
|
|
||||||
+ * @val2 Second value.
|
|
||||||
+ * @val3 Third value.
|
|
||||||
+ ***************************************************************************
|
|
||||||
+ */
|
|
||||||
+void check_overflow(unsigned long long val1, unsigned long long val2,
|
|
||||||
+ unsigned long long val3)
|
|
||||||
+{
|
|
||||||
+ if (val1 * val2 * val3 > UINT_MAX) {
|
|
||||||
+#ifdef DEBUG
|
|
||||||
+ fprintf(stderr, "%s: Overflow detected (%llu). Aborting...\n",
|
|
||||||
+ __FUNCTION__, val1 * val2 * val3);
|
|
||||||
+#endif
|
|
||||||
+ exit(4);
|
|
||||||
+ }
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
#ifndef SOURCE_SADC
|
|
||||||
/*
|
|
||||||
***************************************************************************
|
|
||||||
@@ -1656,28 +1677,4 @@ int parse_values(char *strargv, unsigned char bitmap[], int max_val, const char
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
-/*
|
|
||||||
- ***************************************************************************
|
|
||||||
- * Check if the multiplication of the 3 values may be greater than UINT_MAX.
|
|
||||||
- *
|
|
||||||
- * IN:
|
|
||||||
- * @val1 First value.
|
|
||||||
- * @val2 Second value.
|
|
||||||
- * @val3 Third value.
|
|
||||||
- ***************************************************************************
|
|
||||||
- */
|
|
||||||
-void check_overflow(size_t val1, size_t val2, size_t val3)
|
|
||||||
-{
|
|
||||||
- if ((unsigned long long) val1 *
|
|
||||||
- (unsigned long long) val2 *
|
|
||||||
- (unsigned long long) val3 > UINT_MAX) {
|
|
||||||
-#ifdef DEBUG
|
|
||||||
- fprintf(stderr, "%s: Overflow detected (%llu). Aborting...\n",
|
|
||||||
- __FUNCTION__,
|
|
||||||
- (unsigned long long) val1 * (unsigned long long) val2 * (unsigned long long) val3);
|
|
||||||
-#endif
|
|
||||||
- exit(4);
|
|
||||||
- }
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
#endif /* SOURCE_SADC undefined */
|
|
||||||
diff --git a/common.h b/common.h
|
|
||||||
index e8ab98ab..715b2da2 100644
|
|
||||||
--- a/common.h
|
|
||||||
+++ b/common.h
|
|
||||||
@@ -241,10 +241,10 @@ int is_device
|
|
||||||
(char *, int);
|
|
||||||
void sysstat_panic
|
|
||||||
(const char *, int);
|
|
||||||
+void check_overflow
|
|
||||||
+ (unsigned long long, unsigned long long, unsigned long long);
|
|
||||||
|
|
||||||
#ifndef SOURCE_SADC
|
|
||||||
-void check_overflow
|
|
||||||
- (size_t, size_t, size_t);
|
|
||||||
int count_bits
|
|
||||||
(void *, int);
|
|
||||||
int count_csvalues
|
|
||||||
diff --git a/sa_common.c b/sa_common.c
|
|
||||||
index b2cec4ad..3460257a 100644
|
|
||||||
--- a/sa_common.c
|
|
||||||
+++ b/sa_common.c
|
|
||||||
@@ -463,8 +463,9 @@ void allocate_structures(struct activity *act[])
|
|
||||||
if (act[i]->nr_ini > 0) {
|
|
||||||
|
|
||||||
/* Look for a possible overflow */
|
|
||||||
- check_overflow((size_t) act[i]->msize, (size_t) act[i]->nr_ini,
|
|
||||||
- (size_t) act[i]->nr2);
|
|
||||||
+ check_overflow((unsigned long long) act[i]->msize,
|
|
||||||
+ (unsigned long long) act[i]->nr_ini,
|
|
||||||
+ (unsigned long long) act[i]->nr2);
|
|
||||||
|
|
||||||
for (j = 0; j < 3; j++) {
|
|
||||||
SREALLOC(act[i]->buf[j], void,
|
|
||||||
@@ -529,6 +530,10 @@ void reallocate_all_buffers(struct activity *a, __nr_t nr_min)
|
|
||||||
while (nr_realloc < nr_min);
|
|
||||||
}
|
|
||||||
|
|
||||||
+ /* Look for a possible overflow */
|
|
||||||
+ check_overflow((unsigned long long) a->msize, nr_realloc,
|
|
||||||
+ (unsigned long long) a->nr2);
|
|
||||||
+
|
|
||||||
for (j = 0; j < 3; j++) {
|
|
||||||
SREALLOC(a->buf[j], void,
|
|
||||||
(size_t) a->msize * nr_realloc * (size_t) a->nr2);
|
|
||||||
diff --git a/sadc.c b/sadc.c
|
|
||||||
index 3458d089..123bf8e0 100644
|
|
||||||
--- a/sadc.c
|
|
||||||
+++ b/sadc.c
|
|
||||||
@@ -360,6 +360,12 @@ void sa_sys_init(void)
|
|
||||||
}
|
|
||||||
|
|
||||||
if (IS_COLLECTED(act[i]->options) && (act[i]->nr_ini > 0)) {
|
|
||||||
+
|
|
||||||
+ /* Look for a possible overflow */
|
|
||||||
+ check_overflow((unsigned long long) act[i]->msize,
|
|
||||||
+ (unsigned long long) act[i]->nr_ini,
|
|
||||||
+ (unsigned long long) act[i]->nr2);
|
|
||||||
+
|
|
||||||
/* Allocate structures for current activity (using nr_ini and nr2 results) */
|
|
||||||
SREALLOC(act[i]->_buf0, void,
|
|
||||||
(size_t) act[i]->msize * (size_t) act[i]->nr_ini * (size_t) act[i]->nr2);
|
|
||||||
--
|
|
||||||
2.45.0
|
|
||||||
|
|
||||||
From 44f1dc159242c1e434a3b836cda49f084c5a96cc Mon Sep 17 00:00:00 2001
|
|
||||||
From: Sebastien GODARD <sysstat@users.noreply.github.com>
|
|
||||||
Date: Sun, 6 Nov 2022 15:48:16 +0100
|
|
||||||
Subject: [PATCH] Make sure values to be compared are unsigned integers
|
|
||||||
|
|
||||||
It seems safer to make sure that input values are unsigned int before
|
|
||||||
casting them to unsigned long long and making the comparison.
|
|
||||||
|
|
||||||
Signed-off-by: Sebastien GODARD <sysstat@users.noreply.github.com>
|
|
||||||
|
|
||||||
Cherry-picked-by: Lukáš Zaoral <lzaoral@redhat.com>
|
|
||||||
Upstream-commit: 44f1dc159242c1e434a3b836cda49f084c5a96cc
|
|
||||||
---
|
|
||||||
diff --git a/common.c b/common.c
|
|
||||||
index 27249772..3b7fdcd5 100644
|
|
||||||
--- a/common.c
|
|
||||||
+++ b/common.c
|
|
||||||
@@ -425,13 +425,15 @@ int check_dir(char *dirname)
|
|
||||||
* @val3 Third value.
|
|
||||||
***************************************************************************
|
|
||||||
*/
|
|
||||||
-void check_overflow(unsigned long long val1, unsigned long long val2,
|
|
||||||
- unsigned long long val3)
|
|
||||||
+void check_overflow(unsigned int val1, unsigned int val2,
|
|
||||||
+ unsigned int val3)
|
|
||||||
{
|
|
||||||
- if (val1 * val2 * val3 > UINT_MAX) {
|
|
||||||
+ if ((unsigned long long) val1 * (unsigned long long) val2 *
|
|
||||||
+ (unsigned long long) val3 > UINT_MAX) {
|
|
||||||
#ifdef DEBUG
|
|
||||||
fprintf(stderr, "%s: Overflow detected (%llu). Aborting...\n",
|
|
||||||
- __FUNCTION__, val1 * val2 * val3);
|
|
||||||
+ __FUNCTION__, (unsigned long long) val1 * (unsigned long long) val2 *
|
|
||||||
+ (unsigned long long) val3);
|
|
||||||
#endif
|
|
||||||
exit(4);
|
|
||||||
}
|
|
||||||
diff --git a/common.h b/common.h
|
|
||||||
index 715b2da2..fc8a1a0d 100644
|
|
||||||
--- a/common.h
|
|
||||||
+++ b/common.h
|
|
||||||
@@ -241,7 +241,7 @@ int is_device
|
|
||||||
void sysstat_panic
|
|
||||||
(const char *, int);
|
|
||||||
void check_overflow
|
|
||||||
- (unsigned long long, unsigned long long, unsigned long long);
|
|
||||||
+ (unsigned int, unsigned int, unsigned int);
|
|
||||||
|
|
||||||
#ifndef SOURCE_SADC
|
|
||||||
int count_bits
|
|
||||||
diff --git a/sa_common.c b/sa_common.c
|
|
||||||
index 3460257a..0ca8b039 100644
|
|
||||||
--- a/sa_common.c
|
|
||||||
+++ b/sa_common.c
|
|
||||||
@@ -463,9 +463,9 @@ void allocate_structures(struct activity *act[])
|
|
||||||
if (act[i]->nr_ini > 0) {
|
|
||||||
|
|
||||||
/* Look for a possible overflow */
|
|
||||||
- check_overflow((unsigned long long) act[i]->msize,
|
|
||||||
- (unsigned long long) act[i]->nr_ini,
|
|
||||||
- (unsigned long long) act[i]->nr2);
|
|
||||||
+ check_overflow((unsigned int) act[i]->msize,
|
|
||||||
+ (unsigned int) act[i]->nr_ini,
|
|
||||||
+ (unsigned int) act[i]->nr2);
|
|
||||||
|
|
||||||
for (j = 0; j < 3; j++) {
|
|
||||||
SREALLOC(act[i]->buf[j], void,
|
|
||||||
@@ -531,8 +531,8 @@ void reallocate_all_buffers(struct activity *a, __nr_t nr_min)
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Look for a possible overflow */
|
|
||||||
- check_overflow((unsigned long long) a->msize, nr_realloc,
|
|
||||||
- (unsigned long long) a->nr2);
|
|
||||||
+ check_overflow((unsigned int) a->msize, (unsigned int) nr_realloc,
|
|
||||||
+ (unsigned int) a->nr2);
|
|
||||||
|
|
||||||
for (j = 0; j < 3; j++) {
|
|
||||||
SREALLOC(a->buf[j], void,
|
|
||||||
diff --git a/sadc.c b/sadc.c
|
|
||||||
index 123bf8e0..40a1e15b 100644
|
|
||||||
--- a/sadc.c
|
|
||||||
+++ b/sadc.c
|
|
||||||
@@ -362,9 +362,9 @@ void sa_sys_init(void)
|
|
||||||
if (IS_COLLECTED(act[i]->options) && (act[i]->nr_ini > 0)) {
|
|
||||||
|
|
||||||
/* Look for a possible overflow */
|
|
||||||
- check_overflow((unsigned long long) act[i]->msize,
|
|
||||||
- (unsigned long long) act[i]->nr_ini,
|
|
||||||
- (unsigned long long) act[i]->nr2);
|
|
||||||
+ check_overflow((unsigned int) act[i]->msize,
|
|
||||||
+ (unsigned int) act[i]->nr_ini,
|
|
||||||
+ (unsigned int) act[i]->nr2);
|
|
||||||
|
|
||||||
/* Allocate structures for current activity (using nr_ini and nr2 results) */
|
|
||||||
SREALLOC(act[i]->_buf0, void,
|
|
||||||
--
|
|
||||||
2.45.0
|
|
||||||
|
|
@ -1,38 +1,23 @@
|
|||||||
commit 6f8dc568e6ab072bb8205b732f04e685bf9237c0
|
From 954ff2e2673cef48f0ed44668c466eab041db387 Mon Sep 17 00:00:00 2001
|
||||||
Merge: c43167cc 954ff2e2
|
From: Pavel Kopylov <pkopylov@cloudlinux.com>
|
||||||
Author: Sebastien GODARD <sysstat@users.noreply.github.com>
|
Date: Wed, 17 May 2023 11:33:45 +0200
|
||||||
Date: Wed May 17 21:10:31 2023 +0200
|
Subject: [PATCH] Fix an overflow which is still possible for some values.
|
||||||
|
|
||||||
Merge branch 'pkopylov-master'
|
|
||||||
|
|
||||||
Signed-off-by: Sebastien GODARD <sysstat@users.noreply.github.com>
|
|
||||||
|
|
||||||
diff --git a/common.c b/common.c
|
diff --git a/common.c b/common.c
|
||||||
index 48493b5f..0efe7ee3 100644
|
index 583a0ca..6d73b1b 100644
|
||||||
--- a/common.c
|
--- a/common.c
|
||||||
+++ b/common.c
|
+++ b/common.c
|
||||||
@@ -431,15 +431,17 @@ int check_dir(char *dirname)
|
@@ -1639,9 +1639,11 @@ int parse_values(char *strargv, unsigned char bitmap[], int max_val, const char
|
||||||
void check_overflow(unsigned int val1, unsigned int val2,
|
*/
|
||||||
unsigned int val3)
|
void check_overflow(size_t val1, size_t val2, size_t val3)
|
||||||
{
|
{
|
||||||
- if ((unsigned long long) val1 * (unsigned long long) val2 *
|
- if ((unsigned long long) val1 *
|
||||||
|
- (unsigned long long) val2 *
|
||||||
- (unsigned long long) val3 > UINT_MAX) {
|
- (unsigned long long) val3 > UINT_MAX) {
|
||||||
+ if ((val1 != 0) && (val2 != 0) && (val3 != 0) &&
|
+if ((val1 != 0) && (val2 != 0) && (val3 != 0) &&
|
||||||
+ (((unsigned long long) UINT_MAX / (unsigned long long) val1 <
|
+ (((unsigned long long)UINT_MAX / (unsigned long long)val1 <
|
||||||
+ (unsigned long long) val2) ||
|
+ (unsigned long long)val2) ||
|
||||||
+ ((unsigned long long) UINT_MAX / ((unsigned long long) val1 * (unsigned long long) val2) <
|
+ ((unsigned long long)UINT_MAX / ((unsigned long long)val1 *
|
||||||
+ (unsigned long long) val3))) {
|
+ (unsigned long long)val2) < (unsigned long long)val3))) {
|
||||||
#ifdef DEBUG
|
#ifdef DEBUG
|
||||||
- fprintf(stderr, "%s: Overflow detected (%llu). Aborting...\n",
|
fprintf(stderr, "%s: Overflow detected (%llu). Aborting...\n",
|
||||||
- __FUNCTION__, (unsigned long long) val1 * (unsigned long long) val2 *
|
__FUNCTION__,
|
||||||
- (unsigned long long) val3);
|
|
||||||
+ fprintf(stderr, "%s: Overflow detected (%u,%u,%u). Aborting...\n",
|
|
||||||
+ __FUNCTION__, val1, val2, val3);
|
|
||||||
#endif
|
|
||||||
- exit(4);
|
|
||||||
- }
|
|
||||||
+ exit(4);
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
|
|
||||||
#ifndef SOURCE_SADC
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
Summary: Collection of performance monitoring tools for Linux
|
Summary: Collection of performance monitoring tools for Linux
|
||||||
Name: sysstat
|
Name: sysstat
|
||||||
Version: 11.7.3
|
Version: 11.7.3
|
||||||
Release: 13%{?dist}
|
Release: 12%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: Applications/System
|
Group: Applications/System
|
||||||
URL: http://sebastien.godard.pagesperso-orange.fr/
|
URL: http://sebastien.godard.pagesperso-orange.fr/
|
||||||
@ -20,14 +20,8 @@ Patch05: 0001-sar-Fix-typo-in-manual-page.patch
|
|||||||
Patch06: CVE-2022-39377-arithmetic-overflow-in-allocate-structures-on-32-bit-systems.patch
|
Patch06: CVE-2022-39377-arithmetic-overflow-in-allocate-structures-on-32-bit-systems.patch
|
||||||
Patch07: 0001-sadc-Add-a-f-flag-to-force-fdatasync-use.patch
|
Patch07: 0001-sadc-Add-a-f-flag-to-force-fdatasync-use.patch
|
||||||
Patch08: 0001-mpstat-incorrect-cpu-usage-iowait.patch
|
Patch08: 0001-mpstat-incorrect-cpu-usage-iowait.patch
|
||||||
Patch09: 0001-sa1-fix-sar-error-when-the-directory-var-log-sa-was-.patch
|
Patch09: CVE-2023-33204.patch
|
||||||
|
Patch10: 0001-sa1-fix-sar-error-when-the-directory-var-log-sa-was-.patch
|
||||||
# https://github.com/sysstat/sysstat/commit/c9a11d35df4aecfcf22aef827bac6cd57def9d4e
|
|
||||||
# https://github.com/sysstat/sysstat/commit/44f1dc159242c1e434a3b836cda49f084c5a96cc
|
|
||||||
Patch10: 0001-Add-more-overflow-checks.patch
|
|
||||||
# https://github.com/sysstat/sysstat/commit/6f8dc568e6ab072bb8205b732f04e685bf9237c0
|
|
||||||
Patch11: CVE-2023-33204.patch
|
|
||||||
|
|
||||||
BuildRequires: gettext, lm_sensors-devel, systemd
|
BuildRequires: gettext, lm_sensors-devel, systemd
|
||||||
|
|
||||||
Requires: findutils, xz
|
Requires: findutils, xz
|
||||||
@ -65,7 +59,6 @@ The cifsiostat command reports I/O statistics for CIFS file systems.
|
|||||||
%patch08 -p1
|
%patch08 -p1
|
||||||
%patch09 -p1
|
%patch09 -p1
|
||||||
%patch10 -p1
|
%patch10 -p1
|
||||||
%patch11 -p1
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
export CFLAGS="$RPM_OPT_FLAGS -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld"
|
export CFLAGS="$RPM_OPT_FLAGS -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld"
|
||||||
@ -114,14 +107,10 @@ fi
|
|||||||
%{_localstatedir}/log/sa
|
%{_localstatedir}/log/sa
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Tue May 07 2024 Lukáš Zaoral <lzaoral@redhat.com> - 11.7.3-13
|
|
||||||
- fix memory allocation errors with malformed sa files (RHEL-35511)
|
|
||||||
- reorder patches to prevent errors during their application
|
|
||||||
|
|
||||||
* Wed Dec 13 2023 Lukáš Zaoral <lzaoral@redhat.com> - 11.7.3-12
|
* Wed Dec 13 2023 Lukáš Zaoral <lzaoral@redhat.com> - 11.7.3-12
|
||||||
- fix sar error when the directory /var/log/sa was removed (RHEL-19301)
|
- fix sar error when the directory /var/log/sa was removed (RHEL-19301)
|
||||||
|
|
||||||
* Fri Jul 07 2023 Pavel Šimovec <psimovec@redhat.com> - 11.7.3-11
|
* Fri Jul 07 2023 psimovec <psimovec@redhat.com> - 11.7.3-11
|
||||||
- fix the arithmetic overflow in allocate_structures() that is still possible on some 32 bit systems (CVE-2023-33204)
|
- fix the arithmetic overflow in allocate_structures() that is still possible on some 32 bit systems (CVE-2023-33204)
|
||||||
|
|
||||||
* Thu Mar 16 2023 Lukáš Zaoral <lzaoral@redhat.com> - 11.7.3-10
|
* Thu Mar 16 2023 Lukáš Zaoral <lzaoral@redhat.com> - 11.7.3-10
|
||||||
|
Loading…
Reference in New Issue
Block a user