From db43dfdfa8bc2b938582aef3d87e43594c13ee50 Mon Sep 17 00:00:00 2001 From: CoprDistGit Date: Wed, 9 Oct 2024 03:36:26 +0000 Subject: automatic import of glibc --- ...integer-overflow-in-__vsyslog_internal-CV.patch | 41 ++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 0003-syslog-Fix-integer-overflow-in-__vsyslog_internal-CV.patch (limited to '0003-syslog-Fix-integer-overflow-in-__vsyslog_internal-CV.patch') diff --git a/0003-syslog-Fix-integer-overflow-in-__vsyslog_internal-CV.patch b/0003-syslog-Fix-integer-overflow-in-__vsyslog_internal-CV.patch new file mode 100644 index 0000000..70ee520 --- /dev/null +++ b/0003-syslog-Fix-integer-overflow-in-__vsyslog_internal-CV.patch @@ -0,0 +1,41 @@ +From d37c2b20a4787463d192b32041c3406c2bd91de0 Mon Sep 17 00:00:00 2001 +From: Arjun Shankar +Date: Mon, 15 Jan 2024 17:44:45 +0100 +Subject: [PATCH 3/3] syslog: Fix integer overflow in __vsyslog_internal + (CVE-2023-6780) + +__vsyslog_internal calculated a buffer size by adding two integers, but +did not first check if the addition would overflow. This commit fixes +that. + +Reviewed-by: Carlos O'Donell +Tested-by: Carlos O'Donell +(cherry picked from commit ddf542da94caf97ff43cc2875c88749880b7259b) +--- + misc/syslog.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/misc/syslog.c b/misc/syslog.c +index 53440e47ad..4af87f54fd 100644 +--- a/misc/syslog.c ++++ b/misc/syslog.c +@@ -41,6 +41,7 @@ static char sccsid[] = "@(#)syslog.c 8.4 (Berkeley) 3/18/94"; + #include + #include + #include ++#include + + static int LogType = SOCK_DGRAM; /* type of socket connection */ + static int LogFile = -1; /* fd for log */ +@@ -219,7 +220,7 @@ __vsyslog_internal (int pri, const char *fmt, va_list ap, + vl = __vsnprintf_internal (pos, len, fmt, apc, mode_flags); + va_end (apc); + +- if (vl < 0) ++ if (vl < 0 || vl >= INT_MAX - l) + goto out; + + if (vl >= len) +-- +2.33.0 + -- cgit v1.2.3