From 3d9a4cacd5f051134f190afcab2c71b3286cf9e5 Mon Sep 17 00:00:00 2001 From: Chen Qi Date: Mon, 25 Nov 2024 23:55:34 -0800 Subject: [PATCH] coreutils: fix CVE-2024-0684 Backport patch with tweaks for the current version to fix CVE-2024-0684. Signed-off-by: Chen Qi Signed-off-by: Steve Sakoman --- ...0001-split-do-not-shrink-hold-buffer.patch | 42 +++++++++++++++++++ meta/recipes-core/coreutils/coreutils_9.0.bb | 1 + 2 files changed, 43 insertions(+) create mode 100644 meta/recipes-core/coreutils/coreutils/0001-split-do-not-shrink-hold-buffer.patch diff --git a/meta/recipes-core/coreutils/coreutils/0001-split-do-not-shrink-hold-buffer.patch b/meta/recipes-core/coreutils/coreutils/0001-split-do-not-shrink-hold-buffer.patch new file mode 100644 index 00000000000..3eab65dcf17 --- /dev/null +++ b/meta/recipes-core/coreutils/coreutils/0001-split-do-not-shrink-hold-buffer.patch @@ -0,0 +1,42 @@ +From 80dca40bbb36b7b1630bb5a43d62b3ff21b4e064 Mon Sep 17 00:00:00 2001 +From: Chen Qi +Date: Mon, 25 Nov 2024 23:43:49 -0800 +Subject: [PATCH] split: do not shrink hold buffer +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +* src/split.c (line_bytes_split): Do not shrink hold buffer. +If it’s large for this batch it’s likely to be large for the next +batch, and for ‘split’ it’s not worth the complexity/CPU hassle to +shrink it. Do not assume hold_size can be bufsize. + +CVE: CVE-2024-0684 + +Upstream-Status: Backport [c4c5ed8f4e9cd55a12966d4f520e3a13101637d9] + +The original patch is tweaked to fit the current version. + +Signed-off-by: Chen Qi +--- + src/split.c | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/src/split.c b/src/split.c +index 4b1b144..e44e867 100644 +--- a/src/split.c ++++ b/src/split.c +@@ -785,10 +785,7 @@ line_bytes_split (uintmax_t n_bytes, char *buf, size_t bufsize) + { + cwrite (n_out == 0, hold, n_hold); + n_out += n_hold; +- if (n_hold > bufsize) +- hold = xrealloc (hold, bufsize); + n_hold = 0; +- hold_size = bufsize; + } + + /* Output to eol if present. */ +-- +2.25.1 + diff --git a/meta/recipes-core/coreutils/coreutils_9.0.bb b/meta/recipes-core/coreutils/coreutils_9.0.bb index 8a2fbeca321..1cce9192ecf 100644 --- a/meta/recipes-core/coreutils/coreutils_9.0.bb +++ b/meta/recipes-core/coreutils/coreutils_9.0.bb @@ -20,6 +20,7 @@ SRC_URI = "${GNU_MIRROR}/coreutils/${BP}.tar.xz \ file://0001-local.mk-fix-cross-compiling-problem.patch \ file://e8b56ebd536e82b15542a00c888109471936bfda.patch \ file://run-ptest \ + file://0001-split-do-not-shrink-hold-buffer.patch \ " SRC_URI[sha256sum] = "ce30acdf4a41bc5bb30dd955e9eaa75fa216b4e3deb08889ed32433c7b3b97ce" -- 2.47.3