From: Simone Weiß Date: Sat, 2 Mar 2024 19:09:56 +0000 (+0000) Subject: coreutils: backport patch to fix heap overflow in split X-Git-Tag: 2024-04-scarthgap~266 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=64c502850147e82c93b5fc7f45a8c76a9ad414d8;p=thirdparty%2Fopenembedded%2Fopenembedded-core.git coreutils: backport patch to fix heap overflow in split Backported from upstream to fix CVE-2024-0684 Signed-off-by: Simone Weiß Signed-off-by: Richard Purdie --- diff --git a/meta/recipes-core/coreutils/coreutils/CVE-2024-0684.patch b/meta/recipes-core/coreutils/coreutils/CVE-2024-0684.patch new file mode 100644 index 00000000000..0c68e2dce05 --- /dev/null +++ b/meta/recipes-core/coreutils/coreutils/CVE-2024-0684.patch @@ -0,0 +1,39 @@ +From c4c5ed8f4e9cd55a12966d4f520e3a13101637d9 Mon Sep 17 00:00:00 2001 +From: Paul Eggert +Date: Tue, 16 Jan 2024 13:48:32 -0800 +Subject: [PATCH 1/1] split: do not shrink hold buffer +MIME-Version: 1.0 +Content-Type: text/plain; charset=utf8 +Content-Transfer-Encoding: 8bit + +* src/split.c (line_bytes_split): Do not shrink hold buffer. +If it’s large for this batch it’s likely to be large for the next +batch, and for ‘split’ it’s not worth the complexity/CPU hassle to +shrink it. Do not assume hold_size can be bufsize. + +CVE: CVE-2024-0684 +Upstream-Status: Backport [https://github.com/coreutils/coreutils/commit/c4c5ed8f4e9cd55a12966d4f520e3a13101637d9] +Signed-off-by: Simone Weiß +--- + src/split.c | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/src/split.c b/src/split.c +index 64020c859..037960a59 100644 +--- a/src/split.c ++++ b/src/split.c +@@ -809,10 +809,7 @@ line_bytes_split (intmax_t n_bytes, char *buf, idx_t bufsize) + { + cwrite (n_out == 0, hold, n_hold); + n_out += n_hold; +- if (n_hold > bufsize) +- hold = xirealloc (hold, bufsize); + n_hold = 0; +- hold_size = bufsize; + } + + /* Output to eol if present. */ +-- +2.11.4.GIT + + diff --git a/meta/recipes-core/coreutils/coreutils_9.4.bb b/meta/recipes-core/coreutils/coreutils_9.4.bb index a79cabd3d29..fc51adcd5b1 100644 --- a/meta/recipes-core/coreutils/coreutils_9.4.bb +++ b/meta/recipes-core/coreutils/coreutils_9.4.bb @@ -17,6 +17,7 @@ SRC_URI = "${GNU_MIRROR}/coreutils/${BP}.tar.xz \ file://remove-usr-local-lib-from-m4.patch \ file://0001-local.mk-fix-cross-compiling-problem.patch \ file://0001-posixtm-pacify-clang-18.patch \ + file://CVE-2024-0684.patch \ file://run-ptest \ " SRC_URI[sha256sum] = "ea613a4cf44612326e917201bbbcdfbd301de21ffc3b59b6e5c07e040b275e52"