[prev in list] [next in list] [prev in thread] [next in thread]
List: openembedded-core
Subject: [OE-core][dunfell 04/13] nasm: fix CVE-2022-44370
From: "Steve Sakoman" <steve () sakoman ! com>
Date: 2023-09-30 19:40:01
Message-ID: 91e716b75861f2a4acee58a0c3f95e511058f1dc.1696102675.git.steve () sakoman ! com
[Download RAW message or body]
Content-Transfer-Encoding: 8bit
From: Archana Polampalli <archana.polampalli@windriver.com>
NASM v2.16 was discovered to contain a heap buffer overflow in the
component quote_for_pmake() asm/nasm.c:856
References:
https://nvd.nist.gov/vuln/detail/CVE-2022-44370
Upstream patches:
https://github.com/netwide-assembler/nasm/commit/2d4e6952417ec6f08b6f135d2b5d0e19b7dae30d
( cherry picked from commit 1568df72136f46f0767bba56c10c48bf2a1ec259 )
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../nasm/nasm/CVE-2022-44370.patch | 104 ++++++++++++++++++
meta/recipes-devtools/nasm/nasm_2.15.03.bb | 1 +
2 files changed, 105 insertions(+)
create mode 100644 meta/recipes-devtools/nasm/nasm/CVE-2022-44370.patch
diff --git a/meta/recipes-devtools/nasm/nasm/CVE-2022-44370.patch \
b/meta/recipes-devtools/nasm/nasm/CVE-2022-44370.patch new file mode 100644
index 0000000000..1bd49c9fd9
--- /dev/null
+++ b/meta/recipes-devtools/nasm/nasm/CVE-2022-44370.patch
@@ -0,0 +1,104 @@
+From b37677f7e40276bd8f504584bcba2c092f1146a8 Mon Sep 17 00:00:00 2001
+From: "H. Peter Anvin" <hpa@zytor.com>
+Date: Mon, 7 Nov 2022 10:26:03 -0800
+Subject: [PATCH] quote_for_pmake: fix counter underrun resulting in segfault
+
+while (nbs--) { ... } ends with nbs == -1. Rather than a minimal fix,
+introduce mempset() to make these kinds of errors less likely in the
+future.
+
+Fixes: https://bugzilla.nasm.us/show_bug.cgi?id=3392815
+Reported-by: <13579and24680@gmail.com>
+Signed-off-by: H. Peter Anvin <hpa@zytor.com>
+
+Upstream-Status: Backport
+CVE: CVE-2022-4437
+
+Reference to upstream patch:
+[https://github.com/netwide-assembler/nasm/commit/2d4e6952417ec6f08b6f135d2b5d0e19b7dae30d]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ asm/nasm.c | 12 +++++-------
+ configure.ac | 1 +
+ include/compiler.h | 7 +++++++
+ 3 files changed, 13 insertions(+), 7 deletions(-)
+
+diff --git a/asm/nasm.c b/asm/nasm.c
+index 7a7f8b4..675cff4 100644
+--- a/asm/nasm.c
++++ b/asm/nasm.c
+@@ -1,6 +1,6 @@
+ /* ----------------------------------------------------------------------- *
+ *
+- * Copyright 1996-2020 The NASM Authors - All Rights Reserved
++ * Copyright 1996-2022 The NASM Authors - All Rights Reserved
+ * See the file AUTHORS included with the NASM distribution for
+ * the specific copyright holders.
+ *
+@@ -814,8 +814,7 @@ static char *quote_for_pmake(const char *str)
+ }
+
+ /* Convert N backslashes at the end of filename to 2N backslashes */
+- if (nbs)
+- n += nbs;
++ n += nbs;
+
+ os = q = nasm_malloc(n);
+
+@@ -824,10 +823,10 @@ static char *quote_for_pmake(const char *str)
+ switch (*p) {
+ case ' ':
+ case '\t':
+- while (nbs--)
+- *q++ = '\\';
++ q = mempset(q, '\\', nbs);
+ *q++ = '\\';
+ *q++ = *p;
++ nbs = 0;
+ break;
+ case '$':
+ *q++ = *p;
+@@ -849,9 +848,8 @@ static char *quote_for_pmake(const char *str)
+ break;
+ }
+ }
+- while (nbs--)
+- *q++ = '\\';
+
++ q = mempset(q, '\\', nbs);
+ *q = '\0';
+
+ return os;
+diff --git a/configure.ac b/configure.ac
+index 39680b1..940ebe2 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -199,6 +199,7 @@ AC_CHECK_FUNCS(strrchrnul)
+ AC_CHECK_FUNCS(iscntrl)
+ AC_CHECK_FUNCS(isascii)
+ AC_CHECK_FUNCS(mempcpy)
++AC_CHECK_FUNCS(mempset)
+
+ AC_CHECK_FUNCS(getuid)
+ AC_CHECK_FUNCS(getgid)
+diff --git a/include/compiler.h b/include/compiler.h
+index db3d6d6..b64da6a 100644
+--- a/include/compiler.h
++++ b/include/compiler.h
+@@ -256,6 +256,13 @@ static inline void *mempcpy(void *dst, const void *src, size_t \
n) + }
+ #endif
+
++#ifndef HAVE_MEMPSET
++static inline void *mempset(void *dst, int c, size_t n)
++{
++ return (char *)memset(dst, c, n) + n;
++}
++#endif
++
+ /*
+ * Hack to support external-linkage inline functions
+ */
+--
+2.40.0
diff --git a/meta/recipes-devtools/nasm/nasm_2.15.03.bb \
b/meta/recipes-devtools/nasm/nasm_2.15.03.bb index fc7046244a..6a8c57827d 100644
--- a/meta/recipes-devtools/nasm/nasm_2.15.03.bb
+++ b/meta/recipes-devtools/nasm/nasm_2.15.03.bb
@@ -8,6 +8,7 @@ LIC_FILES_CHKSUM = \
"file://LICENSE;md5=90904486f8fbf1861cf42752e1a39efe" SRC_URI = \
"http://www.nasm.us/pub/nasm/releasebuilds/${PV}/nasm-${PV}.tar.bz2 \ \
file://0001-stdlib-Add-strlcat.patch \ file://0002-Add-debug-prefix-map-option.patch \
\ + file://CVE-2022-44370.patch \
"
SRC_URI[sha256sum] = \
"04e7343d9bf112bffa9fda86f6c7c8b120c2ccd700b882e2db9f57484b1bd778"
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188469): https://lists.openembedded.org/g/openembedded-core/message/188469
Mute This Topic: https://lists.openembedded.org/mt/101681326/4454766
Group Owner: openembedded-core+owner@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [openembedded-core@marc.info]
-=-=-=-=-=-=-=-=-=-=-=-
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic