helium-3rd-party/meta-openembedded
1
0
Fork 0
mirror of git://git.openembedded.org/meta-openembedded synced 2026-04-02 02:49:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

klibc: patch CVE-2021-31873

Browse Source 
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-31873

Pick the patch mentioned by the nvd report.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
Gyorgy Sarvari 2025-10-27 15:15:51 +01:00
parent 23f84ad1b7
commit ed50ac3ff1
2 changed files with 44 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
meta-initramfs/recipes-devtools/klibc/files/CVE-2021-31873.patch Normal file
View File

@ -0,0 +1,43 @@
From 34f6170eca948ad221effc79db1f38c51e20329f Mon Sep 17 00:00:00 2001
From: Ben Hutchings <ben@decadent.org.uk>
Date: Wed, 28 Apr 2021 04:03:49 +0200
Subject: [PATCH] malloc: Fail if requested size > PTRDIFF_MAX
malloc() adds some overhead to the requested size, which may result in
an integer overflow and subsequent buffer overflow if it is close to
SIZE_MAX. It should fail if size is large enough for this to happen.
Further, it's not legal for a C object to be larger than
PTRDIFF_MAX (half of SIZE_MAX) as pointer arithmetic within it could
overflow. So return failure immediately if size is greater than that.
CVE-2021-31873
CVE: CVE-2021-31873
Upstream-Status: Backport [https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=a31ae8c508fc8d1bca4f57e9f9f88127572d5202]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---
usr/klibc/malloc.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/usr/klibc/malloc.c b/usr/klibc/malloc.c
index 413b733..14bfa63 100644
--- a/usr/klibc/malloc.c
+++ b/usr/klibc/malloc.c
@@ -146,6 +146,15 @@ void *malloc(size_t size)
if (size == 0)
return NULL;
+ /* Various additions below will overflow if size is close to
+ SIZE_MAX. Further, it's not legal for a C object to be
+ larger than PTRDIFF_MAX (half of SIZE_MAX) as pointer
+ arithmetic within it could overflow. */
+ if (size > PTRDIFF_MAX) {
+ errno = ENOMEM;
+ return NULL;
+ }
+
/* Add the obligatory arena header, and round up */
size = (size + 2 * sizeof(struct arena_header) - 1) & ARENA_SIZE_MASK;

1
meta-initramfs/recipes-devtools/klibc/klibc.inc
View File

@ -24,6 +24,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/libs/klibc/2.0/klibc-${PV}.tar.xz \
file://CVE-2021-31870.patch \ file://CVE-2021-31870.patch \
file://CVE-2021-31871.patch \ file://CVE-2021-31871.patch \
file://CVE-2021-31872.patch \ file://CVE-2021-31872.patch \
file://CVE-2021-31873.patch \
" "
ARMPATCHES ?= "" ARMPATCHES ?= ""