From c718e1069aa505f3eedf4d76e6699fe58aeed6e1 Mon Sep 17 00:00:00 2001 From: Funda Wang Date: Fri, 26 May 2023 18:15:36 +0800 Subject: [PATCH] Fix CVE-2023-33204 --- 6f8dc568e6ab072bb8205b732f04e685bf9237c0.diff | 29 +++++++++++++++++++ sysstat.spec | 12 +++++--- 2 files changed, 37 insertions(+), 4 deletions(-) create mode 100644 6f8dc568e6ab072bb8205b732f04e685bf9237c0.diff diff --git a/6f8dc568e6ab072bb8205b732f04e685bf9237c0.diff b/6f8dc568e6ab072bb8205b732f04e685bf9237c0.diff new file mode 100644 index 0000000..5de2de6 --- /dev/null +++ b/6f8dc568e6ab072bb8205b732f04e685bf9237c0.diff @@ -0,0 +1,29 @@ +diff --git a/common.c b/common.c +index 48493b5f..0efe7ee3 100644 +--- a/common.c ++++ b/common.c +@@ -431,15 +431,17 @@ int check_dir(char *dirname) + void check_overflow(unsigned int val1, unsigned int val2, + unsigned int val3) + { +- if ((unsigned long long) val1 * (unsigned long long) val2 * +- (unsigned long long) val3 > UINT_MAX) { ++ if ((val1 != 0) && (val2 != 0) && (val3 != 0) && ++ (((unsigned long long) UINT_MAX / (unsigned long long) val1 < ++ (unsigned long long) val2) || ++ ((unsigned long long) UINT_MAX / ((unsigned long long) val1 * (unsigned long long) val2) < ++ (unsigned long long) val3))) { + #ifdef DEBUG +- fprintf(stderr, "%s: Overflow detected (%llu). Aborting...\n", +- __FUNCTION__, (unsigned long long) val1 * (unsigned long long) val2 * +- (unsigned long long) val3); ++ fprintf(stderr, "%s: Overflow detected (%u,%u,%u). Aborting...\n", ++ __FUNCTION__, val1, val2, val3); + #endif +- exit(4); +- } ++ exit(4); ++ } + } + + #ifndef SOURCE_SADC diff --git a/sysstat.spec b/sysstat.spec index 108fde1..4b64b74 100644 --- a/sysstat.spec +++ b/sysstat.spec @@ -1,4 +1,4 @@ -%define anolis_release 1 +%define anolis_release 2 Summary: Collection of performance monitoring tools for Linux Name: sysstat Version: 12.7.2 @@ -6,13 +6,14 @@ Release: %{anolis_release}%{?dist} License: GPLv2+ URL: http://sebastien.godard.pagesperso-orange.fr/ Source: https://github.com/sysstat/sysstat/archive/v%{version}.tar.gz +Patch0: https://github.com/sysstat/sysstat/commit/6f8dc568e6ab072bb8205b732f04e685bf9237c0.diff # Use colors in sysstat output Source1: colorsysstat.csh Source2: colorsysstat.sh BuildRequires: make -BuildRequires: gcc, gettext, lm_sensors-devel, systemd, git +BuildRequires: gcc, gettext, lm_sensors-devel, systemd Requires: findutils, xz @@ -45,7 +46,7 @@ BuildArch: noarch Doc files for sysstat %prep -%autosetup -S git_am +%autosetup -p1 %build %configure \ @@ -57,7 +58,7 @@ Doc files for sysstat sadc_options='-S DISK' \ history=28 \ compressafter=31 -make %{?_smp_mflags} +%make_build %install %make_install @@ -107,6 +108,9 @@ fi %doc CHANGES FAQ.md README.md %{name}-%{version}.lsm CREDITS %changelog +* Fri May 26 2023 Funda Wang - 12.7.3-2 +- Fix CVE-2023-33204 + * Tue Jan 31 2023 Jing Zhang - 12.7.2-1 - update to 12.7.2 -- Gitee