diff --git a/backport-api-fix-seccomp_export_bpf_mem-out-of-bounds.patch b/backport-api-fix-seccomp_export_bpf_mem-out-of-bounds.patch new file mode 100644 index 0000000000000000000000000000000000000000..bf4a9a13464bdb33b17e1965fe83d41ff33fdda1 --- /dev/null +++ b/backport-api-fix-seccomp_export_bpf_mem-out-of-bounds.patch @@ -0,0 +1,33 @@ +From e8dbc6b555fb936bdfb8ab86f9a45fda96a8b7a2 Mon Sep 17 00:00:00 2001 +From: Alyssa Ross +Date: Thu, 13 Feb 2025 12:05:17 +0100 +Subject: [PATCH] api: fix seccomp_export_bpf_mem out-of-bounds read + +*len is the length of the destination buffer, but program->blks is +probably not anywhere near that long. It's already been checked above +that BPF_PGM_SIZE(program) is less than or equal to *len, so that's +the correct value to use here to avoid either reading or writing too +much. + +I noticed this because tests/11-basic-basic_errors started failing on +musl after e797591 ("all: add seccomp_precompute() functionality"). + +Signed-off-by: Alyssa Ross +Acked-by: Tom Hromatka +Signed-off-by: Paul Moore +--- + src/api.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/api.c b/src/api.c +index adccef32..65a277a4 100644 +--- a/src/api.c ++++ b/src/api.c +@@ -786,7 +786,7 @@ API int seccomp_export_bpf_mem(const scmp_filter_ctx ctx, void *buf, + if (BPF_PGM_SIZE(program) > *len) + rc = _rc_filter(-ERANGE); + else +- memcpy(buf, program->blks, *len); ++ memcpy(buf, program->blks, BPF_PGM_SIZE(program)); + } + *len = BPF_PGM_SIZE(program); diff --git a/libseccomp.spec b/libseccomp.spec index 0bcafb1c0e30d5d19d218c7d1c26f3ce04ebe03c..31395010707724030d0ad0936b347ffa39759b57 100644 --- a/libseccomp.spec +++ b/libseccomp.spec @@ -1,11 +1,13 @@ Name: libseccomp Version: 2.6.0 -Release: 1 +Release: 2 Summary: Interface to the syscall filtering mechanism License: LGPL-2.1-only URL: https://github.com/seccomp/libseccomp Source0: https://github.com/seccomp/libseccomp/releases/download/v%{version}/%{name}-%{version}.tar.gz +Patch1: backport-api-fix-seccomp_export_bpf_mem-out-of-bounds.patch + BuildRequires: gcc gperf %description @@ -62,6 +64,9 @@ developing applications that use %{name}. %{_mandir}/man*/* %changelog +* Mon Jul 21 2025 liuzhilin - 2.6.0-2 +- backport api: fix seccomp_export_bpf_mem out-of-bounds read + * Wed Jan 29 2025 Funda Wang - 2.6.0-1 - update to 2.6.0