From 5d7298550147c7365c294592cfa8e0fe6a30cd2d Mon Sep 17 00:00:00 2001 From: starlet-dx <15929766099@163.com> Date: Wed, 12 Apr 2023 16:20:17 +0800 Subject: [PATCH] Fix CVE-2022-44370 (cherry picked from commit a5eae9aa51c5c7643d66e128216739df714ffd27) --- CVE-2022-44370.patch | 94 ++++++++++++++++++++++++++++++++++++++++++++ nasm.spec | 7 +++- 2 files changed, 100 insertions(+), 1 deletion(-) create mode 100644 CVE-2022-44370.patch diff --git a/CVE-2022-44370.patch b/CVE-2022-44370.patch new file mode 100644 index 0000000..30aba0b --- /dev/null +++ b/CVE-2022-44370.patch @@ -0,0 +1,94 @@ +From 2d4e6952417ec6f08b6f135d2b5d0e19b7dae30d Mon Sep 17 00:00:00 2001 +From: "H. Peter Anvin" +Date: Mon, 7 Nov 2022 10:26:03 -0800 +Subject: [PATCH] quote_for_pmake: fix counter underrun resulting in segfault + +while (nbs--) { ... } ends with nbs == -1. Rather than a minimal fix, +introduce mempset() to make these kinds of errors less likely in the +future. + +Fixes: https://bugzilla.nasm.us/show_bug.cgi?id=3392815 +Reported-by: <13579and24680@gmail.com> +Signed-off-by: H. Peter Anvin +--- + asm/nasm.c | 12 +++++------- + configure.ac | 1 + + include/compiler.h | 7 +++++++ + 3 files changed, 13 insertions(+), 7 deletions(-) + +diff --git a/asm/nasm.c b/asm/nasm.c +index 6af927547..1e337c7ba 100644 +--- a/asm/nasm.c ++++ b/asm/nasm.c +@@ -1,6 +1,6 @@ + /* ----------------------------------------------------------------------- * + * +- * Copyright 1996-2020 The NASM Authors - All Rights Reserved ++ * Copyright 1996-2022 The NASM Authors - All Rights Reserved + * See the file AUTHORS included with the NASM distribution for + * the specific copyright holders. + * +@@ -817,8 +817,7 @@ static char *quote_for_pmake(const char *str) + } + + /* Convert N backslashes at the end of filename to 2N backslashes */ +- if (nbs) +- n += nbs; ++ n += nbs; + + os = q = nasm_malloc(n); + +@@ -827,10 +826,10 @@ static char *quote_for_pmake(const char *str) + switch (*p) { + case ' ': + case '\t': +- while (nbs--) +- *q++ = '\\'; ++ q = mempset(q, '\\', nbs); + *q++ = '\\'; + *q++ = *p; ++ nbs = 0; + break; + case '$': + *q++ = *p; +@@ -852,9 +851,8 @@ static char *quote_for_pmake(const char *str) + break; + } + } +- while (nbs--) +- *q++ = '\\'; + ++ q = mempset(q, '\\', nbs); + *q = '\0'; + + return os; +diff --git a/configure.ac b/configure.ac +index 04a9f648b..42cd19884 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -200,6 +200,7 @@ AC_CHECK_FUNCS(strrchrnul) + AC_CHECK_FUNCS(iscntrl) + AC_CHECK_FUNCS(isascii) + AC_CHECK_FUNCS(mempcpy) ++AC_CHECK_FUNCS(mempset) + + AC_CHECK_FUNCS(getuid) + AC_CHECK_FUNCS(getgid) +diff --git a/include/compiler.h b/include/compiler.h +index c5bac6e57..407c16093 100644 +--- a/include/compiler.h ++++ b/include/compiler.h +@@ -252,6 +252,13 @@ static inline void *mempcpy(void *dst, const void *src, size_t n) + } + #endif + ++#ifndef HAVE_MEMPSET ++static inline void *mempset(void *dst, int c, size_t n) ++{ ++ return (char *)memset(dst, c, n) + n; ++} ++#endif ++ + /* + * Hack to support external-linkage inline functions + */ diff --git a/nasm.spec b/nasm.spec index de6112e..54576dd 100644 --- a/nasm.spec +++ b/nasm.spec @@ -8,7 +8,7 @@ Name: nasm Version: 2.15.05 -Release: 4 +Release: 5 Summary: The Netwide Assembler, a portable x86 assembler with Intel-like syntax License: BSD URL: http://www.nasm.us @@ -17,6 +17,8 @@ Source1: http://www.nasm.us/pub/nasm/releasebuilds/%{version}/%{name}-%{version Patch6000: enable-make-check.patch Patch6001: fix-help-info-error.patch +# https://github.com/netwide-assembler/nasm/commit/2d4e6952417ec6f08b6f135d2b5d0e19b7dae30d +Patch6002: CVE-2022-44370.patch #https://bugzilla.nasm.us/attachment.cgi?id=411648 BuildRequires: perl(Env) autoconf asciidoc xmlto gcc make git @@ -89,6 +91,9 @@ make test %{_mandir}/man1/ld* %changelog +* Wed Apr 12 2023 yaoxin - 2.15.05-5 +- Fix CVE-2022-44370 + * Thu Jan 19 2023 yangchenguang - 2.15.05-4 - Fix help info error -- Gitee