From a6c693af0980161a721b2e4c3312927c89d5bdbd Mon Sep 17 00:00:00 2001 From: zhouwenpei Date: Mon, 29 May 2023 12:53:49 +0000 Subject: [PATCH] add missing patch (cherry picked from commit c641d529927d6ea307c71418d70c4bd1ae90de9b) --- backport-0001-CVE-2023-33204.patch | 143 ++++++++++++++++++ backport-0002-CVE-2023-33204.patch | 104 +++++++++++++ ...atch => backport-0003-CVE-2023-33204.patch | 30 ++-- sysstat.spec | 9 +- 4 files changed, 270 insertions(+), 16 deletions(-) create mode 100644 backport-0001-CVE-2023-33204.patch create mode 100644 backport-0002-CVE-2023-33204.patch rename backport-CVE-2023-33204.patch => backport-0003-CVE-2023-33204.patch (64%) diff --git a/backport-0001-CVE-2023-33204.patch b/backport-0001-CVE-2023-33204.patch new file mode 100644 index 0000000..6ceb235 --- /dev/null +++ b/backport-0001-CVE-2023-33204.patch @@ -0,0 +1,143 @@ +From c9a11d35df4aecfcf22aef827bac6cd57def9d4e Mon Sep 17 00:00:00 2001 +From: Sebastien GODARD +Date: Sun, 23 Oct 2022 16:22:28 +0200 +Subject: [PATCH] Add more overflow checks + +Signed-off-by: Sebastien GODARD + +Reference:https://github.com/sysstat/sysstat/commit/c9a11d35df4aecfcf22aef827bac6cd57def9d4e +Conflict:NA + +--- + common.c | 46 ++++++++++++++++++++++------------------------ + common.h | 4 ++-- + sa_common.c | 9 +++++++-- + sadc.c | 6 ++++++ + 4 files changed, 37 insertions(+), 28 deletions(-) + +diff --git a/common.c b/common.c +index 28d475e..5ecd7ff 100644 +--- a/common.c ++++ b/common.c +@@ -410,6 +410,28 @@ int get_wwnid_from_pretty(char *pretty, unsigned long long *wwn, unsigned int *p + return rc; + } + ++/* ++ * ************************************************************************** ++ * Check if the multiplication of the 3 values may be greater than UINT_MAX. ++ * ++ * IN: ++ * @val1 First value. ++ * @val2 Second value. ++ * @val3 Third value. ++ *************************************************************************** ++ */ ++void check_overflow(unsigned long long val1, unsigned long long val2, ++ unsigned long long val3) ++{ ++ if (val1 * val2 * val3 > UINT_MAX) { ++#ifdef DEBUG ++ fprintf(stderr, "%s: Overflow detected (%llu). Aborting...\n", ++ __FUNCTION__, val1 * val2 * val3); ++#endif ++ exit(4); ++ } ++} ++ + #ifndef SOURCE_SADC + /* + *************************************************************************** +@@ -1529,28 +1551,4 @@ int parse_values(char *strargv, unsigned char bitmap[], int max_val, const char + return 0; + } + +-/* +- *************************************************************************** +- * Check if the multiplication of the 3 values may be greater than UINT_MAX. +- * +- * IN: +- * @val1 First value. +- * @val2 Second value. +- * @val3 Third value. +- *************************************************************************** +- */ +-void check_overflow(size_t val1, size_t val2, size_t val3) +-{ +- if ((unsigned long long) val1 * +- (unsigned long long) val2 * +- (unsigned long long) val3 > UINT_MAX) { +-#ifdef DEBUG +- fprintf(stderr, "%s: Overflow detected (%llu). Aborting...\n", +- __FUNCTION__, +- (unsigned long long) val1 * (unsigned long long) val2 * (unsigned long long) val3); +-#endif +- exit(4); +- } +-} +- + #endif /* SOURCE_SADC undefined */ +diff --git a/common.h b/common.h +index 75f837a..827e282 100644 +--- a/common.h ++++ b/common.h +@@ -247,10 +247,10 @@ int extract_wwnid + (char *, unsigned long long *, unsigned int *); + int get_wwnid_from_pretty + (char *, unsigned long long *, unsigned int *); ++void check_overflow ++ (unsigned long long, unsigned long long, unsigned long long); + + #ifndef SOURCE_SADC +-void check_overflow +- (size_t, size_t, size_t); + int count_bits + (void *, int); + int count_csvalues +diff --git a/sa_common.c b/sa_common.c +index ff90c1f..0ac04a2 100644 +--- a/sa_common.c ++++ b/sa_common.c +@@ -456,8 +456,9 @@ void allocate_structures(struct activity *act[]) + if (act[i]->nr_ini > 0) { + + /* Look for a possible overflow */ +- check_overflow((size_t) act[i]->msize, (size_t) act[i]->nr_ini, +- (size_t) act[i]->nr2); ++ check_overflow((unsigned long long) act[i]->msize, ++ (unsigned long long) act[i]->nr_ini, ++ (unsigned long long) act[i]->nr2); + + for (j = 0; j < 3; j++) { + SREALLOC(act[i]->buf[j], void, +@@ -522,6 +523,10 @@ void reallocate_all_buffers(struct activity *a, __nr_t nr_min) + while (nr_realloc < nr_min); + } + ++ /* Look for a possible overflow */ ++ check_overflow((unsigned long long) a->msize, nr_realloc, ++ (unsigned long long) a->nr2); ++ + for (j = 0; j < 3; j++) { + SREALLOC(a->buf[j], void, + (size_t) a->msize * nr_realloc * (size_t) a->nr2); +diff --git a/sadc.c b/sadc.c +index 5516a81..e7d4851 100644 +--- a/sadc.c ++++ b/sadc.c +@@ -352,6 +352,12 @@ void sa_sys_init(void) + } + + if (IS_COLLECTED(act[i]->options) && (act[i]->nr_ini > 0)) { ++ ++ /* Look for a possible overflow */ ++ check_overflow((unsigned long long) act[i]->msize, ++ (unsigned long long) act[i]->nr_ini, ++ (unsigned long long) act[i]->nr2); ++ + /* Allocate structures for current activity (using nr_ini and nr2 results) */ + SREALLOC(act[i]->_buf0, void, + (size_t) act[i]->msize * (size_t) act[i]->nr_ini * (size_t) act[i]->nr2); +-- +2.33.0 + diff --git a/backport-0002-CVE-2023-33204.patch b/backport-0002-CVE-2023-33204.patch new file mode 100644 index 0000000..cd28c5f --- /dev/null +++ b/backport-0002-CVE-2023-33204.patch @@ -0,0 +1,104 @@ +From 44f1dc159242c1e434a3b836cda49f084c5a96cc Mon Sep 17 00:00:00 2001 +From: Sebastien GODARD +Date: Sun, 6 Nov 2022 15:48:16 +0100 +Subject: [PATCH] Make sure values to be compared are unsigned integers + +It seems safer to make sure that input values are unsigned int before +casting them to unsigned long long and making the comparison. + +Signed-off-by: Sebastien GODARD + +Reference:https://github.com/sysstat/sysstat/commit/44f1dc159242c1e434a3b836cda49f084c5a96cc +Conflict:NA + +--- + common.c | 10 ++++++---- + common.h | 2 +- + sa_common.c | 10 +++++----- + sadc.c | 6 +++--- + 4 files changed, 15 insertions(+), 13 deletions(-) + +diff --git a/common.c b/common.c +index 5ecd7ff..8808445 100644 +--- a/common.c ++++ b/common.c +@@ -420,13 +420,15 @@ int get_wwnid_from_pretty(char *pretty, unsigned long long *wwn, unsigned int *p + * @val3 Third value. + *************************************************************************** + */ +-void check_overflow(unsigned long long val1, unsigned long long val2, +- unsigned long long val3) ++void check_overflow(unsigned int val1, unsigned int val2, ++ unsigned int val3) + { +- if (val1 * val2 * val3 > UINT_MAX) { ++ if ((unsigned long long) val1 * (unsigned long long) val2 * ++ (unsigned long long) val3 > UINT_MAX) { + #ifdef DEBUG + fprintf(stderr, "%s: Overflow detected (%llu). Aborting...\n", +- __FUNCTION__, val1 * val2 * val3); ++ __FUNCTION__, (unsigned long long) val1 * (unsigned long long) val2 * ++ (unsigned long long) val3); + #endif + exit(4); + } +diff --git a/common.h b/common.h +index 827e282..8014fbd 100644 +--- a/common.h ++++ b/common.h +@@ -248,7 +248,7 @@ int extract_wwnid + int get_wwnid_from_pretty + (char *, unsigned long long *, unsigned int *); + void check_overflow +- (unsigned long long, unsigned long long, unsigned long long); ++ (unsigned int, unsigned int, unsigned int); + + #ifndef SOURCE_SADC + int count_bits +diff --git a/sa_common.c b/sa_common.c +index 0ac04a2..e9a0f86 100644 +--- a/sa_common.c ++++ b/sa_common.c +@@ -456,9 +456,9 @@ void allocate_structures(struct activity *act[]) + if (act[i]->nr_ini > 0) { + + /* Look for a possible overflow */ +- check_overflow((unsigned long long) act[i]->msize, +- (unsigned long long) act[i]->nr_ini, +- (unsigned long long) act[i]->nr2); ++ check_overflow((unsigned int) act[i]->msize, ++ (unsigned int) act[i]->nr_ini, ++ (unsigned int) act[i]->nr2); + + for (j = 0; j < 3; j++) { + SREALLOC(act[i]->buf[j], void, +@@ -524,8 +524,8 @@ void reallocate_all_buffers(struct activity *a, __nr_t nr_min) + } + + /* Look for a possible overflow */ +- check_overflow((unsigned long long) a->msize, nr_realloc, +- (unsigned long long) a->nr2); ++ check_overflow((unsigned int) a->msize, (unsigned int) nr_realloc, ++ (unsigned int) a->nr2); + + for (j = 0; j < 3; j++) { + SREALLOC(a->buf[j], void, +diff --git a/sadc.c b/sadc.c +index e7d4851..bcd8b59 100644 +--- a/sadc.c ++++ b/sadc.c +@@ -354,9 +354,9 @@ void sa_sys_init(void) + if (IS_COLLECTED(act[i]->options) && (act[i]->nr_ini > 0)) { + + /* Look for a possible overflow */ +- check_overflow((unsigned long long) act[i]->msize, +- (unsigned long long) act[i]->nr_ini, +- (unsigned long long) act[i]->nr2); ++ check_overflow((unsigned int) act[i]->msize, ++ (unsigned int) act[i]->nr_ini, ++ (unsigned int) act[i]->nr2); + + /* Allocate structures for current activity (using nr_ini and nr2 results) */ + SREALLOC(act[i]->_buf0, void, +-- +2.33.0 diff --git a/backport-CVE-2023-33204.patch b/backport-0003-CVE-2023-33204.patch similarity index 64% rename from backport-CVE-2023-33204.patch rename to backport-0003-CVE-2023-33204.patch index ce84302..9d0d2f5 100644 --- a/backport-CVE-2023-33204.patch +++ b/backport-0003-CVE-2023-33204.patch @@ -2,23 +2,23 @@ From 954ff2e2673cef48f0ed44668c466eab041db387 Mon Sep 17 00:00:00 2001 From: Pavel Kopylov Date: Wed, 17 May 2023 11:33:45 +0200 Subject: [PATCH] Fix an overflow which is still possible for some values. - + Reference:https://github.com/sysstat/sysstat/commit/6f8dc568e6ab072bb8205b732f04e685bf9237c0 -Conflict:Adaptation Context +Conflict:NA + --- - common.c | 15 ++++++++------- - 1 file changed, 8 insertions(+), 7 deletions(-) + common.c | 16 +++++++++------- + 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/common.c b/common.c -index 28d475e..85b2457 100644 +index 8808445..879d697 100644 --- a/common.c +++ b/common.c -@@ -1541,15 +1541,16 @@ int parse_values(char *strargv, unsigned char bitmap[], int max_val, const char - */ - void check_overflow(size_t val1, size_t val2, size_t val3) +@@ -423,15 +423,17 @@ int get_wwnid_from_pretty(char *pretty, unsigned long long *wwn, unsigned int *p + void check_overflow(unsigned int val1, unsigned int val2, + unsigned int val3) { -- if ((unsigned long long) val1 * -- (unsigned long long) val2 * +- if ((unsigned long long) val1 * (unsigned long long) val2 * - (unsigned long long) val3 > UINT_MAX) { + if ((val1 != 0) && (val2 != 0) && (val3 != 0) && + (((unsigned long long) UINT_MAX / (unsigned long long) val1 < @@ -27,15 +27,17 @@ index 28d475e..85b2457 100644 + (unsigned long long) val3))) { #ifdef DEBUG - fprintf(stderr, "%s: Overflow detected (%llu). Aborting...\n", -- __FUNCTION__, -- (unsigned long long) val1 * (unsigned long long) val2 * (unsigned long long) val3); +- __FUNCTION__, (unsigned long long) val1 * (unsigned long long) val2 * +- (unsigned long long) val3); + fprintf(stderr, "%s: Overflow detected (%u,%u,%u). Aborting...\n", + __FUNCTION__, val1, val2, val3); #endif - exit(4); +- } + exit(4); - } ++ } } + #ifndef SOURCE_SADC -- -2.33.0 +2.27.0 diff --git a/sysstat.spec b/sysstat.spec index 5148dca..ae4dfdd 100644 --- a/sysstat.spec +++ b/sysstat.spec @@ -1,13 +1,15 @@ Name: sysstat Version: 12.2.1 -Release: 5 +Release: 6 Summary: System performance tools for the Linux operating system License: GPLv2+ URL: http://sebastien.godard.pagesperso-orange.fr/ Source0: http://sebastien.godard.pagesperso-orange.fr/%{name}-%{version}.tar.xz Patch6000: backport-CVE-2022-39377.patch -Patch6001: backport-CVE-2023-33204.patch +Patch6001: backport-0001-CVE-2023-33204.patch +Patch6002: backport-0002-CVE-2023-33204.patch +Patch6003: backport-0003-CVE-2023-33204.patch BuildRequires: gcc, gettext, lm_sensors-devel, systemd @@ -89,6 +91,9 @@ export compressafter="31" %{_mandir}/man*/* %changelog +* Mon May 29 2023 zhouwenpei - 12.2.1-6 +- add missing patch + * Thu May 25 2023 zhouwenpei - 12.2.1-5 - fix CVE-2023-33204 -- Gitee