0d580d6eaf
integer overflow (bsc#1267811)
* Add 0001-Fix-CVE-2026-10722.patch
- Update to version 1.17.1:
* Bug fix
Back off usage reporting on persistent failure instead of
retrying every minute
OBS-URL: https://build.opensuse.org/package/show/server:monitoring/alloy?expand=0&rev=77
37 lines
1.4 KiB
Diff
37 lines
1.4 KiB
Diff
From 533dfc82fd228bfadf42ea7180c39de7d9af47fa Mon Sep 17 00:00:00 2001
|
|
From: Dylan Reimerink <dylan.reimerink@isovalent.com>
|
|
Date: Wed, 27 May 2026 14:05:06 +0200
|
|
Subject: [PATCH] btf: Fixed integer overflow in length checking
|
|
|
|
Fuzzing revealed that a bad ELF file could cause an integer overflow
|
|
when doing a bounds check. Fixed this by casting two uint32 values to
|
|
uint64 before adding them together.
|
|
|
|
Signed-off-by: Dylan Reimerink <dylan.reimerink@isovalent.com>
|
|
---
|
|
btf/btf.go | 4 ++--
|
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/btf/btf.go b/btf/btf.go
|
|
index cdc95425f..a9160c678 100644
|
|
--- a/btf/btf.go
|
|
+++ b/btf/btf.go
|
|
@@ -214,7 +214,7 @@ func loadRawSpec(btf []byte, base *Spec) (*Spec, error) {
|
|
}
|
|
btf = btf[header.HdrLen:]
|
|
|
|
- if int(header.StringOff+header.StringLen) > len(btf) {
|
|
+ if uint64(header.StringOff)+uint64(header.StringLen) > uint64(len(btf)) {
|
|
return nil, fmt.Errorf("string table is out of bounds")
|
|
}
|
|
stringsSection := btf[header.StringOff : header.StringOff+header.StringLen]
|
|
@@ -224,7 +224,7 @@ func loadRawSpec(btf []byte, base *Spec) (*Spec, error) {
|
|
return nil, fmt.Errorf("read string section: %w", err)
|
|
}
|
|
|
|
- if int(header.TypeOff+header.TypeLen) > len(btf) {
|
|
+ if uint64(header.TypeOff)+uint64(header.TypeLen) > uint64(len(btf)) {
|
|
return nil, fmt.Errorf("types section is out of bounds")
|
|
}
|
|
typesSection := btf[header.TypeOff : header.TypeOff+header.TypeLen]
|