- Add gmp-6.2.1-CVE-2021-43618.diff to fix buffer overflow on

malformed input to mpz_inp_raw. [bsc#1192717, CVE-2021-43618] OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/gmp?expand=0&rev=91
2021-11-16 07:39:19 +00:00 · 2021-11-16 07:39:19 +00:00 · 749f35f705
commit 749f35f705
parent 5d9088ca84
3 changed files with 33 additions and 0 deletions
--- a/gmp-6.2.1-CVE-2021-43618.patch
+++ b/gmp-6.2.1-CVE-2021-43618.patch
@ -0,0 +1,25 @@
+
+# HG changeset patch
+# User Marco Bodrato <bodrato@mail.dm.unipi.it>
+# Date 1634836009 -7200
+# Node ID 561a9c25298e17bb01896801ff353546c6923dbd
+# Parent  e1fd9db13b475209a864577237ea4b9105b3e96e
+mpz/inp_raw.c: Avoid bit size overflows
+
+diff -r e1fd9db13b47 -r 561a9c25298e mpz/inp_raw.c
+--- a/mpz/inp_raw.c	Tue Dec 22 23:49:51 2020 +0100
+++ b/mpz/inp_raw.c	Thu Oct 21 19:06:49 2021 +0200
+@@ -88,8 +88,11 @@
+ 
+   abs_csize = ABS (csize);
+ 
+  if (UNLIKELY (abs_csize > ~(mp_bitcnt_t) 0 / 8))
+    return 0; /* Bit size overflows */
+
+   /* round up to a multiple of limbs */
+-  abs_xsize = BITS_TO_LIMBS (abs_csize*8);
+  abs_xsize = BITS_TO_LIMBS ((mp_bitcnt_t) abs_csize * 8);
+ 
+   if (abs_xsize != 0)
+     {
+
--- a/gmp.changes
+++ b/gmp.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Tue Nov 16 07:33:41 UTC 2021 - Richard Biener <rguenther@suse.com>
+
+- Add gmp-6.2.1-CVE-2021-43618.diff to fix buffer overflow on
+  malformed input to mpz_inp_raw.  [bsc#1192717, CVE-2021-43618]
+
 -------------------------------------------------------------------
 Tue Apr 20 12:59:35 UTC 2021 - Richard Biener <rguenther@suse.com>

--- a/gmp.spec
+++ b/gmp.spec
@ -30,6 +30,7 @@ Source2:        %{name}.keyring
 Source3:        baselibs.conf
 # revert change causing bsc#1179751
 Patch1:         gmp-6.2.1-arm64-invert_limb.patch
+Patch2:         gmp-6.2.1-CVE-2021-43618.patch
 BuildRequires:  fipscheck
 BuildRequires:  gcc-c++
 BuildRequires:  m4
@ -78,6 +79,7 @@ huge numbers (integer and floating point).
 %prep
 %setup -q
 %patch1
+%patch2 -p1

 %build
 export CFLAGS="%{optflags} -fexceptions"