From edf3e306c61577fa6ef12112087eda569f1704d1aadd237bf746b68600d1fad6 Mon Sep 17 00:00:00 2001 From: Martin Pluskal Date: Tue, 25 Jul 2017 12:08:19 +0000 Subject: [PATCH] Accepting request 512491 from home:adamm:branches:devel:tools:compiler - memory_fixes.patch: Fix usage-after-free and buffer overflow bugs (bsc#1047925, bsc#1047936, CVE-2017-11111, CVE-2017-10686) - Restrict %fdupes to manpage directory - Enable unit tests in %check target OBS-URL: https://build.opensuse.org/request/show/512491 OBS-URL: https://build.opensuse.org/package/show/devel:tools:compiler/nasm?expand=0&rev=31 --- memory_fixes.patch | 52 ++++++++++++++++++++++++++++++++++++++++++++++ nasm.changes | 8 +++++++ nasm.spec | 7 ++++++- 3 files changed, 66 insertions(+), 1 deletion(-) create mode 100644 memory_fixes.patch diff --git a/memory_fixes.patch b/memory_fixes.patch new file mode 100644 index 0000000..fcc70cd --- /dev/null +++ b/memory_fixes.patch @@ -0,0 +1,52 @@ +Author: Adam Majer +Date: Tue Jul 25 13:03:57 CEST 2017 +Summary: Fix use after free and buffer overflow +BSC: 1047925 1047936 + +Submitted upstream in linked bug reports. + +https://bugzilla.nasm.us/show_bug.cgi?id=3392414 +https://bugzilla.nasm.us/show_bug.cgi?id=3392415 + +Index: nasm-2.13.01/asm/preproc.c +=================================================================== +--- nasm-2.13.01.orig/asm/preproc.c ++++ nasm-2.13.01/asm/preproc.c +@@ -1257,6 +1257,7 @@ static char *detoken(Token * tlist, bool + char *q = t->text; + + v = t->text + 2; ++ t->text = NULL; + if (*v == '\'' || *v == '\"' || *v == '`') { + size_t len = nasm_unquote(v, NULL); + size_t clen = strlen(v); +@@ -3845,9 +3846,15 @@ static bool paste_tokens(Token **head, c + len += strlen(tok->text); + p = buf = nasm_malloc(len + 1); + ++ strcpy(p, tok->text); ++ p = strchr(p, '\0'); ++ tok = delete_Token(tok); ++ + while (tok != next) { +- strcpy(p, tok->text); +- p = strchr(p, '\0'); ++ if (PP_CONCAT_MATCH(tok, m[i].mask_tail)) { ++ strcpy(p, tok->text); ++ p = strchr(p, '\0'); ++ } + tok = delete_Token(tok); + } + +@@ -5095,8 +5102,9 @@ static char *pp_getline(void) + nasm_free(m->paramlen); + l->finishes->in_progress = 0; + } +- } else +- free_mmacro(m); ++ } else { ++ // free_mmacro(m); ++ } + } + istk->expansion = l->next; + nasm_free(l); diff --git a/nasm.changes b/nasm.changes index c222312..9b64e32 100644 --- a/nasm.changes +++ b/nasm.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Tue Jul 25 11:00:30 UTC 2017 - adam.majer@suse.de + +- memory_fixes.patch: Fix usage-after-free and buffer overflow + bugs (bsc#1047925, bsc#1047936, CVE-2017-11111, CVE-2017-10686) +- Restrict %fdupes to manpage directory +- Enable unit tests in %check target + ------------------------------------------------------------------- Tue May 23 11:14:56 UTC 2017 - mpluskal@suse.com diff --git a/nasm.spec b/nasm.spec index 9fea61c..502d05c 100644 --- a/nasm.spec +++ b/nasm.spec @@ -24,6 +24,7 @@ License: BSD-2-Clause Group: Development/Languages/Other Url: http://www.nasm.us/ Source: http://www.nasm.us/pub/nasm/releasebuilds/%{version}/nasm-%{version}.tar.xz +Patch: memory_fixes.patch BuildRequires: fdupes %description @@ -32,6 +33,7 @@ several binary formats, including ELF, a.out, Win32, and OS/2. %prep %setup -q +%patch -p1 %build touch -r ./version.h ./version.h.stamp @@ -43,7 +45,10 @@ make %{?_smp_mflags} all %install make INSTALLROOT=%{buildroot} install rdf_install -%fdupes -s %{buildroot} +%fdupes %{buildroot}%{_mandir} + +%check +make test %files %defattr(-,root,root)