pool/sysstat
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 732929 from home:pmonrealgonzalez:branches:Base:System

Browse Source 
- Security fix: [bsc#1150114, CVE-2019-16167]
  * Memory corruption due to an Integer Overflow in remap_struct()
    in sa_common.c
  * Added sysstat-CVE-2019-16167.patch

OBS-URL: https://build.opensuse.org/request/show/732929
OBS-URL: https://build.opensuse.org/package/show/Base:System/sysstat?expand=0&rev=98
This commit is contained in:
Tomáš Chvátal 2019-09-24 12:27:30 +00:00 committed by Git OBS Bridge
parent 71cafbb53e
commit 9496561316
3 changed files with 51 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
sysstat-CVE-2019-16167.patch Normal file
View File

@ -0,0 +1,40 @@
Index: sysstat-12.0.6/sa_common.c
===================================================================
--- sysstat-12.0.6.orig/sa_common.c
+++ sysstat-12.0.6/sa_common.c
@@ -1298,6 +1298,10 @@ void remap_struct(unsigned int gtypes_nr
/* Remap [unsigned] long fields */
d = gtypes_nr[0] - ftypes_nr[0];
if (d) {
+ if (ftypes_nr[0] * ULL_ALIGNMENT_WIDTH < ftypes_nr[0])
+ /* Overflow */
+ return;
+
n = MINIMUM(f_size - ftypes_nr[0] * ULL_ALIGNMENT_WIDTH,
g_size - gtypes_nr[0] * ULL_ALIGNMENT_WIDTH);
if ((ftypes_nr[0] * ULL_ALIGNMENT_WIDTH >= b_size) ||
@@ -1314,6 +1318,11 @@ void remap_struct(unsigned int gtypes_nr
/* Remap [unsigned] int fields */
d = gtypes_nr[1] - ftypes_nr[1];
if (d) {
+ if (gtypes_nr[0] * ULL_ALIGNMENT_WIDTH +
+ ftypes_nr[1] * UL_ALIGNMENT_WIDTH < ftypes_nr[1])
+ /* Overflow */
+ return;
+
n = MINIMUM(f_size - ftypes_nr[0] * ULL_ALIGNMENT_WIDTH
- ftypes_nr[1] * UL_ALIGNMENT_WIDTH,
g_size - gtypes_nr[0] * ULL_ALIGNMENT_WIDTH
@@ -1338,6 +1347,12 @@ void remap_struct(unsigned int gtypes_nr
/* Remap possible fields (like strings of chars) following int fields */
d = gtypes_nr[2] - ftypes_nr[2];
if (d) {
+ if (gtypes_nr[0] * ULL_ALIGNMENT_WIDTH +
+ gtypes_nr[1] * UL_ALIGNMENT_WIDTH +
+ ftypes_nr[2] * U_ALIGNMENT_WIDTH < ftypes_nr[2])
+ /* Overflow */
+ return;
+
n = MINIMUM(f_size - ftypes_nr[0] * ULL_ALIGNMENT_WIDTH
- ftypes_nr[1] * UL_ALIGNMENT_WIDTH
- ftypes_nr[2] * U_ALIGNMENT_WIDTH,

8
sysstat.changes
View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Tue Sep 10 11:10:11 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
- Security fix: [bsc#1150114, CVE-2019-16167]
* Memory corruption due to an Integer Overflow in remap_struct()
in sa_common.c
* Added sysstat-CVE-2019-16167.patch
-------------------------------------------------------------------
Tue Aug 27 15:53:53 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>

3
sysstat.spec
View File

@ -33,6 +33,8 @@ Patch0: sysstat-8.1.6-sa1sa2lock.diff
# PATCH-FIX-OPENSUSE should be upstreamed
# use getpagesize() instead of kb_shift for hugetable archs
Patch2: sysstat-8.0.4-pagesize.diff
# PATCH-FIX-UPSTREAM bsc#1150114 CVE-2019-16167 sysstat-CVE-2019-16167.patch
Patch3: sysstat-CVE-2019-16167.patch
BuildRequires: findutils
BuildRequires: gettext-runtime
BuildRequires: pkgconfig
@ -71,6 +73,7 @@ from a sysstat package.
%setup -q
%patch0 -p1
%patch2 -p1
%patch3 -p1
cp %{SOURCE1} %{SOURCE2} %{SOURCE4} .
# remove date and time from objects
find ./ -name \*.c -exec sed -i -e 's: " compiled " __DATE__ " " __TIME__::g' {} \;