diff --git a/gmp-6.2.1-CVE-2021-43618.patch b/gmp-6.2.1-CVE-2021-43618.patch new file mode 100644 index 0000000..3ac255c --- /dev/null +++ b/gmp-6.2.1-CVE-2021-43618.patch @@ -0,0 +1,25 @@ + +# HG changeset patch +# User Marco Bodrato +# Date 1634836009 -7200 +# Node ID 561a9c25298e17bb01896801ff353546c6923dbd +# Parent e1fd9db13b475209a864577237ea4b9105b3e96e +mpz/inp_raw.c: Avoid bit size overflows + +diff -r e1fd9db13b47 -r 561a9c25298e mpz/inp_raw.c +--- a/mpz/inp_raw.c Tue Dec 22 23:49:51 2020 +0100 ++++ b/mpz/inp_raw.c Thu Oct 21 19:06:49 2021 +0200 +@@ -88,8 +88,11 @@ + + abs_csize = ABS (csize); + ++ if (UNLIKELY (abs_csize > ~(mp_bitcnt_t) 0 / 8)) ++ return 0; /* Bit size overflows */ ++ + /* round up to a multiple of limbs */ +- abs_xsize = BITS_TO_LIMBS (abs_csize*8); ++ abs_xsize = BITS_TO_LIMBS ((mp_bitcnt_t) abs_csize * 8); + + if (abs_xsize != 0) + { + diff --git a/gmp.changes b/gmp.changes index 067857e..6d74eb3 100644 --- a/gmp.changes +++ b/gmp.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Nov 16 07:33:41 UTC 2021 - Richard Biener + +- Add gmp-6.2.1-CVE-2021-43618.patch to fix buffer overflow on + malformed input to mpz_inp_raw. [bsc#1192717, CVE-2021-43618] + ------------------------------------------------------------------- Tue Apr 20 12:59:35 UTC 2021 - Richard Biener diff --git a/gmp.spec b/gmp.spec index 1ba8211..1d96997 100644 --- a/gmp.spec +++ b/gmp.spec @@ -30,6 +30,7 @@ Source2: %{name}.keyring Source3: baselibs.conf # revert change causing bsc#1179751 Patch1: gmp-6.2.1-arm64-invert_limb.patch +Patch2: gmp-6.2.1-CVE-2021-43618.patch BuildRequires: fipscheck BuildRequires: gcc-c++ BuildRequires: m4 @@ -78,6 +79,7 @@ huge numbers (integer and floating point). %prep %setup -q %patch1 +%patch2 -p1 %build export CFLAGS="%{optflags} -fexceptions"