packages/nasm
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!50 [sync] PR-45: 修复 CVE-2020-21528

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @lyn1001 
Signed-off-by: @lyn1001
This commit is contained in:
openeuler-ci-bot 2023-09-12 07:18:11 +00:00 committed by Gitee
commit 3e6a5836c4
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 50 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
CVE-2020-21528.patch Normal file
View File

@ -0,0 +1,43 @@
From 93c774d482694643cafbc82578ac8b729fb5bc8b Mon Sep 17 00:00:00 2001
From: Cyrill Gorcunov <gorcunov@gmail.com>
Date: Wed, 4 Nov 2020 13:08:06 +0300
Subject: [PATCH] BR3392637: output/outieee: Fix nil dereference
The handling been broken in commit 98578071.
Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
---
output/outieee.c | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/output/outieee.c b/output/outieee.c
index bff2f085..b3ccc5f6 100644
--- a/output/outieee.c
+++ b/output/outieee.c
@@ -795,6 +795,23 @@ static int32_t ieee_segment(char *name, int *bits)
define_label(name, seg->index + 1, 0L, false);
ieee_seg_needs_update = NULL;
+ /*
+ * In commit 98578071b9d71ecaa2344dd9c185237c1765041e
+ * we reworked labels significantly which in turn lead
+ * to the case where seg->name = NULL here and we get
+ * nil dereference in next segments definitions.
+ *
+ * Lets placate this case with explicit name setting
+ * if labels engine didn't set it yet.
+ *
+ * FIXME: Need to revisit this moment if such fix doesn't
+ * break anything but since IEEE 695 format is veeery
+ * old I don't expect there are many users left. In worst
+ * case this should only lead to a memory leak.
+ */
+ if (!seg->name)
+ seg->name = nasm_strdup(name);
+
if (seg->use32)
*bits = 32;
else
--
2.27.0

8
nasm.spec
View File

@ -8,7 +8,7 @@
Name: nasm Name: nasm
Version: 2.15.05 Version: 2.15.05
Release: 5 Release: 6
Summary: The Netwide Assembler, a portable x86 assembler with Intel-like syntax Summary: The Netwide Assembler, a portable x86 assembler with Intel-like syntax
License: BSD License: BSD
URL: http://www.nasm.us URL: http://www.nasm.us
@ -20,6 +20,9 @@ Patch6001: fix-help-info-error.patch
# https://github.com/netwide-assembler/nasm/commit/2d4e6952417ec6f08b6f135d2b5d0e19b7dae30d # https://github.com/netwide-assembler/nasm/commit/2d4e6952417ec6f08b6f135d2b5d0e19b7dae30d
Patch6002: CVE-2022-44370.patch Patch6002: CVE-2022-44370.patch
#https://bugzilla.nasm.us/attachment.cgi?id=411648 #https://bugzilla.nasm.us/attachment.cgi?id=411648
Patch6003: CVE-2020-21528.patch
BuildRequires: perl(Env) autoconf asciidoc xmlto gcc make git BuildRequires: perl(Env) autoconf asciidoc xmlto gcc make git
Provides: %{name}-rdoff Provides: %{name}-rdoff
@ -91,6 +94,9 @@ make test
%{_mandir}/man1/ld* %{_mandir}/man1/ld*
%changelog %changelog
* Wed Aug 23 2023 hongjinghao <hongjinghao@huawei.com> - 2.15.05-6
- Fix CVE-2020-21528
* Wed Apr 12 2023 yaoxin <yao_xin001@hoperun.com> - 2.15.05-5 * Wed Apr 12 2023 yaoxin <yao_xin001@hoperun.com> - 2.15.05-5
- Fix CVE-2022-44370 - Fix CVE-2022-44370