fix CVE-2022-2639
(cherry picked from commit 2f402806186fa272296c8d8aa112c822625310f8)
This commit is contained in:
yangl777
openeuler-sync-bot
parent
33c3977259
commit
af152b83ab
36
backport-CVE-2022-2639.patch
Normal file
36
backport-CVE-2022-2639.patch
Normal file
@ -0,0 +1,36 @@
|
||||
From cefa91b2332d7009bc0be5d951d6cbbf349f90f8 Mon Sep 17 00:00:00 2001
|
||||
From: Paolo Valerio <pvalerio@redhat.com>
|
||||
Date: Fri, 15 Apr 2022 10:08:41 +0200
|
||||
Subject: [PATCH] openvswitch: fix OOB access in reserve_sfa_size()
|
||||
|
||||
Given a sufficiently large number of actions, while copying and
|
||||
reserving memory for a new action of a new flow, if next_offset is
|
||||
greater than MAX_ACTIONS_BUFSIZE, the function reserve_sfa_size() does
|
||||
not return -EMSGSIZE as expected, but it allocates MAX_ACTIONS_BUFSIZE
|
||||
bytes increasing actions_len by req_size. This can then lead to an OOB
|
||||
write access, especially when further actions need to be copied.
|
||||
|
||||
Fix it by rearranging the flow action size check.
|
||||
|
||||
Conflict:NA
|
||||
Reference:https://github.com/torvalds/linux/commit/cefa91b2332d7009bc0be5d951d6cbbf349f90f8
|
||||
---
|
||||
datapath/flow_netlink.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/datapath/flow_netlink.c b/datapath/flow_netlink.c
|
||||
index 0f7ab53..1f04072 100644
|
||||
--- a/datapath/flow_netlink.c
|
||||
+++ b/datapath/flow_netlink.c
|
||||
@@ -2322,7 +2322,7 @@ static struct nlattr *reserve_sfa_size(struct sw_flow_actions **sfa,
|
||||
new_acts_size = max(next_offset + req_size, ksize(*sfa) * 2);
|
||||
|
||||
if (new_acts_size > MAX_ACTIONS_BUFSIZE) {
|
||||
- if ((MAX_ACTIONS_BUFSIZE - next_offset) < req_size) {
|
||||
+ if ((next_offset + req_size) > MAX_ACTIONS_BUFSIZE) {
|
||||
OVS_NLERR(log, "Flow action size exceeds max %u",
|
||||
MAX_ACTIONS_BUFSIZE);
|
||||
return ERR_PTR(-EMSGSIZE);
|
||||
--
|
||||
2.33.0
|
||||
|
||||
@ -9,7 +9,7 @@ Summary: Production Quality, Multilayer Open Virtual Switch
|
||||
URL: http://www.openvswitch.org/
|
||||
Version: 2.12.4
|
||||
License: ASL 2.0 and ISC
|
||||
Release: 7
|
||||
Release: 8
|
||||
Source: https://www.openvswitch.org/releases/openvswitch-%{version}.tar.gz
|
||||
Buildroot: /tmp/openvswitch-rpm
|
||||
Patch0000: 0000-openvswitch-add-stack-protector-strong.patch
|
||||
@ -22,6 +22,7 @@ Patch6002: backport-CVE-2023-5366.patch
|
||||
Patch6003: backport-0001-CVE-2023-3966.patch
|
||||
Patch6004: backport-0002-CVE-2023-3966.patch
|
||||
Patch6005: backport-0003-CVE-2023-3966.patch
|
||||
Patch6006: backport-CVE-2022-2639.patch
|
||||
|
||||
Patch9000: fix-selinux-err.patch
|
||||
|
||||
@ -298,6 +299,12 @@ exit 0
|
||||
%doc README.rst NEWS rhel/README.RHEL.rst
|
||||
|
||||
%changelog
|
||||
* Fri Mar 29 2024 yanglu <yanglu72@h-partners.com> - 2.12.4-8
|
||||
- Type:CVE
|
||||
- Id:CVE-2022-2639
|
||||
- SUG:NA
|
||||
- DESC:fix CVE-2022-2639
|
||||
|
||||
* Tue Feb 20 2024 zhangpan <zhangpan103@h-pattners.com> - 2.12.4-7
|
||||
- fix CVE-2023-3966
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user