packages/util-linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sync community patches

Browse Source 
(cherry picked from commit 5227de9e16e7a611abd47844045a753ad3b6b2e5)
This commit is contained in:
zhangyao 2024-05-07 09:41:41 +08:00 committed by openeuler-sync-bot
parent a6674deaaf
commit e5ed90d5c7
5 changed files with 233 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
backport-hexdump-check-blocksize-when-display-data.patch Normal file
View File

@ -0,0 +1,59 @@
From dfa1ad272528a92384adac523cf2f2949b767d8d Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Tue, 27 Feb 2024 18:38:02 +0100
Subject: [PATCH] hexdump: check blocksize when display data
hexdump(1) stores input to buffer and apply format unit when prints
the output. The unit can move pointer which points to the buffer, but
code does not check for limits.
Fixes: https://github.com/util-linux/util-linux/issues/2806
Signed-off-by: Karel Zak <kzak@redhat.com>
---
text-utils/hexdump-display.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/text-utils/hexdump-display.c b/text-utils/hexdump-display.c
index bc92bd0ca..c865127c8 100644
--- a/text-utils/hexdump-display.c
+++ b/text-utils/hexdump-display.c
@@ -250,6 +250,8 @@ void display(struct hexdump *hex)
struct list_head *p, *q, *r;
while ((bp = get(hex)) != NULL) {
+ ssize_t rem = hex->blocksize;
+
fs = &hex->fshead; savebp = bp; saveaddress = address;
list_for_each(p, fs) {
@@ -263,7 +265,7 @@ void display(struct hexdump *hex)
cnt = fu->reps;
- while (cnt) {
+ while (cnt && rem >= 0) {
list_for_each(r, &fu->prlist) {
pr = list_entry(r, struct hexdump_pr, prlist);
@@ -280,12 +282,18 @@ void display(struct hexdump *hex)
print(pr, bp);
address += pr->bcnt;
+
+ rem -= pr->bcnt;
+ if (rem < 0)
+ break;
+
bp += pr->bcnt;
}
--cnt;
}
}
bp = savebp;
+ rem = hex->blocksize;
address = saveaddress;
}
}
--
2.33.0

28
backport-last-avoid-out-of-bounds-array-access.patch Normal file
View File

@ -0,0 +1,28 @@
From 75822efb8e948b538d9e9ccc329a5430fdabb7ea Mon Sep 17 00:00:00 2001
From: biubiuzy <294772273@qq.com>
Date: Fri, 23 Feb 2024 17:44:12 +0800
Subject: [PATCH] last: avoid out of bounds array access
---
login-utils/last.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/login-utils/last.c b/login-utils/last.c
index bbbe817f8..f5a9fec08 100644
--- a/login-utils/last.c
+++ b/login-utils/last.c
@@ -351,7 +351,10 @@ static int time_formatter(int fmt, char *dst, size_t dlen, time_t *when)
{
char buf[CTIME_BUFSIZ];
- ctime_r(when, buf);
+ if (!ctime_r(when, buf)) {
+ ret = -1;
+ break;
+ }
snprintf(dst, dlen, "%s", buf);
ret = rtrim_whitespace((unsigned char *) dst);
break;
--
2.33.0

64
backport-lsipc-fix-semaphore-USED-counter.patch Normal file
View File

@ -0,0 +1,64 @@
From fa45a6e516065f489b1cfb924ec3fc06960e0839 Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Tue, 26 Mar 2024 12:45:24 +0100
Subject: [PATCH] lsipc: fix semaphore USED counter
The code incorrectly counts only with the first item in the linked
list (due to a typo). It seems rather fragile to use "semds" and
"semdsp" as variable names in the same code ...
# lsipc -gs
Old:
KEY ID PERMS OWNER NSEMS RESOURCE DESCRIPTION LIMIT USED USE%
SEMMNI Number of semaphore identifiers 32000 3 0.01%
SEMMNS Total number of semaphores 1024000000 369 0.00%
SEMMSL Max semaphores per semaphore set. 32000 - -
SEMOPM Max number of operations per semop(2) 500 - -
SEMVMX Semaphore max value 32767 - -
Fixed:
KEY ID PERMS OWNER NSEMS RESOURCE DESCRIPTION LIMIT USED USE%
SEMMNI Number of semaphore identifiers 32000 3 0.01%
SEMMNS Total number of semaphores 1024000000 156 0.00%
SEMMSL Max semaphores per semaphore set. 32000 - -
SEMOPM Max number of operations per semop(2) 500 - -
SEMVMX Semaphore max value 32767 - -
Addresses: https://issues.redhat.com/browse/RHEL-30269
Signed-off-by: Karel Zak <kzak@redhat.com>
---
sys-utils/lsipc.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/sys-utils/lsipc.c b/sys-utils/lsipc.c
index 2c5561112..515788c13 100644
--- a/sys-utils/lsipc.c
+++ b/sys-utils/lsipc.c
@@ -717,16 +717,18 @@ static void do_sem(int id, struct lsipc_control *ctl, struct libscols_table *tb)
static void do_sem_global(struct lsipc_control *ctl, struct libscols_table *tb)
{
- struct sem_data *semds, *semdsp;
+ struct sem_data *semds;
struct ipc_limits lim;
int nsems = 0, nsets = 0;
ipc_sem_get_limits(&lim);
if (ipc_sem_get_info(-1, &semds) > 0) {
- for (semdsp = semds; semdsp->next != NULL; semdsp = semdsp->next) {
+ struct sem_data *p;
+
+ for (p = semds; p->next != NULL; p = p->next) {
++nsets;
- nsems += semds->sem_nsems;
+ nsems += p->sem_nsems;
}
ipc_sem_free_info(semds);
}
--
2.33.0

67
backport-lslocks-fix-buffer-overflow.patch Normal file
View File

@ -0,0 +1,67 @@
From c7e20a87573202ed5288447b557cb7cff1b40a17 Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Thu, 29 Feb 2024 20:43:35 +0100
Subject: [PATCH] lslocks: fix buffer overflow
* don't use memset() to init variables
* use xreaddir() to reduce code
* use ssize_t for readlinkat() return value to avoid buffer overflow
Signed-off-by: Karel Zak <kzak@redhat.com>
(cherry picked from commit f030775ffeaa8627c88434f7d0cba1a454aa0ffa)
---
misc-utils/lslocks.c | 16 +++++++---------
1 file changed, 7 insertions(+), 9 deletions(-)
diff --git a/misc-utils/lslocks.c b/misc-utils/lslocks.c
index b14d419..06c707a 100644
--- a/misc-utils/lslocks.c
+++ b/misc-utils/lslocks.c
@@ -45,6 +45,7 @@
#include "closestream.h"
#include "optutils.h"
#include "procutils.h"
+#include "fileutils.h"
/* column IDs */
enum {
@@ -164,13 +165,12 @@ static char *get_filename_sz(ino_t inode, pid_t lock_pid, size_t *size)
struct stat sb;
struct dirent *dp;
DIR *dirp;
- size_t len;
+ size_t sz;
int fd;
- char path[PATH_MAX], sym[PATH_MAX], *ret = NULL;
+ char path[PATH_MAX] = { 0 },
+ sym[PATH_MAX] = { 0 }, *ret = NULL;
*size = 0;
- memset(path, 0, sizeof(path));
- memset(sym, 0, sizeof(sym));
/*
* We know the pid so we don't have to
@@ -181,16 +181,14 @@ static char *get_filename_sz(ino_t inode, pid_t lock_pid, size_t *size)
if (!(dirp = opendir(path)))
return NULL;
- if ((len = strlen(path)) >= (sizeof(path) - 2))
+ if ((sz = strlen(path)) >= (sizeof(path) - 2))
goto out;
if ((fd = dirfd(dirp)) < 0 )
goto out;
- while ((dp = readdir(dirp))) {
- if (!strcmp(dp->d_name, ".") ||
- !strcmp(dp->d_name, ".."))
- continue;
+ while ((dp = xreaddir(dirp))) {
+ ssize_t len;
errno = 0;
--
2.33.0

16
util-linux.spec
View File

@ -3,7 +3,7 @@
Name: util-linux
Version: 2.37.2
Release: 30
Release: 31
Summary: A random collection of Linux utilities
License: GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain
URL: https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git
@ -146,6 +146,10 @@ Patch6124: backport-more-fix-poll-use.patch
Patch6125: backport-CVE-2024-28085.patch
Patch6126: backport-lscpu-don-t-use-NULL-sharedmap.patch
Patch6127: backport-lscpu-use-topology-maps-in-more-robust-way.patch
Patch6128: backport-hexdump-check-blocksize-when-display-data.patch
Patch6129: backport-lslocks-fix-buffer-overflow.patch
Patch6130: backport-last-avoid-out-of-bounds-array-access.patch
Patch6131: backport-lsipc-fix-semaphore-USED-counter.patch
Patch9000: Add-check-to-resolve-uname26-version-test-failed.patch
Patch9001: SKIPPED-no-root-permissions-test.patch
@ -519,6 +523,16 @@ fi
%{_mandir}/man8/{swapoff.8*,swapon.8*,switch_root.8*,umount.8*,wdctl.8.gz,wipefs.8*,zramctl.8*}
%changelog
* Tue May 7 2024 zhangyao <zhangyao108@huawei.com> - 2.37.2-31
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:sync community patches
backport-hexdump-check-blocksize-when-display-data.patch
backport-lslocks-fix-buffer-overflow.patch
backport-last-avoid-out-of-bounds-array-access.patch
backport-lsipc-fix-semaphore-USED-counter.patch
* Sun Apr 28 2024 zhangyao <zhangyao108@huawei.com> - 2.37.2-30
- Type:bugfix
- CVE:NA