[Buildroot] [git commit] package/gmp: fix CVE-2021-43618
Arnout Vandecappelle (Essensium/Mind)
arnout at mind.be
Thu Nov 25 19:48:49 UTC 2021
commit: https://git.buildroot.net/buildroot/commit/?id=9d0536d82d722f46c235ab99e916c4ab67f46292
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an
mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted
input, leading to a segmentation fault on 32-bit platforms.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout at mind.be>
---
...01-mpz-inp_raw.c-Avoid-bit-size-overflows.patch | 27 ++++++++++++++++++++++
package/gmp/gmp.mk | 3 +++
2 files changed, 30 insertions(+)
diff --git a/package/gmp/0001-mpz-inp_raw.c-Avoid-bit-size-overflows.patch b/package/gmp/0001-mpz-inp_raw.c-Avoid-bit-size-overflows.patch
new file mode 100644
index 0000000000..0003f342c3
--- /dev/null
+++ b/package/gmp/0001-mpz-inp_raw.c-Avoid-bit-size-overflows.patch
@@ -0,0 +1,27 @@
+# HG changeset patch
+# User Marco Bodrato <bodrato at mail.dm.unipi.it>
+# Date 1634836009 -7200
+# Node ID 561a9c25298e17bb01896801ff353546c6923dbd
+# Parent e1fd9db13b475209a864577237ea4b9105b3e96e
+mpz/inp_raw.c: Avoid bit size overflows
+
+[Retrieved from: https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e]
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
+
+diff -r e1fd9db13b47 -r 561a9c25298e mpz/inp_raw.c
+--- a/mpz/inp_raw.c Tue Dec 22 23:49:51 2020 +0100
++++ b/mpz/inp_raw.c Thu Oct 21 19:06:49 2021 +0200
+@@ -88,8 +88,11 @@
+
+ abs_csize = ABS (csize);
+
++ if (UNLIKELY (abs_csize > ~(mp_bitcnt_t) 0 / 8))
++ return 0; /* Bit size overflows */
++
+ /* round up to a multiple of limbs */
+- abs_xsize = BITS_TO_LIMBS (abs_csize*8);
++ abs_xsize = BITS_TO_LIMBS ((mp_bitcnt_t) abs_csize * 8);
+
+ if (abs_xsize != 0)
+ {
+
diff --git a/package/gmp/gmp.mk b/package/gmp/gmp.mk
index 5e16ef1916..9b402767fd 100644
--- a/package/gmp/gmp.mk
+++ b/package/gmp/gmp.mk
@@ -14,6 +14,9 @@ GMP_CPE_ID_VENDOR = gmplib
GMP_DEPENDENCIES = host-m4
HOST_GMP_DEPENDENCIES = host-m4
+# 0001-mpz-inp_raw.c-Avoid-bit-size-overflows.patch
+GMP_IGNORE_CVES += CVE-2021-43618
+
# GMP doesn't support assembly for coldfire or mips r6 ISA yet
# Disable for ARM v7m since it has different asm constraints
ifeq ($(BR2_m68k_cf)$(BR2_MIPS_CPU_MIPS32R6)$(BR2_MIPS_CPU_MIPS64R6)$(BR2_ARM_CPU_ARMV7M),y)
More information about the buildroot
mailing list