diff options
| author |   Sergei Trofimovich <slyfox@gentoo.org> | 2017-03-25 16:07:40 +0000 |
|---|---|---|
| committer | Sergei Trofimovich <slyfox@gentoo.org> | 2017-03-25 16:07:40 +0000 |
| commit | 83209f33a128ec7f48adbfad813cfbc13a2fd444 (patch) | |
| tree | 0cb1718468be78966008a9150bfb0f20d52af8f1 /dev-libs/capstone/files | |
| parent | sys-fs/btrfs-progs: bump up to 4.9.1 and 4.10, bug #612464 (diff) | |
| download | gentoo-83209f33a128ec7f48adbfad813cfbc13a2fd444.tar.gz gentoo-83209f33a128ec7f48adbfad813cfbc13a2fd444.tar.bz2 gentoo-83209f33a128ec7f48adbfad813cfbc13a2fd444.zip | |
dev-libs/capstone: bump up to 3.0.5-rc2, fix CVE-2017-6952, bug #612912
I don't believe 3.0.4 is affected:
- it's a vulnerability in windows kernel driver. Not something you can easily build in gentoo today as it requires MSVS to build a driver
- the windows code was added in capstone-3.0.5-rc1. It's not present in 3.0.4 in gentoo at all
But not to forget about the vulnerability on next bump
I'm bumping up to vilnerable release candidate and applying
the upstream patch to fix CVE-2017-6952.
Reported-by: Agostino Sarubbo
Bug: https://bugs.gentoo.org/612912
Package-Manager: Portage-2.3.5, Repoman-2.3.2
Diffstat (limited to 'dev-libs/capstone/files')
| -rw-r--r-- | dev-libs/capstone/files/capstone-3.0.5_rc2-CVE-2017-6952.patch | 41 | ||||
| -rw-r--r-- | dev-libs/capstone/files/capstone-3.0.5_rc2-FLAGS.patch | 16 |
2 files changed, 57 insertions, 0 deletions
diff --git a/dev-libs/capstone/files/capstone-3.0.5_rc2-CVE-2017-6952.patch b/dev-libs/capstone/files/capstone-3.0.5_rc2-CVE-2017-6952.patch new file mode 100644 index 000000000000..ba16126f7411 --- /dev/null +++ b/dev-libs/capstone/files/capstone-3.0.5_rc2-CVE-2017-6952.patch @@ -0,0 +1,41 @@ +commit 6fe86eef621b9849f51a5e1e5d73258a93440403 +Author: Quang Nguyễn <quangnh89@users.noreply.github.com> +Date: Mon Mar 13 22:34:48 2017 +0700 + + provide a validity check to prevent against Integer overflow conditions (#870) + + * provide a validity check to prevent against Integer overflow conditions + + * fix some style issues. + +diff --git a/windows/winkernel_mm.c b/windows/winkernel_mm.c +index c127da3a..ecdc1ca2 100644 +--- a/windows/winkernel_mm.c ++++ b/windows/winkernel_mm.c +@@ -3,6 +3,7 @@ + + #include "winkernel_mm.h" + #include <ntddk.h> ++#include <Ntintsafe.h> + + // A pool tag for memory allocation + static const ULONG CS_WINKERNEL_POOL_TAG = 'kwsC'; +@@ -33,8 +34,16 @@ void * CAPSTONE_API cs_winkernel_malloc(size_t size) + + // FP; a use of NonPagedPool is required for Windows 7 support + #pragma prefast(suppress : 30030) // Allocating executable POOL_TYPE memory +- CS_WINKERNEL_MEMBLOCK *block = (CS_WINKERNEL_MEMBLOCK *)ExAllocatePoolWithTag( +- NonPagedPool, size + sizeof(CS_WINKERNEL_MEMBLOCK), CS_WINKERNEL_POOL_TAG); ++ size_t number_of_bytes = 0; ++ CS_WINKERNEL_MEMBLOCK *block = NULL; ++ // A specially crafted size value can trigger the overflow. ++ // If the sum in a value that overflows or underflows the capacity of the type, ++ // the function returns NULL. ++ if (!NT_SUCCESS(RtlSizeTAdd(size, sizeof(CS_WINKERNEL_MEMBLOCK), &number_of_bytes))) { ++ return NULL; ++ } ++ block = (CS_WINKERNEL_MEMBLOCK *)ExAllocatePoolWithTag( ++ NonPagedPool, number_of_bytes, CS_WINKERNEL_POOL_TAG); + if (!block) { + return NULL; + } diff --git a/dev-libs/capstone/files/capstone-3.0.5_rc2-FLAGS.patch b/dev-libs/capstone/files/capstone-3.0.5_rc2-FLAGS.patch new file mode 100644 index 000000000000..4be2ed4ba0e6 --- /dev/null +++ b/dev-libs/capstone/files/capstone-3.0.5_rc2-FLAGS.patch @@ -0,0 +1,16 @@ +Add support for user overridden CFLAGS and LDFLAGS +diff --git a/cstool/Makefile b/cstool/Makefile +index 450ac1b..3cf2a81 100644 +--- a/cstool/Makefile ++++ b/cstool/Makefile +@@ -3,2 +3,3 @@ + include ../functions.mk ++include ../config.mk + +@@ -8,4 +9,4 @@ LIBNAME = capstone + +-CFLAGS = -I../include +-LDFLAGS = -O3 -Wall -L.. -l$(LIBNAME) ++CFLAGS += -I../include ++LDFLAGS += -Wall -L.. -l$(LIBNAME) + |