poky/meta/recipes-devtools/nasm/nasm/CVE-2022-44370.patch - openbmc/openbmc - Gitiles

 From b37677f7e40276bd8f504584bcba2c092f1146a8 Mon Sep 17 00:00:00 2001
 From: "H. Peter Anvin" <hpa@zytor.com>
 Date: Mon, 7 Nov 2022 10:26:03 -0800
 Subject: [PATCH] quote_for_pmake: fix counter underrun resulting in segfault

 while (nbs--) { ... } ends with nbs == -1. Rather than a minimal fix,
 introduce mempset() to make these kinds of errors less likely in the
 future.

 Fixes: https://bugzilla.nasm.us/show_bug.cgi?id=3392815
 Reported-by: <13579and24680@gmail.com>
 Signed-off-by: H. Peter Anvin <hpa@zytor.com>

 Upstream-Status: Backport
 CVE: CVE-2022-4437

 Reference to upstream patch:
 [https://github.com/netwide-assembler/nasm/commit/2d4e6952417ec6f08b6f135d2b5d0e19b7dae30d]

 Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
 ---
  asm/nasm.c         | 12 +++++-------
  configure.ac       |  1 +
  include/compiler.h |  7 +++++++
  3 files changed, 13 insertions(+), 7 deletions(-)

 diff --git a/asm/nasm.c b/asm/nasm.c
 index 7a7f8b4..675cff4 100644
 --- a/asm/nasm.c
 +++ b/asm/nasm.c
 @@ -1,6 +1,6 @@
  /* ----------------------------------------------------------------------- *
   *
 - *   Copyright 1996-2020 The NASM Authors - All Rights Reserved
 + *   Copyright 1996-2022 The NASM Authors - All Rights Reserved
   *   See the file AUTHORS included with the NASM distribution for
   *   the specific copyright holders.
   *
 @@ -814,8 +814,7 @@ static char *quote_for_pmake(const char *str)
      }

      /* Convert N backslashes at the end of filename to 2N backslashes */
 -    if (nbs)
 -        n += nbs;
 +    n += nbs;

      os = q = nasm_malloc(n);

 @@ -824,10 +823,10 @@ static char *quote_for_pmake(const char *str)
          switch (*p) {
          case ' ':
          case '\t':
 -            while (nbs--)
 -                *q++ = '\\';
 +            q = mempset(q, '\\', nbs);
              *q++ = '\\';
              *q++ = *p;
 +            nbs = 0;
              break;
          case '$':
              *q++ = *p;
 @@ -849,9 +848,8 @@ static char *quote_for_pmake(const char *str)
              break;
          }
      }
 -    while (nbs--)
 -        *q++ = '\\';

 +    q = mempset(q, '\\', nbs);
      *q = '\0';

      return os;
 diff --git a/configure.ac b/configure.ac
 index 39680b1..940ebe2 100644
 --- a/configure.ac
 +++ b/configure.ac
 @@ -199,6 +199,7 @@ AC_CHECK_FUNCS(strrchrnul)
  AC_CHECK_FUNCS(iscntrl)
  AC_CHECK_FUNCS(isascii)
  AC_CHECK_FUNCS(mempcpy)
 +AC_CHECK_FUNCS(mempset)

  AC_CHECK_FUNCS(getuid)
  AC_CHECK_FUNCS(getgid)
 diff --git a/include/compiler.h b/include/compiler.h
 index db3d6d6..b64da6a 100644
 --- a/include/compiler.h
 +++ b/include/compiler.h
 @@ -256,6 +256,13 @@ static inline void *mempcpy(void *dst, const void *src, size_t n)
  }
  #endif

 +#ifndef HAVE_MEMPSET
 +static inline void *mempset(void *dst, int c, size_t n)
 +{
 +    return (char *)memset(dst, c, n) + n;
 +}
 +#endif
 +
  /*
   * Hack to support external-linkage inline functions
   */
 --
 2.40.0
	From b37677f7e40276bd8f504584bcba2c092f1146a8 Mon Sep 17 00:00:00 2001
	From: "H. Peter Anvin" <hpa@zytor.com>
	Date: Mon, 7 Nov 2022 10:26:03 -0800
	Subject: [PATCH] quote_for_pmake: fix counter underrun resulting in segfault

	while (nbs--) { ... } ends with nbs == -1. Rather than a minimal fix,
	introduce mempset() to make these kinds of errors less likely in the
	future.

	Fixes: https://bugzilla.nasm.us/show_bug.cgi?id=3392815
	Reported-by: <13579and24680@gmail.com>
	Signed-off-by: H. Peter Anvin <hpa@zytor.com>

	Upstream-Status: Backport
	CVE: CVE-2022-4437

	Reference to upstream patch:
	[https://github.com/netwide-assembler/nasm/commit/2d4e6952417ec6f08b6f135d2b5d0e19b7dae30d]

	Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
	---
	asm/nasm.c \| 12 +++++-------
	configure.ac \| 1 +
	include/compiler.h \| 7 +++++++
	3 files changed, 13 insertions(+), 7 deletions(-)

	diff --git a/asm/nasm.c b/asm/nasm.c
	index 7a7f8b4..675cff4 100644
	--- a/asm/nasm.c
	+++ b/asm/nasm.c
	@@ -1,6 +1,6 @@
	/* ----------------------------------------------------------------------- *
	*
	- * Copyright 1996-2020 The NASM Authors - All Rights Reserved
	+ * Copyright 1996-2022 The NASM Authors - All Rights Reserved
	* See the file AUTHORS included with the NASM distribution for
	* the specific copyright holders.
	*
	@@ -814,8 +814,7 @@ static char quote_for_pmake(const char str)
	}

	/* Convert N backslashes at the end of filename to 2N backslashes */
	- if (nbs)
	- n += nbs;
	+ n += nbs;

	os = q = nasm_malloc(n);

	@@ -824,10 +823,10 @@ static char quote_for_pmake(const char str)
	switch (*p) {
	case ' ':
	case '\t':
	- while (nbs--)
	- *q++ = '\\';
	+ q = mempset(q, '\\', nbs);
	*q++ = '\\';
	q++ = p;
	+ nbs = 0;
	break;
	case '$':
	q++ = p;
	@@ -849,9 +848,8 @@ static char quote_for_pmake(const char str)
	break;
	}
	}
	- while (nbs--)
	- *q++ = '\\';

	+ q = mempset(q, '\\', nbs);
	*q = '\0';

	return os;
	diff --git a/configure.ac b/configure.ac
	index 39680b1..940ebe2 100644
	--- a/configure.ac
	+++ b/configure.ac
	@@ -199,6 +199,7 @@ AC_CHECK_FUNCS(strrchrnul)
	AC_CHECK_FUNCS(iscntrl)
	AC_CHECK_FUNCS(isascii)
	AC_CHECK_FUNCS(mempcpy)
	+AC_CHECK_FUNCS(mempset)

	AC_CHECK_FUNCS(getuid)
	AC_CHECK_FUNCS(getgid)
	diff --git a/include/compiler.h b/include/compiler.h
	index db3d6d6..b64da6a 100644
	--- a/include/compiler.h
	+++ b/include/compiler.h
	@@ -256,6 +256,13 @@ static inline void mempcpy(void dst, const void *src, size_t n)
	}
	#endif

	+#ifndef HAVE_MEMPSET
	+static inline void mempset(void dst, int c, size_t n)
	+{
	+ return (char *)memset(dst, c, n) + n;
	+}
	+#endif
	+
	/*
	* Hack to support external-linkage inline functions
	*/
	--
	2.40.0