| Patrick Williams | 0ca19cc | 2021-08-16 14:03:13 -0500 | [diff] [blame] | 1 | From 1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c Mon Sep 17 00:00:00 2001 |
| 2 | From: Karel Zak <kzak@redhat.com> |
| 3 | Date: Tue, 27 Jul 2021 11:58:31 +0200 |
| 4 | Subject: [PATCH] sys-utils/ipcutils: be careful when call calloc() for uint64 |
| 5 | nmembs |
| 6 | |
| 7 | Fix: https://github.com/karelzak/util-linux/issues/1395 |
| 8 | Signed-off-by: Karel Zak <kzak@redhat.com> |
| 9 | |
| 10 | CVE: CVE-2021-37600 |
| 11 | Upstream-Status: Backport [1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c] |
| 12 | |
| 13 | Signed-off-by: Dragos-Marian Panait <dragos.panait@windriver.com> |
| 14 | --- |
| 15 | sys-utils/ipcutils.c | 2 +- |
| 16 | 1 file changed, 1 insertion(+), 1 deletion(-) |
| 17 | |
| 18 | diff --git a/sys-utils/ipcutils.c b/sys-utils/ipcutils.c |
| 19 | index e784c4dcb..18868cfd3 100644 |
| 20 | --- a/sys-utils/ipcutils.c |
| 21 | +++ b/sys-utils/ipcutils.c |
| 22 | @@ -218,7 +218,7 @@ static void get_sem_elements(struct sem_data *p) |
| 23 | { |
| 24 | size_t i; |
| 25 | |
| 26 | - if (!p || !p->sem_nsems || p->sem_perm.id < 0) |
| 27 | + if (!p || !p->sem_nsems || p->sem_nsems > SIZE_MAX || p->sem_perm.id < 0) |
| 28 | return; |
| 29 | |
| 30 | p->elements = xcalloc(p->sem_nsems, sizeof(struct sem_elem)); |
| 31 | -- |
| 32 | 2.25.1 |
| 33 | |