97 lines
2.4 KiB
Diff
97 lines
2.4 KiB
Diff
From af780dd2298ac8faed43d688a44287fae6aeed0d Mon Sep 17 00:00:00 2001
|
|
From: Daiki Ueno <ueno@gnu.org>
|
|
Date: Sat, 15 Mar 2025 00:36:00 +0800
|
|
Subject: [PATCH 1/2] mem: add _gnutls_reallocarray and
|
|
_gnutls_reallocarray_fast
|
|
|
|
CVE: CVE-2024-12243
|
|
|
|
Reference to upstream patch:
|
|
https://gitlab.com/gnutls/gnutls/-/commit/94d2192a37efc9b94f59fb0ba474a7be8b6895d4
|
|
|
|
[sbg: patch was slightly adjusted for 3.6.14 context
|
|
_gnutls_reallocarray is needed by CVE-2024-12243 patch]
|
|
|
|
Signed-off-by: baogen shang <baogen.shang@windriver.com>
|
|
---
|
|
lib/mem.c | 24 ++++++++++++++++++++++++
|
|
lib/mem.h | 7 +++++--
|
|
2 files changed, 29 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/lib/mem.c b/lib/mem.c
|
|
index 32cab5a..c2f05ad 100644
|
|
--- a/lib/mem.c
|
|
+++ b/lib/mem.c
|
|
@@ -24,6 +24,7 @@
|
|
#include "errors.h"
|
|
#include <num.h>
|
|
#include <xsize.h>
|
|
+#include "../src/gl/xalloc-oversized.h"
|
|
|
|
gnutls_alloc_function gnutls_secure_malloc = malloc;
|
|
gnutls_alloc_function gnutls_malloc = malloc;
|
|
@@ -61,6 +62,23 @@ void *gnutls_realloc_fast(void *ptr, size_t size)
|
|
return ret;
|
|
}
|
|
|
|
+/* This will free ptr in case reallocarray fails.
|
|
+ */
|
|
+void *_gnutls_reallocarray_fast(void *ptr, size_t nmemb, size_t size)
|
|
+{
|
|
+ void *ret;
|
|
+
|
|
+ if (size == 0)
|
|
+ return ptr;
|
|
+
|
|
+ ret = _gnutls_reallocarray(ptr, nmemb, size);
|
|
+ if (ret == NULL) {
|
|
+ gnutls_free(ptr);
|
|
+ }
|
|
+
|
|
+ return ret;
|
|
+}
|
|
+
|
|
char *_gnutls_strdup(const char *str)
|
|
{
|
|
size_t siz;
|
|
@@ -77,6 +95,12 @@ char *_gnutls_strdup(const char *str)
|
|
return ret;
|
|
}
|
|
|
|
+void *_gnutls_reallocarray(void *ptr, size_t nmemb, size_t size)
|
|
+{
|
|
+ return xalloc_oversized(nmemb, size) ? NULL :
|
|
+ gnutls_realloc(ptr, nmemb * size);
|
|
+}
|
|
+
|
|
#if 0
|
|
/* don't use them. They are included for documentation.
|
|
*/
|
|
diff --git a/lib/mem.h b/lib/mem.h
|
|
index dc838a2..ec96578 100644
|
|
--- a/lib/mem.h
|
|
+++ b/lib/mem.h
|
|
@@ -25,14 +25,17 @@
|
|
|
|
#include <config.h>
|
|
|
|
-/* this realloc function will return ptr if size==0, and
|
|
- * will free the ptr if the new allocation failed.
|
|
+/* These realloc functions will return ptr if size==0, and will free
|
|
+ * the ptr if the new allocation failed.
|
|
*/
|
|
void *gnutls_realloc_fast(void *ptr, size_t size);
|
|
+void *_gnutls_reallocarray_fast(void *ptr, size_t nmemb, size_t size);
|
|
|
|
void *_gnutls_calloc(size_t nmemb, size_t size);
|
|
char *_gnutls_strdup(const char *);
|
|
|
|
+void *_gnutls_reallocarray(void *, size_t, size_t);
|
|
+
|
|
unsigned _gnutls_mem_is_zero(const uint8_t *ptr, unsigned size);
|
|
|
|
/* To avoid undefined behavior when s1 or s2 are null and n = 0 */
|
|
--
|
|
2.27.0
|
|
|