packages/libmaxminddb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!3 fix CVE-2020-28241

Browse Source 
From: @tong_1001
Reviewed-by: @xiezhipeng1
Signed-off-by: @xiezhipeng1
This commit is contained in:
openeuler-ci-bot 2021-07-24 02:45:41 +00:00 committed by Gitee
commit 326a8e837a
3 changed files with 199 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

134
backport-CVE-2020-28241.patch Normal file
View File

@ -0,0 +1,134 @@
From eac45e29196bcde1d123a6035c15d30356bed248 Mon Sep 17 00:00:00 2001
From: Gregory Oschwald <goschwald@maxmind.com>
Date: Wed, 5 Aug 2020 14:16:17 -0700
Subject: [PATCH] Replace most malloc uses with calloc
Closes #236.
---
bin/mmdblookup.c | 2 +-
doc/libmaxminddb.md | 2 +-
src/maxminddb.c | 19 +++++++++++--------
3 files changed, 13 insertions(+), 10 deletions(-)
diff --git a/bin/mmdblookup.c b/bin/mmdblookup.c
index 26267c4..7f78773 100644
--- a/bin/mmdblookup.c
+++ b/bin/mmdblookup.c
@@ -184,7 +184,7 @@ LOCAL const char **get_options(int argc, char **argv, char **mmdb_file,
}
const char **lookup_path =
- malloc(sizeof(const char *) * ((argc - optind) + 1));
+ calloc((argc - optind) + 1, sizeof(const char *));
int i;
for (i = 0; i < argc - optind; i++) {
lookup_path[i] = argv[i + optind];
diff --git a/doc/libmaxminddb.md b/doc/libmaxminddb.md
index ebeb7c5..a8385e0 100644
--- a/doc/libmaxminddb.md
+++ b/doc/libmaxminddb.md
@@ -302,7 +302,7 @@ libmaxminddb code.
The `utf8_string`, `bytes`, and (maybe) the `uint128` members of this structure
are all pointers directly into the database's data section. This can either be
-a `malloc`'d or `mmap`'d block of memory. In either case, these pointers will
+a `calloc`'d or `mmap`'d block of memory. In either case, these pointers will
become invalid after `MMDB_close()` is called.
If you need to refer to this data after that time you should copy the data
diff --git a/src/maxminddb.c b/src/maxminddb.c
index 1cf2cbc..f8bbecb 100644
--- a/src/maxminddb.c
+++ b/src/maxminddb.c
@@ -34,7 +34,7 @@
do { \
char *binary = byte_to_binary(byte); \
if (NULL == binary) { \
- fprintf(stderr, "Malloc failed in DEBUG_BINARY\n"); \
+ fprintf(stderr, "Calloc failed in DEBUG_BINARY\n"); \
abort(); \
} \
fprintf(stderr, fmt "\n", binary); \
@@ -53,7 +53,7 @@
#ifdef MMDB_DEBUG
DEBUG_FUNC char *byte_to_binary(uint8_t byte)
{
- char *bits = malloc(sizeof(char) * 9);
+ char *bits = calloc(9, sizeof(char));
if (NULL == bits) {
return bits;
}
@@ -658,7 +658,7 @@ LOCAL int populate_languages_metadata(MMDB_s *mmdb, MMDB_s *metadata_db,
MMDB_INVALID_METADATA_ERROR);
mmdb->metadata.languages.count = 0;
- mmdb->metadata.languages.names = malloc(array_size * sizeof(char *));
+ mmdb->metadata.languages.names = calloc(array_size, sizeof(char *));
if (NULL == mmdb->metadata.languages.names) {
return MMDB_OUT_OF_MEMORY_ERROR;
}
@@ -676,7 +676,7 @@ LOCAL int populate_languages_metadata(MMDB_s *mmdb, MMDB_s *metadata_db,
if (NULL == mmdb->metadata.languages.names[i]) {
return MMDB_OUT_OF_MEMORY_ERROR;
}
- // We assign this as we go so that if we fail a malloc and need to
+ // We assign this as we go so that if we fail a calloc and need to
// free it, the count is right.
mmdb->metadata.languages.count = i + 1;
}
@@ -728,7 +728,7 @@ LOCAL int populate_description_metadata(MMDB_s *mmdb, MMDB_s *metadata_db,
MMDB_INVALID_METADATA_ERROR);
mmdb->metadata.description.descriptions =
- malloc(map_size * sizeof(MMDB_description_s *));
+ calloc(map_size, sizeof(MMDB_description_s *));
if (NULL == mmdb->metadata.description.descriptions) {
status = MMDB_OUT_OF_MEMORY_ERROR;
goto cleanup;
@@ -736,7 +736,7 @@ LOCAL int populate_description_metadata(MMDB_s *mmdb, MMDB_s *metadata_db,
for (uint32_t i = 0; i < map_size; i++) {
mmdb->metadata.description.descriptions[i] =
- malloc(sizeof(MMDB_description_s));
+ calloc(1, sizeof(MMDB_description_s));
if (NULL == mmdb->metadata.description.descriptions[i]) {
status = MMDB_OUT_OF_MEMORY_ERROR;
goto cleanup;
@@ -1140,7 +1140,7 @@ int MMDB_vget_value(MMDB_entry_s *const start,
MAYBE_CHECK_SIZE_OVERFLOW(length, SIZE_MAX / sizeof(const char *) - 1,
MMDB_INVALID_METADATA_ERROR);
- const char **path = malloc((length + 1) * sizeof(const char *));
+ const char **path = calloc(length + 1, sizeof(const char *));
if (NULL == path) {
return MMDB_OUT_OF_MEMORY_ERROR;
}
@@ -2000,6 +2000,7 @@ LOCAL MMDB_entry_data_list_s *dump_entry_data_list(
char *hex_string =
bytes_to_hex((uint8_t *)entry_data_list->entry_data.bytes,
entry_data_list->entry_data.data_size);
+
if (NULL == hex_string) {
*status = MMDB_OUT_OF_MEMORY_ERROR;
return NULL;
@@ -2093,7 +2094,7 @@ LOCAL char *bytes_to_hex(uint8_t *bytes, uint32_t size)
char *hex_string;
MAYBE_CHECK_SIZE_OVERFLOW(size, SIZE_MAX / 2 - 1, NULL);
- hex_string = malloc((size * 2) + 1);
+ hex_string = calloc((size * 2) + 1, sizeof(char));
if (NULL == hex_string) {
return NULL;
}
@@ -2102,6 +2103,8 @@ LOCAL char *bytes_to_hex(uint8_t *bytes, uint32_t size)
sprintf(hex_string + (2 * i), "%02X", bytes[i]);
}
+
+
return hex_string;
}
--
1.8.3.1

57
backport-Check-all-calloc-malloc-return-values.patch Normal file
View File

@ -0,0 +1,57 @@
From ec946c10d7bdad4215185b49d672d1508e0af4b1 Mon Sep 17 00:00:00 2001
From: Gregory Oschwald <goschwald@maxmind.com>
Date: Wed, 17 Feb 2021 14:18:06 -0800
Subject: [PATCH] Check all calloc/malloc return values. Closes #252.
---
bin/mmdblookup.c | 4 ++++
t/basic_lookup_t.c | 3 +++
t/threads_t.c | 3 +++
3 files changed, 10 insertions(+)
diff --git a/bin/mmdblookup.c b/bin/mmdblookup.c
index 7f78773..9a8eb67 100644
--- a/bin/mmdblookup.c
+++ b/bin/mmdblookup.c
@@ -185,6 +185,10 @@ LOCAL const char **get_options(int argc, char **argv, char **mmdb_file,
const char **lookup_path =
calloc((argc - optind) + 1, sizeof(const char *));
+ if (!lookup_path) {
+ fprintf(stderr, "calloc(): %s\n", strerror(errno));
+ exit(1);
+ }
int i;
for (i = 0; i < argc - optind; i++) {
lookup_path[i] = argv[i + optind];
diff --git a/t/basic_lookup_t.c b/t/basic_lookup_t.c
index 7855919..5da0673 100644
--- a/t/basic_lookup_t.c
+++ b/t/basic_lookup_t.c
@@ -31,6 +31,9 @@ void test_one_result(MMDB_s *mmdb, MMDB_lookup_result_s result,
// something like "::1.2.3.4", not just "1.2.3.4".
int maxlen = strlen(expect) + 3;
real_expect = malloc(maxlen);
+ if (!real_expect) {
+ BAIL_OUT("could not allocate memory");
+ }
snprintf(real_expect, maxlen, "::%s", expect);
}
diff --git a/t/threads_t.c b/t/threads_t.c
index 23cd0ee..be060d3 100644
--- a/t/threads_t.c
+++ b/t/threads_t.c
@@ -68,6 +68,9 @@ void *run_one_thread(void *arg)
const char *ip = thread_arg->ip_to_lookup;
test_result_s *result = malloc(sizeof(test_result_s));
+ if (!result) {
+ BAIL_OUT("could not allocate memory");
+ }
test_one_ip(mmdb, ip, result);
pthread_exit((void *)result);
--
1.8.3.1

10
libmaxminddb.spec
View File

@ -1,11 +1,14 @@
Name: libmaxminddb
Version: 1.2.0
Release: 7
Release: 8
Summary: C library for working with MaxMind DB files
License: ASL 2.0 and BSD
URL: https://github.com/maxmind/libmaxminddb
Source0: https://github.com/maxmind/%{name}/releases/download/%{version}/%{name}-%{version}.tar.gz
Patch6000: backport-CVE-2020-28241.patch
Patch6001: backport-Check-all-calloc-malloc-return-values.patch
BuildRequires: gcc perl-interpreter
%description
@ -35,7 +38,7 @@ Summary: man information and changelog document for user
the help package include man information and changelog document for user.
%prep
%autosetup
%autosetup -p1
%build
%configure --disable-static
@ -69,5 +72,8 @@ LD_PRELOAD=%{buildroot}%{_libdir}/libmaxminddb.so make check
%{_mandir}/man3/*
%changelog
* Sat Jul 24 2021 shixuantong <shixuantong@huawei.com> - 1.2.0-8
- fix CVE-2020-28241
* Tue Sep 3 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.2.0-7
- Package init