From 1b9bc5c16220b37f79f7aa9dc549d88758dc578a Mon Sep 17 00:00:00 2001 From: zhouwenpei Date: Tue, 7 Dec 2021 20:33:25 +0800 Subject: [PATCH] fix CVE-2021-43618 (cherry picked from commit 9ece62b95e194bee1b8cb3d07c3c185be209370f) --- 0001-CVE-2021-43618.patch | 34 ++++++++++++++++++++++++++++++++++ gmp.spec | 7 ++++++- 2 files changed, 40 insertions(+), 1 deletion(-) create mode 100644 0001-CVE-2021-43618.patch diff --git a/0001-CVE-2021-43618.patch b/0001-CVE-2021-43618.patch new file mode 100644 index 0000000..f015ca0 --- /dev/null +++ b/0001-CVE-2021-43618.patch @@ -0,0 +1,34 @@ +From 561a9c25298e17bb01896801ff353546c6923dbd Mon Sep 17 00:00:00 2001 +From: Marco Bodrato +Date: Thu, 21 Oct 2021 19:06:49 +0200 +Subject: [PATCH] CVE-2021-43618: GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms. + +This patch fixes it by avoiding bit size overflows + +CVE-2021-43618 +https://nvd.nist.gov/vuln/detail/CVE-2021-43618 + +--- + mpz/inp_raw.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/mpz/inp_raw.c b/mpz/inp_raw.c +index 378c42b..f88fea9 100644 +--- a/mpz/inp_raw.c ++++ b/mpz/inp_raw.c +@@ -88,8 +88,11 @@ mpz_inp_raw (mpz_ptr x, FILE *fp) + + abs_csize = ABS (csize); + ++ if (UNLIKELY (abs_csize > ~(mp_bitcnt_t) 0 / 8)) ++ return 0; /* Bit size overflows */ ++ + /* round up to a multiple of limbs */ +- abs_xsize = BITS_TO_LIMBS (abs_csize*8); ++ abs_xsize = BITS_TO_LIMBS ((mp_bitcnt_t) abs_csize * 8); + + if (abs_xsize != 0) + { +-- +2.27.0 + diff --git a/gmp.spec b/gmp.spec index 8498e0f..8607591 100644 --- a/gmp.spec +++ b/gmp.spec @@ -1,6 +1,6 @@ Name: gmp Version: 6.2.0 -Release: 1 +Release: 2 Epoch: 1 URL: https://gmplib.org Source0: https://gmplib.org/download/gmp/gmp-%{version}.tar.bz2 @@ -8,6 +8,8 @@ License: LGPLv3 and GPLv2 BuildRequires: autoconf automake libtool gcc gcc-c++ git perl-Carp Summary: A GNU multiple precision arithmetic library +Patch1: 0001-CVE-2021-43618.patch + %description GMP is a portable library written in C for arbitrary precision arithmetic on integers, rational numbers, and floating-point numbers. It aims to provide @@ -97,6 +99,9 @@ make %{?_smp_mflags} check %{_libdir}/pkgconfig/gmpxx.pc %changelog +* Tue Dec 7 2021 zhouwenpei - 6.2.0-2 +- fix CVE-2021-43618 + * Fri Apr 17 2020 yuxiangyang - 1:6.2.0-1 - Upgrade to 6.2.0 -- Gitee