Hi abhijith,
On Wed, May 30, 2018 at 10:56:20PM +0530, Abhijith PA wrote:
> I've prepared update for procps. Patches are backported from
> procps_3.3.9-9+deb8u1 (jessie). Debdiff is attached. I was able to
> install it on a clean machine and ran some procps commands. Please
> review and upload.
> +++ procps-3.3.3/debian/patches/CVE-2018-1122.patch 2018-05-30 17:05:28.000000000 +0000
> +++ procps-3.3.3/debian/patches/CVE-2018-1123.patch 2018-05-30 16:49:19.000000000 +0000
> +++ procps-3.3.3/debian/patches/CVE-2018-1124.patch 2018-05-30 16:49:20.000000000 +0000
these look good to me.
> +++ procps-3.3.3/debian/patches/CVE-2018-1125.patch 2018-05-30 16:49:18.000000000 +0000
> + } else {
> + strcpy (cmd, task.cmd);
this hunk is not present in
debian/patches/0008-pgrep-Prevent-a-potential-stack-based-buffer-overflo.patch
from the jessie update. can you explain?
> --- procps-3.3.3/debian/patches/CVE-2018-1126.patch 1970-01-01 00:00:00.000000000 +0000
> ++++ procps-3.3.3/proc/alloc.c
> +@@ -80,10 +80,14 @@ char *xstrdup(const char *str) {
> + char *p = NULL;
> +
> + if (str) {
> +- unsigned int size = strlen(str) + 1;
> ++ size_t size = strlen(str) + 1;
> ++ if (size < 1) {
> ++ xalloc_err_handler("%s refused to allocate %zu bytes of memory", __func__, size);
> ++ exit(EXIT_FAILURE);
> ++ }
> + p = malloc(size);
> + if (!p) {
> +- xalloc_err_handler("%s failed to allocate %u bytes of memory", __func__, size);
> ++ xalloc_err_handler("%s failed to allocate %zu bytes of memory", __func__, size);
> + exit(EXIT_FAILURE);
> + }
> + strcpy(p, str);
here, debian/patches/0035-proc-alloc.-Use-size_t-not-unsigned-int.patch
from jessie has
< - strcpy(p, str);
< + memcpy(p, str, size);
why did you remove that memcpy in procps-3.3.3/debian/patches/CVE-2018-1126.patch ?
as said: rest looks good to me :)
--
cheers,
Holger
Attachment:
signature.asc
Description: PGP signature