mirrors/aports
1
0
Fork 0
mirror of https://gitlab.alpinelinux.org/alpine/aports.git synced 2026-05-05 20:36:40 +02:00
Code Issues Packages Projects Releases Wiki Activity

main/libmaxminddb: fix CVE-2020-28241

Browse Source 
See: #12251
This commit is contained in:
Leo 2020-12-29 09:04:35 -03:00
parent 0c4f67eafe
commit 46bfe57e1d
2 changed files with 126 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
main/libmaxminddb/APKBUILD
View File

@ -1,7 +1,7 @@
# Maintainer: Timo Teräs <timo.teras@iki.fi>
pkgname=libmaxminddb
pkgver=1.3.2
pkgrel=0
pkgrel=1
pkgdesc="Maxmind GeoIP2 database library"
url="https://github.com/maxmind/libmaxminddb"
arch="all"
@ -14,9 +14,13 @@ subpackages="$pkgname-dev $pkgname-doc"
source="$url/releases/download/$pkgver/$pkgname-$pkgver.tar.gz
libmaxminddb.cron
libmaxminddb.confd
CVE-2020-28241.patch
"
builddir="$srcdir"/$pkgname-$pkgver
# secfixes:
# 1.3.2-r1:
# - CVE-2020-28241
build() {
cd "$builddir"
@ -45,4 +49,5 @@ package() {
sha512sums="906e80531a901091fd9f88075ece5189b0885400216ea994889d9250dd37ead14e00dc14ca2a38eb2100e4814d0eb3a205ba1618606f1375ab0dcc3981097115 libmaxminddb-1.3.2.tar.gz
1feb1f2dd57991d729b6f9d29834f43d7405038cdbdfb0113a0e8f8f951a74c5e40651f9d241460f110acdd300196cf580b370e6cec56985cca797ba5610e622 libmaxminddb.cron
5f8dc6dad84cb1d188504a22470acf89542755c0bb3a78e4d3ae4e5bfa49fe64a7d2ee17441084db2710115463d39361df060a74b3a48fc4d8fc5e802afd2099 libmaxminddb.confd"
5f8dc6dad84cb1d188504a22470acf89542755c0bb3a78e4d3ae4e5bfa49fe64a7d2ee17441084db2710115463d39361df060a74b3a48fc4d8fc5e802afd2099 libmaxminddb.confd
a29764b86617e1eb17f2c710d450ee8852fb7b18c28b51d326c026fd2250574454ca9a961a74f1a5270f7b18a62b8bffcefd2f1320f5916ea177245c1581f830 CVE-2020-28241.patch"

119
main/libmaxminddb/CVE-2020-28241.patch Normal file
View File

@ -0,0 +1,119 @@
diff --git a/bin/mmdblookup.c b/bin/mmdblookup.c
index 030d88c..513ad2d 100644
--- a/bin/mmdblookup.c
+++ b/bin/mmdblookup.c
@@ -263,7 +263,7 @@ LOCAL const char **get_options(
}
const char **lookup_path =
- malloc(sizeof(const char *) * ((argc - optind) + 1));
+ calloc((argc - optind) + 1, sizeof(const char *));
int i;
for (i = 0; i < argc - optind; i++) {
lookup_path[i] = argv[i + optind];
diff --git a/doc/libmaxminddb.md b/doc/libmaxminddb.md
index e6de9d5..15433c3 100644
--- a/doc/libmaxminddb.md
+++ b/doc/libmaxminddb.md
@@ -307,7 +307,7 @@ libmaxminddb code.
The `utf8_string`, `bytes`, and (maybe) the `uint128` members of this structure
are all pointers directly into the database's data section. This can either be
-a `malloc`'d or `mmap`'d block of memory. In either case, these pointers will
+a `calloc`'d or `mmap`'d block of memory. In either case, these pointers will
become invalid after `MMDB_close()` is called.
If you need to refer to this data after that time you should copy the data
diff --git a/src/maxminddb.c b/src/maxminddb.c
index 7580e1e..6801930 100644
--- a/src/maxminddb.c
+++ b/src/maxminddb.c
@@ -35,7 +35,7 @@
do { \
char *binary = byte_to_binary(byte); \
if (NULL == binary) { \
- fprintf(stderr, "Malloc failed in DEBUG_BINARY\n"); \
+ fprintf(stderr, "Calloc failed in DEBUG_BINARY\n"); \
abort(); \
} \
fprintf(stderr, fmt "\n", binary); \
@@ -54,7 +54,7 @@
#ifdef MMDB_DEBUG
DEBUG_FUNC char *byte_to_binary(uint8_t byte)
{
- char *bits = malloc(sizeof(char) * 9);
+ char *bits = calloc(9, sizeof(char));
if (NULL == bits) {
return bits;
}
@@ -687,7 +687,7 @@ LOCAL int populate_languages_metadata(MMDB_s *mmdb, MMDB_s *metadata_db,
MMDB_INVALID_METADATA_ERROR);
mmdb->metadata.languages.count = 0;
- mmdb->metadata.languages.names = malloc(array_size * sizeof(char *));
+ mmdb->metadata.languages.names = calloc(array_size, sizeof(char *));
if (NULL == mmdb->metadata.languages.names) {
return MMDB_OUT_OF_MEMORY_ERROR;
}
@@ -705,7 +705,7 @@ LOCAL int populate_languages_metadata(MMDB_s *mmdb, MMDB_s *metadata_db,
if (NULL == mmdb->metadata.languages.names[i]) {
return MMDB_OUT_OF_MEMORY_ERROR;
}
- // We assign this as we go so that if we fail a malloc and need to
+ // We assign this as we go so that if we fail a calloc and need to
// free it, the count is right.
mmdb->metadata.languages.count = i + 1;
}
@@ -757,7 +757,7 @@ LOCAL int populate_description_metadata(MMDB_s *mmdb, MMDB_s *metadata_db,
MMDB_INVALID_METADATA_ERROR);
mmdb->metadata.description.descriptions =
- malloc(map_size * sizeof(MMDB_description_s *));
+ calloc(map_size, sizeof(MMDB_description_s *));
if (NULL == mmdb->metadata.description.descriptions) {
status = MMDB_OUT_OF_MEMORY_ERROR;
goto cleanup;
@@ -765,7 +765,7 @@ LOCAL int populate_description_metadata(MMDB_s *mmdb, MMDB_s *metadata_db,
for (uint32_t i = 0; i < map_size; i++) {
mmdb->metadata.description.descriptions[i] =
- malloc(sizeof(MMDB_description_s));
+ calloc(1, sizeof(MMDB_description_s));
if (NULL == mmdb->metadata.description.descriptions[i]) {
status = MMDB_OUT_OF_MEMORY_ERROR;
goto cleanup;
@@ -1172,7 +1172,7 @@ int MMDB_vget_value(MMDB_entry_s *const start,
MAYBE_CHECK_SIZE_OVERFLOW(length, SIZE_MAX / sizeof(const char *) - 1,
MMDB_INVALID_METADATA_ERROR);
- const char **path = malloc((length + 1) * sizeof(const char *));
+ const char **path = calloc(length + 1, sizeof(const char *));
if (NULL == path) {
return MMDB_OUT_OF_MEMORY_ERROR;
}
@@ -2037,6 +2037,7 @@ LOCAL MMDB_entry_data_list_s *dump_entry_data_list(
char *hex_string =
bytes_to_hex((uint8_t *)entry_data_list->entry_data.bytes,
entry_data_list->entry_data.data_size);
+
if (NULL == hex_string) {
*status = MMDB_OUT_OF_MEMORY_ERROR;
return NULL;
@@ -2130,7 +2131,7 @@ LOCAL char *bytes_to_hex(uint8_t *bytes, uint32_t size)
char *hex_string;
MAYBE_CHECK_SIZE_OVERFLOW(size, SIZE_MAX / 2 - 1, NULL);
- hex_string = malloc((size * 2) + 1);
+ hex_string = calloc((size * 2) + 1, sizeof(char));
if (NULL == hex_string) {
return NULL;
}
@@ -2139,6 +2140,8 @@ LOCAL char *bytes_to_hex(uint8_t *bytes, uint32_t size)
sprintf(hex_string + (2 * i), "%02X", bytes[i]);
}
+
+
return hex_string;
}