diff --git a/main/libmaxminddb/APKBUILD b/main/libmaxminddb/APKBUILD index b85471b7b17..0672840a3d6 100644 --- a/main/libmaxminddb/APKBUILD +++ b/main/libmaxminddb/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Timo Teräs pkgname=libmaxminddb pkgver=1.3.2 -pkgrel=0 +pkgrel=1 pkgdesc="Maxmind GeoIP2 database library" url="https://github.com/maxmind/libmaxminddb" arch="all" @@ -14,9 +14,13 @@ subpackages="$pkgname-dev $pkgname-doc" source="$url/releases/download/$pkgver/$pkgname-$pkgver.tar.gz libmaxminddb.cron libmaxminddb.confd + CVE-2020-28241.patch " builddir="$srcdir"/$pkgname-$pkgver +# secfixes: +# 1.3.2-r1: +# - CVE-2020-28241 build() { cd "$builddir" @@ -45,4 +49,5 @@ package() { sha512sums="906e80531a901091fd9f88075ece5189b0885400216ea994889d9250dd37ead14e00dc14ca2a38eb2100e4814d0eb3a205ba1618606f1375ab0dcc3981097115 libmaxminddb-1.3.2.tar.gz 1feb1f2dd57991d729b6f9d29834f43d7405038cdbdfb0113a0e8f8f951a74c5e40651f9d241460f110acdd300196cf580b370e6cec56985cca797ba5610e622 libmaxminddb.cron -5f8dc6dad84cb1d188504a22470acf89542755c0bb3a78e4d3ae4e5bfa49fe64a7d2ee17441084db2710115463d39361df060a74b3a48fc4d8fc5e802afd2099 libmaxminddb.confd" +5f8dc6dad84cb1d188504a22470acf89542755c0bb3a78e4d3ae4e5bfa49fe64a7d2ee17441084db2710115463d39361df060a74b3a48fc4d8fc5e802afd2099 libmaxminddb.confd +a29764b86617e1eb17f2c710d450ee8852fb7b18c28b51d326c026fd2250574454ca9a961a74f1a5270f7b18a62b8bffcefd2f1320f5916ea177245c1581f830 CVE-2020-28241.patch" diff --git a/main/libmaxminddb/CVE-2020-28241.patch b/main/libmaxminddb/CVE-2020-28241.patch new file mode 100644 index 00000000000..d31eeafa849 --- /dev/null +++ b/main/libmaxminddb/CVE-2020-28241.patch @@ -0,0 +1,119 @@ +diff --git a/bin/mmdblookup.c b/bin/mmdblookup.c +index 030d88c..513ad2d 100644 +--- a/bin/mmdblookup.c ++++ b/bin/mmdblookup.c +@@ -263,7 +263,7 @@ LOCAL const char **get_options( + } + + const char **lookup_path = +- malloc(sizeof(const char *) * ((argc - optind) + 1)); ++ calloc((argc - optind) + 1, sizeof(const char *)); + int i; + for (i = 0; i < argc - optind; i++) { + lookup_path[i] = argv[i + optind]; +diff --git a/doc/libmaxminddb.md b/doc/libmaxminddb.md +index e6de9d5..15433c3 100644 +--- a/doc/libmaxminddb.md ++++ b/doc/libmaxminddb.md +@@ -307,7 +307,7 @@ libmaxminddb code. + + The `utf8_string`, `bytes`, and (maybe) the `uint128` members of this structure + are all pointers directly into the database's data section. This can either be +-a `malloc`'d or `mmap`'d block of memory. In either case, these pointers will ++a `calloc`'d or `mmap`'d block of memory. In either case, these pointers will + become invalid after `MMDB_close()` is called. + + If you need to refer to this data after that time you should copy the data +diff --git a/src/maxminddb.c b/src/maxminddb.c +index 7580e1e..6801930 100644 +--- a/src/maxminddb.c ++++ b/src/maxminddb.c +@@ -35,7 +35,7 @@ + do { \ + char *binary = byte_to_binary(byte); \ + if (NULL == binary) { \ +- fprintf(stderr, "Malloc failed in DEBUG_BINARY\n"); \ ++ fprintf(stderr, "Calloc failed in DEBUG_BINARY\n"); \ + abort(); \ + } \ + fprintf(stderr, fmt "\n", binary); \ +@@ -54,7 +54,7 @@ + #ifdef MMDB_DEBUG + DEBUG_FUNC char *byte_to_binary(uint8_t byte) + { +- char *bits = malloc(sizeof(char) * 9); ++ char *bits = calloc(9, sizeof(char)); + if (NULL == bits) { + return bits; + } +@@ -687,7 +687,7 @@ LOCAL int populate_languages_metadata(MMDB_s *mmdb, MMDB_s *metadata_db, + MMDB_INVALID_METADATA_ERROR); + + mmdb->metadata.languages.count = 0; +- mmdb->metadata.languages.names = malloc(array_size * sizeof(char *)); ++ mmdb->metadata.languages.names = calloc(array_size, sizeof(char *)); + if (NULL == mmdb->metadata.languages.names) { + return MMDB_OUT_OF_MEMORY_ERROR; + } +@@ -705,7 +705,7 @@ LOCAL int populate_languages_metadata(MMDB_s *mmdb, MMDB_s *metadata_db, + if (NULL == mmdb->metadata.languages.names[i]) { + return MMDB_OUT_OF_MEMORY_ERROR; + } +- // We assign this as we go so that if we fail a malloc and need to ++ // We assign this as we go so that if we fail a calloc and need to + // free it, the count is right. + mmdb->metadata.languages.count = i + 1; + } +@@ -757,7 +757,7 @@ LOCAL int populate_description_metadata(MMDB_s *mmdb, MMDB_s *metadata_db, + MMDB_INVALID_METADATA_ERROR); + + mmdb->metadata.description.descriptions = +- malloc(map_size * sizeof(MMDB_description_s *)); ++ calloc(map_size, sizeof(MMDB_description_s *)); + if (NULL == mmdb->metadata.description.descriptions) { + status = MMDB_OUT_OF_MEMORY_ERROR; + goto cleanup; +@@ -765,7 +765,7 @@ LOCAL int populate_description_metadata(MMDB_s *mmdb, MMDB_s *metadata_db, + + for (uint32_t i = 0; i < map_size; i++) { + mmdb->metadata.description.descriptions[i] = +- malloc(sizeof(MMDB_description_s)); ++ calloc(1, sizeof(MMDB_description_s)); + if (NULL == mmdb->metadata.description.descriptions[i]) { + status = MMDB_OUT_OF_MEMORY_ERROR; + goto cleanup; +@@ -1172,7 +1172,7 @@ int MMDB_vget_value(MMDB_entry_s *const start, + MAYBE_CHECK_SIZE_OVERFLOW(length, SIZE_MAX / sizeof(const char *) - 1, + MMDB_INVALID_METADATA_ERROR); + +- const char **path = malloc((length + 1) * sizeof(const char *)); ++ const char **path = calloc(length + 1, sizeof(const char *)); + if (NULL == path) { + return MMDB_OUT_OF_MEMORY_ERROR; + } +@@ -2037,6 +2037,7 @@ LOCAL MMDB_entry_data_list_s *dump_entry_data_list( + char *hex_string = + bytes_to_hex((uint8_t *)entry_data_list->entry_data.bytes, + entry_data_list->entry_data.data_size); ++ + if (NULL == hex_string) { + *status = MMDB_OUT_OF_MEMORY_ERROR; + return NULL; +@@ -2130,7 +2131,7 @@ LOCAL char *bytes_to_hex(uint8_t *bytes, uint32_t size) + char *hex_string; + MAYBE_CHECK_SIZE_OVERFLOW(size, SIZE_MAX / 2 - 1, NULL); + +- hex_string = malloc((size * 2) + 1); ++ hex_string = calloc((size * 2) + 1, sizeof(char)); + if (NULL == hex_string) { + return NULL; + } +@@ -2139,6 +2140,8 @@ LOCAL char *bytes_to_hex(uint8_t *bytes, uint32_t size) + sprintf(hex_string + (2 * i), "%02X", bytes[i]); + } + ++ ++ + return hex_string; + } +