Merge pull request #773 from kinvolk/dongsu/bsdiff-CVE-2020-14315

dev-util/bsdiff: fix heap overflow vulnerability CVE-2020-14315
2025-08-18 21:11:08 +02:00 · 2021-01-13 08:58:18 +01:00 · 2021-01-13 08:58:18 +01:00 · e1a95462f8
commit e1a95462f8
parent 4f4a76a1a2 9a4dd68239
2 changed files with 25 additions and 1 deletions
--- a/sdk_container/src/third_party/coreos-overlay/dev-util/bsdiff/bsdiff-4.3-r8.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/dev-util/bsdiff/bsdiff-4.3-r8.ebuild
@ -18,8 +18,10 @@ RDEPEND="app-arch/bzip2"

 PATCHES=(
 	"${FILESDIR}/${P}-CVE-2014-9862.patch"
-	# Flatcar: Apply patch to change suffix sort to sais-lite
+	# Flatcar: Apply patch to change suffix sort to sais-lite, and
+	# to fix heap overflow vulnerability CVE-2020-14315.
 	"${FILESDIR}/${PV}_bsdiff-convert-to-sais-lite-suffix-sort.patch"
+	"${FILESDIR}/${P}-CVE-2020-14315.patch"
 )

 src_compile() {
--- a/sdk_container/src/third_party/coreos-overlay/dev-util/bsdiff/files/bsdiff-4.3-CVE-2020-14315.patch
+++ b/sdk_container/src/third_party/coreos-overlay/dev-util/bsdiff/files/bsdiff-4.3-CVE-2020-14315.patch
@ -0,0 +1,22 @@
+--- a/bspatch.c	2021-01-11 15:53:32.642707355 +0100
+++ b/bspatch.c	2021-01-11 16:00:14.704637769 +0100
+@@ -35,6 +35,7 @@
+ #include <err.h>
+ #include <unistd.h>
+ #include <fcntl.h>
+#include <limits.h>
+ 
+ static off_t offtin(u_char *buf)
+ {
+@@ -152,8 +153,9 @@
+ 		};
+ 
+ 		/* Sanity-check */
+-		if ((ctrl[0] < 0) || (ctrl[1] < 0))
+-			errx(1,"Corrupt patch\n");
+		if (ctrl[0] < 0 || ctrl[0] > INT_MAX ||
+		    ctrl[1] < 0 || ctrl[1] > INT_MAX)
+			errx(1, "Corrupt patch\n");
+ 
+ 		/* Sanity-check */
+ 		if(newpos+ctrl[0]>newsize)