add missing patch

(cherry picked from commit c641d529927d6ea307c71418d70c4bd1ae90de9b)
2023-05-29 12:53:49 +00:00 · 2023-05-29 12:53:49 +00:00 · a6c693af09
commit a6c693af09
parent ae2b2c05fc
4 changed files with 270 additions and 16 deletions
--- a/backport-0001-CVE-2023-33204.patch
+++ b/backport-0001-CVE-2023-33204.patch
@ -0,0 +1,143 @@
+From c9a11d35df4aecfcf22aef827bac6cd57def9d4e Mon Sep 17 00:00:00 2001
+From: Sebastien GODARD <sysstat@users.noreply.github.com>
+Date: Sun, 23 Oct 2022 16:22:28 +0200
+Subject: [PATCH] Add more overflow checks
+
+Signed-off-by: Sebastien GODARD <sysstat@users.noreply.github.com>
+
+Reference:https://github.com/sysstat/sysstat/commit/c9a11d35df4aecfcf22aef827bac6cd57def9d4e
+Conflict:NA
+
+---
+ common.c    | 46 ++++++++++++++++++++++------------------------
+ common.h    |  4 ++--
+ sa_common.c |  9 +++++++--
+ sadc.c      |  6 ++++++
+ 4 files changed, 37 insertions(+), 28 deletions(-)
+
+diff --git a/common.c b/common.c
+index 28d475e..5ecd7ff 100644
+--- a/common.c
+++ b/common.c
+@@ -410,6 +410,28 @@ int get_wwnid_from_pretty(char *pretty, unsigned long long *wwn, unsigned int *p
+ 	return rc;
+ }
+ 
+/*
+ * **************************************************************************
+ * Check if the multiplication of the 3 values may be greater than UINT_MAX.
+ *
+ * IN:
+ * @val1	First value.
+ * @val2	Second value.
+ * @val3	Third value.
+ ***************************************************************************
+ */
+void check_overflow(unsigned long long val1, unsigned long long val2,
+		    unsigned long long val3)
+{
+	if (val1 * val2 * val3 > UINT_MAX) {
+#ifdef DEBUG
+		fprintf(stderr, "%s: Overflow detected (%llu). Aborting...\n",
+			__FUNCTION__, val1 * val2 * val3);
+#endif
+	exit(4);
+		}
+}
+
+ #ifndef SOURCE_SADC
+ /*
+  ***************************************************************************
+@@ -1529,28 +1551,4 @@ int parse_values(char *strargv, unsigned char bitmap[], int max_val, const char
+ 	return 0;
+ }
+ 
+-/*
+- ***************************************************************************
+- * Check if the multiplication of the 3 values may be greater than UINT_MAX.
+- *
+- * IN:
+- * @val1	First value.
+- * @val2	Second value.
+- * @val3	Third value.
+- ***************************************************************************
+- */
+-void check_overflow(size_t val1, size_t val2, size_t val3)
+-{
+-	if ((unsigned long long) val1 *
+-	    (unsigned long long) val2 *
+-	    (unsigned long long) val3 > UINT_MAX) {
+-#ifdef DEBUG
+-		fprintf(stderr, "%s: Overflow detected (%llu). Aborting...\n",
+-			__FUNCTION__,
+-			(unsigned long long) val1 * (unsigned long long) val2 *	(unsigned long long) val3);
+-#endif
+-	exit(4);
+-	}
+-}
+-
+ #endif /* SOURCE_SADC undefined */
+diff --git a/common.h b/common.h
+index 75f837a..827e282 100644
+--- a/common.h
+++ b/common.h
+@@ -247,10 +247,10 @@ int extract_wwnid
+ 	(char *, unsigned long long *, unsigned int *);
+ int get_wwnid_from_pretty
+ 	(char *, unsigned long long *, unsigned int *);
+void check_overflow
+	(unsigned long long, unsigned long long, unsigned long long);
+ 
+ #ifndef SOURCE_SADC
+-void check_overflow
+-	(size_t, size_t, size_t);
+ int count_bits
+ 	(void *, int);
+ int count_csvalues
+diff --git a/sa_common.c b/sa_common.c
+index ff90c1f..0ac04a2 100644
+--- a/sa_common.c
+++ b/sa_common.c
+@@ -456,8 +456,9 @@ void allocate_structures(struct activity *act[])
+ 		if (act[i]->nr_ini > 0) {
+ 
+ 			/* Look for a possible overflow */
+-			check_overflow((size_t) act[i]->msize, (size_t) act[i]->nr_ini,
+-				       (size_t) act[i]->nr2);
+			check_overflow((unsigned long long) act[i]->msize,
+				       (unsigned long long) act[i]->nr_ini,
+				       (unsigned long long) act[i]->nr2);
+ 
+ 			for (j = 0; j < 3; j++) {
+ 				SREALLOC(act[i]->buf[j], void,
+@@ -522,6 +523,10 @@ void reallocate_all_buffers(struct activity *a, __nr_t nr_min)
+ 		while (nr_realloc < nr_min);
+ 	}
+ 
+	/* Look for a possible overflow */
+	check_overflow((unsigned long long) a->msize, nr_realloc,
+		       (unsigned long long) a->nr2);
+
+ 	for (j = 0; j < 3; j++) {
+ 		SREALLOC(a->buf[j], void,
+ 			(size_t) a->msize * nr_realloc * (size_t) a->nr2);
+diff --git a/sadc.c b/sadc.c
+index 5516a81..e7d4851 100644
+--- a/sadc.c
+++ b/sadc.c
+@@ -352,6 +352,12 @@ void sa_sys_init(void)
+ 		}
+ 
+ 		if (IS_COLLECTED(act[i]->options) && (act[i]->nr_ini > 0)) {
+
+			/* Look for a possible overflow */
+			check_overflow((unsigned long long) act[i]->msize,
+				       (unsigned long long) act[i]->nr_ini,
+				       (unsigned long long) act[i]->nr2);
+
+ 			/* Allocate structures for current activity (using nr_ini and nr2 results) */
+ 			SREALLOC(act[i]->_buf0, void,
+ 				 (size_t) act[i]->msize * (size_t) act[i]->nr_ini * (size_t) act[i]->nr2);
+-- 
+2.33.0
+
--- a/backport-0002-CVE-2023-33204.patch
+++ b/backport-0002-CVE-2023-33204.patch
@ -0,0 +1,104 @@
+From 44f1dc159242c1e434a3b836cda49f084c5a96cc Mon Sep 17 00:00:00 2001
+From: Sebastien GODARD <sysstat@users.noreply.github.com>
+Date: Sun, 6 Nov 2022 15:48:16 +0100
+Subject: [PATCH] Make sure values to be compared are unsigned integers
+ 
+It seems safer to make sure that input values are unsigned int before
+casting them to unsigned long long and making the comparison.
+ 
+Signed-off-by: Sebastien GODARD <sysstat@users.noreply.github.com>
+ 
+Reference:https://github.com/sysstat/sysstat/commit/44f1dc159242c1e434a3b836cda49f084c5a96cc
+Conflict:NA
+
+---
+ common.c    | 10 ++++++----
+ common.h    |  2 +-
+ sa_common.c | 10 +++++-----
+ sadc.c      |  6 +++---
+ 4 files changed, 15 insertions(+), 13 deletions(-)
+
+diff --git a/common.c b/common.c
+index 5ecd7ff..8808445 100644
+--- a/common.c
+++ b/common.c
+@@ -420,13 +420,15 @@ int get_wwnid_from_pretty(char *pretty, unsigned long long *wwn, unsigned int *p
+  * @val3	Third value.
+  ***************************************************************************
+  */
+-void check_overflow(unsigned long long val1, unsigned long long val2,
+-		    unsigned long long val3)
+void check_overflow(unsigned int val1, unsigned int val2,
+		    unsigned int val3)
+ {
+-	if (val1 * val2 * val3 > UINT_MAX) {
+	if ((unsigned long long) val1 * (unsigned long long) val2 *
+	    (unsigned long long) val3 > UINT_MAX) {
+ #ifdef DEBUG
+ 		fprintf(stderr, "%s: Overflow detected (%llu). Aborting...\n",
+-			__FUNCTION__, val1 * val2 * val3);
+			__FUNCTION__, (unsigned long long) val1 * (unsigned long long) val2 *
+			(unsigned long long) val3);
+ #endif
+ 	exit(4);
+ 		}
+diff --git a/common.h b/common.h
+index 827e282..8014fbd 100644
+--- a/common.h
+++ b/common.h
+@@ -248,7 +248,7 @@ int extract_wwnid
+ int get_wwnid_from_pretty
+ 	(char *, unsigned long long *, unsigned int *);
+ void check_overflow
+-	(unsigned long long, unsigned long long, unsigned long long);
+	(unsigned int, unsigned int, unsigned int);
+ 
+ #ifndef SOURCE_SADC
+ int count_bits
+diff --git a/sa_common.c b/sa_common.c
+index 0ac04a2..e9a0f86 100644
+--- a/sa_common.c
+++ b/sa_common.c
+@@ -456,9 +456,9 @@ void allocate_structures(struct activity *act[])
+ 		if (act[i]->nr_ini > 0) {
+ 
+ 			/* Look for a possible overflow */
+-			check_overflow((unsigned long long) act[i]->msize,
+-				       (unsigned long long) act[i]->nr_ini,
+-				       (unsigned long long) act[i]->nr2);
+			check_overflow((unsigned int) act[i]->msize,
+				       (unsigned int) act[i]->nr_ini,
+				       (unsigned int) act[i]->nr2);
+ 
+ 			for (j = 0; j < 3; j++) {
+ 				SREALLOC(act[i]->buf[j], void,
+@@ -524,8 +524,8 @@ void reallocate_all_buffers(struct activity *a, __nr_t nr_min)
+ 	}
+ 
+ 	/* Look for a possible overflow */
+-	check_overflow((unsigned long long) a->msize, nr_realloc,
+-		       (unsigned long long) a->nr2);
+	check_overflow((unsigned int) a->msize, (unsigned int) nr_realloc,
+		       (unsigned int) a->nr2);
+ 
+ 	for (j = 0; j < 3; j++) {
+ 		SREALLOC(a->buf[j], void,
+diff --git a/sadc.c b/sadc.c
+index e7d4851..bcd8b59 100644
+--- a/sadc.c
+++ b/sadc.c
+@@ -354,9 +354,9 @@ void sa_sys_init(void)
+ 		if (IS_COLLECTED(act[i]->options) && (act[i]->nr_ini > 0)) {
+ 
+ 			/* Look for a possible overflow */
+-			check_overflow((unsigned long long) act[i]->msize,
+-				       (unsigned long long) act[i]->nr_ini,
+-				       (unsigned long long) act[i]->nr2);
+			check_overflow((unsigned int) act[i]->msize,
+				       (unsigned int) act[i]->nr_ini,
+				       (unsigned int) act[i]->nr2);
+ 
+ 			/* Allocate structures for current activity (using nr_ini and nr2 results) */
+ 			SREALLOC(act[i]->_buf0, void,
+-- 
+2.33.0
--- a/backport-0003-CVE-2023-33204.patch
+++ b/backport-0003-CVE-2023-33204.patch
@ -2,23 +2,23 @@ From 954ff2e2673cef48f0ed44668c466eab041db387 Mon Sep 17 00:00:00 2001
 From: Pavel Kopylov <pkopylov@cloudlinux.com>
 Date: Wed, 17 May 2023 11:33:45 +0200
 Subject: [PATCH] Fix an overflow which is still possible for some values.
-
+ 
 Reference:https://github.com/sysstat/sysstat/commit/6f8dc568e6ab072bb8205b732f04e685bf9237c0
-Conflict:Adaptation Context
+Conflict:NA
+
 ---
- common.c | 15 ++++++++-------
- 1 file changed, 8 insertions(+), 7 deletions(-)
+ common.c | 16 +++++++++-------
+ 1 file changed, 9 insertions(+), 7 deletions(-)

 diff --git a/common.c b/common.c
-index 28d475e..85b2457 100644
+index 8808445..879d697 100644
 --- a/common.c
 +++ b/common.c
-@@ -1541,15 +1541,16 @@ int parse_values(char *strargv, unsigned char bitmap[], int max_val, const char
-  */
- void check_overflow(size_t val1, size_t val2, size_t val3)
+@@ -423,15 +423,17 @@ int get_wwnid_from_pretty(char *pretty, unsigned long long *wwn, unsigned int *p
+ void check_overflow(unsigned int val1, unsigned int val2,
+ 		    unsigned int val3)
 {
-	if ((unsigned long long) val1 *
-	    (unsigned long long) val2 *
+-	if ((unsigned long long) val1 * (unsigned long long) val2 *
 -	    (unsigned long long) val3 > UINT_MAX) {
 +	if ((val1 != 0) && (val2 != 0) && (val3 != 0) &&
 +	    (((unsigned long long) UINT_MAX / (unsigned long long) val1 <
@ -27,15 +27,17 @@ index 28d475e..85b2457 100644
 +	      (unsigned long long) val3))) {
 #ifdef DEBUG
 -		fprintf(stderr, "%s: Overflow detected (%llu). Aborting...\n",
-			__FUNCTION__,
-			(unsigned long long) val1 * (unsigned long long) val2 *	(unsigned long long) val3);
+-			__FUNCTION__, (unsigned long long) val1 * (unsigned long long) val2 *
+-			(unsigned long long) val3);
 +		fprintf(stderr, "%s: Overflow detected (%u,%u,%u). Aborting...\n",
 +			__FUNCTION__, val1, val2, val3);
 #endif
 -	exit(4);
+-		}
 +		exit(4);
- 	}
+	}
 }
 
+ #ifndef SOURCE_SADC
 -- 
-2.33.0
+2.27.0
--- a/sysstat.spec
+++ b/sysstat.spec
@ -1,13 +1,15 @@
 Name:    sysstat
 Version: 12.2.1
-Release: 5
+Release: 6
 Summary: System performance tools for the Linux operating system
 License: GPLv2+
 URL:     http://sebastien.godard.pagesperso-orange.fr/
 Source0: http://sebastien.godard.pagesperso-orange.fr/%{name}-%{version}.tar.xz

 Patch6000: backport-CVE-2022-39377.patch
-Patch6001: backport-CVE-2023-33204.patch
+Patch6001: backport-0001-CVE-2023-33204.patch
+Patch6002: backport-0002-CVE-2023-33204.patch
+Patch6003: backport-0003-CVE-2023-33204.patch

 BuildRequires: gcc, gettext, lm_sensors-devel, systemd

@ -89,6 +91,9 @@ export compressafter="31"
 %{_mandir}/man*/*

 %changelog
+* Mon May 29 2023 zhouwenpei <zhouwenpei1@h-partners.com> - 12.2.1-6
+- add missing patch
+
 * Thu May 25 2023 zhouwenpei <zhouwenpei1@h-partners.com> - 12.2.1-5
 - fix CVE-2023-33204