diff options
Diffstat (limited to 'gnu/packages/patches/glibc-2.40-CVE-2025-0.patch')
| -rw-r--r-- | gnu/packages/patches/glibc-2.40-CVE-2025-0.patch | 63 |
1 files changed, 0 insertions, 63 deletions
diff --git a/gnu/packages/patches/glibc-2.40-CVE-2025-0.patch b/gnu/packages/patches/glibc-2.40-CVE-2025-0.patch deleted file mode 100644 index 9dd4eee074..0000000000 --- a/gnu/packages/patches/glibc-2.40-CVE-2025-0.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 7d4b6bcae91f29d7b4daf15bab06b66cf1d2217c Mon Sep 17 00:00:00 2001 -From: Siddhesh Poyarekar <siddhesh@sourceware.org> -Date: Tue, 21 Jan 2025 16:11:06 -0500 -Subject: [PATCH] Fix underallocation of abort_msg_s struct (CVE-2025-0395) - -Include the space needed to store the length of the message itself, in -addition to the message string. This resolves BZ #32582. - -Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> -Reviewed: Adhemerval Zanella <adhemerval.zanella@linaro.org> -(cherry picked from commit 68ee0f704cb81e9ad0a78c644a83e1e9cd2ee578) ---- - assert/assert.c | 4 +++- - sysdeps/posix/libc_fatal.c | 4 +++- - 2 files changed, 6 insertions(+), 2 deletions(-) - -diff --git a/assert/assert.c b/assert/assert.c -index c29629f5f6..b6e37d694c 100644 ---- a/assert/assert.c -+++ b/assert/assert.c -@@ -18,6 +18,7 @@ - #include <assert.h> - #include <atomic.h> - #include <ldsodefs.h> -+#include <libc-pointer-arith.h> - #include <libintl.h> - #include <stdio.h> - #include <stdlib.h> -@@ -65,7 +66,8 @@ __assert_fail_base (const char *fmt, const char *assertion, const char *file, - (void) __fxprintf (NULL, "%s", str); - (void) fflush (stderr); - -- total = (total + 1 + GLRO(dl_pagesize) - 1) & ~(GLRO(dl_pagesize) - 1); -+ total = ALIGN_UP (total + sizeof (struct abort_msg_s) + 1, -+ GLRO(dl_pagesize)); - struct abort_msg_s *buf = __mmap (NULL, total, PROT_READ | PROT_WRITE, - MAP_ANON | MAP_PRIVATE, -1, 0); - if (__glibc_likely (buf != MAP_FAILED)) -diff --git a/sysdeps/posix/libc_fatal.c b/sysdeps/posix/libc_fatal.c -index f9e3425e04..089c47b04b 100644 ---- a/sysdeps/posix/libc_fatal.c -+++ b/sysdeps/posix/libc_fatal.c -@@ -20,6 +20,7 @@ - #include <errno.h> - #include <fcntl.h> - #include <ldsodefs.h> -+#include <libc-pointer-arith.h> - #include <paths.h> - #include <stdarg.h> - #include <stdbool.h> -@@ -105,7 +106,8 @@ __libc_message_impl (const char *fmt, ...) - { - WRITEV_FOR_FATAL (fd, iov, iovcnt, total); - -- total = (total + 1 + GLRO(dl_pagesize) - 1) & ~(GLRO(dl_pagesize) - 1); -+ total = ALIGN_UP (total + sizeof (struct abort_msg_s) + 1, -+ GLRO(dl_pagesize)); - struct abort_msg_s *buf = __mmap (NULL, total, - PROT_READ | PROT_WRITE, - MAP_ANON | MAP_PRIVATE, -1, 0); --- -2.46.0 - |