lp:klibc

Created by Thorsten Glaser and last modified
Get this branch:
bzr branch lp:klibc

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Thorsten Glaser
Project:
klibc
Review team:
maximilian attems
Status:
Development

Import details

Import Status: Reviewed

This branch is an import of the HEAD branch of the Git repository at git://git.kernel.org/pub/scm/libs/klibc/klibc.git.

The next import is scheduled to run .

Last successful import was .

Import started on izar and finished taking 10 seconds — see the log
Import started on alnitak and finished taking 10 seconds — see the log
Import started on alnitak and finished taking 10 seconds — see the log
Import started on alnitak and finished taking 10 seconds — see the log
Import started on izar and finished taking 10 seconds — see the log
Import started on izar and finished taking 5 seconds — see the log
Import started on alnitak and finished taking 10 seconds — see the log
Import started on alnitak and finished taking 10 seconds — see the log
Import started on izar and finished taking 5 seconds — see the log
Import started on alnitak and finished taking 10 seconds — see the log

Recent revisions

2186. By Ben Hutchings on 2021-04-29

[klibc] 2.0.9 released, next version is 2.0.10

2185. By Ben Hutchings on 2021-04-29

[klibc] cpio: Fix possible crash on 64-bit systems

copyin_link() tries to allocate (unsigned int)c_filesize + 1 bytes.
If c_filesize == UINT_MAX, this works out as 0 bytes, resulting in a
null pointer and a subsequent SIGSEGV.

The previous commit made this impossible on 32-bit systems.

CVE-2021-31871

Signed-off-by: Ben Hutchings <email address hidden>

2184. By Ben Hutchings on 2021-04-29

[klibc] cpio: Fix possible integer overflow on 32-bit systems

The maximum name and file sizes in the "new" header format are 32-bit
unsigned values. However, the I/O functions mostly use long for sizes
and offsets, so that sizes >= 2^31 are handled wrongly on 32-bit
systems.

The current GNU cpio code doesn't seem to have this problem, but the
divergence between this version and that is large enough that I can't
simply cherry-pick a fix for it.

As a short-term fix, in read_in_new_ascii(), fail if c_namesize or
c_filesize is > LONG_MAX.

CVE-2021-31872

Signed-off-by: Ben Hutchings <email address hidden>

2183. By Ben Hutchings on 2021-04-29

[klibc] malloc: Fail if block size is out of range for sbrk

sbrk() takes a parameter of type intptr_t. We allow allocating up to
PTRDIFF_MAX (equal to INPTPTR_MAX), and then add a header to that, so
the result fsize can be > INTPTR_MAX. The conversion of fsize to
intptr_t would then result in undefined behaviour (but probably
*lowering* the top of heap). Fail cleanly before that happens.

This is currently a theoretical problem since we actually use mmap()
instead of sbrk() on all architectures.

Signed-off-by: Ben Hutchings <email address hidden>

2182. By Ben Hutchings on 2021-04-29

[klibc] calloc: Fail if multiplication overflows

calloc() multiplies its 2 arguments together and passes the result to
malloc(). Since the factors and product both have type size_t, this
can result in an integer overflow and subsequent buffer overflow.
Check for this and fail if it happens.

CVE-2021-31870

Signed-off-by: Ben Hutchings <email address hidden>

2181. By Ben Hutchings on 2021-04-29

[klibc] malloc: Fail if requested size > PTRDIFF_MAX

malloc() adds some overhead to the requested size, which may result in
an integer overflow and subsequent buffer overflow if it is close to
SIZE_MAX. It should fail if size is large enough for this to happen.

Further, it's not legal for a C object to be larger than
PTRDIFF_MAX (half of SIZE_MAX) as pointer arithmetic within it could
overflow. So return failure immediately if size is greater than that.

CVE-2021-31873

Signed-off-by: Ben Hutchings <email address hidden>

2180. By Ben Hutchings on 2021-04-28

[klibc] malloc: Set errno on failure

malloc() is specified to set errno = ENOMEM on failure, so do that.

Signed-off-by: Ben Hutchings <email address hidden>

2179. By Ben Hutchings on 2021-04-28

[klibc] tests: Add test for malloc size arithmetic

It has been reported that klibc's malloc() and calloc() are
vulnerable to integer overflows. Add test cases demonstrating
some of these.

Signed-off-by: Ben Hutchings <email address hidden>

2178. By Ben Hutchings on 2021-04-28

[klibc] Define SIZE_MAX in <stdint.h>

This is required by C99, and will be useful for the following
changes.

Signed-off-by: Ben Hutchings <email address hidden>

2177. By Ben Hutchings on 2021-04-28

[klibc] losetup: Fix warnings about __u64 arguments to printf

On some 64-bit architectures __u64 is defined as unsigned long. On
these architectures, gcc emits a series of warnings such as:

    usr/utils/losetup.c: In function 'show_loop':
    usr/utils/losetup.c:54:21: warning: format '%llx' expects argument of type 'long long unsigned int', but argument 3 has type '__u64' {aka 'long unsigned int'} [-Wformat=]

Define the necessary macro to ensure __u64 is defined as unsigned long
long everywhere, fixing these warnings.

Signed-off-by: Ben Hutchings <email address hidden>

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
This branch contains Public information 
Everyone can see this information.

Subscribers