Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

glibc: cherry-pick fix for CVE-2023-4911 "Looney Tunables" #258856

Closed
wants to merge 1 commit into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions pkgs/development/libraries/glibc/common.nix
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,9 @@ stdenv.mkDerivation ({
See https://github.com/NixOS/nixpkgs/pull/188492#issuecomment-1233802991 for context.
*/
./reenable_DT_HASH.patch

# https://sourceware.org/git/?p=glibc.git;a=blobdiff_plain;f=elf/dl-tunables.c;h=cae67efa0aacb9984c49874dcb95f170ecd1d86d;hp=62b7332d95b61ce3428040522271f6e93e9d53ed;hb=1056e5b4c3f2d90ed2b4a55f96add28da2f4c8fa;hpb=0d5f9ea97f1b39f2a855756078771673a68497e1
./cve-2023-4911-first.patch
]
++ lib.optional stdenv.hostPlatform.isMusl ./fix-rpc-types-musl-conflicts.patch
++ lib.optional stdenv.buildPlatform.isDarwin ./darwin-cross-build.patch;
Expand Down
38 changes: 38 additions & 0 deletions pkgs/development/libraries/glibc/cve-2023-4911-first.patch
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
X-Git-Url: https://sourceware.org/git/?p=glibc.git;a=blobdiff_plain;f=elf%2Fdl-tunables.c;h=cae67efa0aacb9984c49874dcb95f170ecd1d86d;hp=62b7332d95b61ce3428040522271f6e93e9d53ed;hb=1056e5b4c3f2d90ed2b4a55f96add28da2f4c8fa;hpb=0d5f9ea97f1b39f2a855756078771673a68497e1

diff --git a/elf/dl-tunables.c b/elf/dl-tunables.c
index 62b7332d95..cae67efa0a 100644
--- a/elf/dl-tunables.c
+++ b/elf/dl-tunables.c
@@ -180,11 +180,7 @@ parse_tunables (char *tunestr, char *valstring)
/* If we reach the end of the string before getting a valid name-value
pair, bail out. */
if (p[len] == '\0')
- {
- if (__libc_enable_secure)
- tunestr[off] = '\0';
- return;
- }
+ break;

/* We did not find a valid name-value pair before encountering the
colon. */
@@ -244,9 +240,16 @@ parse_tunables (char *tunestr, char *valstring)
}
}

- if (p[len] != '\0')
- p += len + 1;
+ /* We reached the end while processing the tunable string. */
+ if (p[len] == '\0')
+ break;
+
+ p += len + 1;
}
+
+ /* Terminate tunestr before we leave. */
+ if (__libc_enable_secure)
+ tunestr[off] = '\0';
}

/* Enable the glibc.malloc.check tunable in SETUID/SETGID programs only when