diff options
| author | V3n3RiX <venerix@koprulu.sector> | 2022-11-01 03:06:32 +0000 |
|---|---|---|
| committer | V3n3RiX <venerix@koprulu.sector> | 2022-11-01 03:06:32 +0000 |
| commit | b9fc63c20df1fdeead24c989c4aca4090830f9d4 (patch) | |
| tree | eb449e4ca2d0468a048c47aed8cb276eb64c464d /app-arch/upx/files | |
| parent | c9c609463fab9bcfb35694627bca1429a21fdbb2 (diff) | |
gentoo auto-resync : 01:11:2022 - 03:06:31
Diffstat (limited to 'app-arch/upx/files')
| -rw-r--r-- | app-arch/upx/files/upx-3.96_CVE-2020-24119.patch | 34 | ||||
| -rw-r--r-- | app-arch/upx/files/upx-3.96_CVE-2021-20285.patch | 76 |
2 files changed, 0 insertions, 110 deletions
diff --git a/app-arch/upx/files/upx-3.96_CVE-2020-24119.patch b/app-arch/upx/files/upx-3.96_CVE-2020-24119.patch deleted file mode 100644 index 7e6de04948bd..000000000000 --- a/app-arch/upx/files/upx-3.96_CVE-2020-24119.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 87b73e5cfdc12da94c251b2cd83bb01c7d9f616c Mon Sep 17 00:00:00 2001 -From: John Reiser <jreiser@BitWagon.com> -Date: Wed, 22 Jul 2020 19:34:27 -0700 -Subject: [PATCH] Unpack: Phdrs must be within expansion of first compressed - block - -https://github.com/upx/upx/issues/388 - modified: p_lx_elf.cpp ---- - src/p_lx_elf.cpp | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/p_lx_elf.cpp b/src/p_lx_elf.cpp -index cd9e4ec97..453d5c457 100644 ---- a/src/p_lx_elf.cpp -+++ b/src/p_lx_elf.cpp -@@ -4550,7 +4550,7 @@ void PackLinuxElf64::unpack(OutputFile *fo) - unsigned c_adler = upx_adler32(NULL, 0); - unsigned u_adler = upx_adler32(NULL, 0); - #define MAX_ELF_HDR 1024 -- if ((MAX_ELF_HDR - sizeof(Elf64_Ehdr))/sizeof(Elf64_Phdr) < u_phnum) { -+ if ((umin64(MAX_ELF_HDR, ph.u_len) - sizeof(Elf64_Ehdr))/sizeof(Elf64_Phdr) < u_phnum) { - throwCantUnpack("bad compressed e_phnum"); - } - #undef MAX_ELF_HDR -@@ -5617,7 +5617,7 @@ void PackLinuxElf32::unpack(OutputFile *fo) - unsigned c_adler = upx_adler32(NULL, 0); - unsigned u_adler = upx_adler32(NULL, 0); - #define MAX_ELF_HDR 512 -- if ((MAX_ELF_HDR - sizeof(Elf32_Ehdr))/sizeof(Elf32_Phdr) < u_phnum) { -+ if ((umin(MAX_ELF_HDR, ph.u_len) - sizeof(Elf32_Ehdr))/sizeof(Elf32_Phdr) < u_phnum) { - throwCantUnpack("bad compressed e_phnum"); - } - #undef MAX_ELF_HDR diff --git a/app-arch/upx/files/upx-3.96_CVE-2021-20285.patch b/app-arch/upx/files/upx-3.96_CVE-2021-20285.patch deleted file mode 100644 index 1d47b2a8bb67..000000000000 --- a/app-arch/upx/files/upx-3.96_CVE-2021-20285.patch +++ /dev/null @@ -1,76 +0,0 @@ -From 3781df9da23840e596d5e9e8493f22666802fe6c Mon Sep 17 00:00:00 2001 -From: John Reiser <jreiser@BitWagon.com> -Date: Fri, 11 Dec 2020 13:38:18 -0800 -Subject: [PATCH] Check DT_REL/DT_RELA, DT_RELSZ/DT_RELASZ - -https://github.com/upx/upx/issues/421 - modified: p_lx_elf.cpp ---- - src/p_lx_elf.cpp | 34 +++++++++++++++++++++++++++++----- - 1 file changed, 29 insertions(+), 5 deletions(-) - -diff --git a/src/p_lx_elf.cpp b/src/p_lx_elf.cpp -index 182db192..3a4101cf 100644 ---- a/src/p_lx_elf.cpp -+++ b/src/p_lx_elf.cpp -@@ -2222,8 +2222,20 @@ bool PackLinuxElf32::canPack() - int z_rsz = dt_table[Elf32_Dyn::DT_RELSZ]; - if (z_rel && z_rsz) { - unsigned rel_off = get_te32(&dynseg[-1+ z_rel].d_val); -+ if ((unsigned)file_size <= rel_off) { -+ char msg[70]; snprintf(msg, sizeof(msg), -+ "bad Elf32_Dynamic[DT_REL] %#x\n", -+ rel_off); -+ throwCantPack(msg); -+ } - Elf32_Rel *rp = (Elf32_Rel *)&file_image[rel_off]; - unsigned relsz = get_te32(&dynseg[-1+ z_rsz].d_val); -+ if ((unsigned)file_size <= relsz) { -+ char msg[70]; snprintf(msg, sizeof(msg), -+ "bad Elf32_Dynamic[DT_RELSZ] %#x\n", -+ relsz); -+ throwCantPack(msg); -+ } - Elf32_Rel *last = (Elf32_Rel *)(relsz + (char *)rp); - for (; rp < last; ++rp) { - unsigned r_va = get_te32(&rp->r_offset); -@@ -2562,14 +2574,26 @@ PackLinuxElf64::canPack() - int z_rel = dt_table[Elf64_Dyn::DT_RELA]; - int z_rsz = dt_table[Elf64_Dyn::DT_RELASZ]; - if (z_rel && z_rsz) { -- unsigned rel_off = get_te64(&dynseg[-1+ z_rel].d_val); -+ upx_uint64_t rel_off = get_te64(&dynseg[-1+ z_rel].d_val); -+ if ((u64_t)file_size <= rel_off) { -+ char msg[70]; snprintf(msg, sizeof(msg), -+ "bad Elf64_Dynamic[DT_RELA] %#llx\n", -+ rel_off); -+ throwCantPack(msg); -+ } - Elf64_Rela *rp = (Elf64_Rela *)&file_image[rel_off]; -- unsigned relsz = get_te64(&dynseg[-1+ z_rsz].d_val); -+ upx_uint64_t relsz = get_te64(&dynseg[-1+ z_rsz].d_val); -+ if ((u64_t)file_size <= relsz) { -+ char msg[70]; snprintf(msg, sizeof(msg), -+ "bad Elf64_Dynamic[DT_RELASZ] %#llx\n", -+ relsz); -+ throwCantPack(msg); -+ } - Elf64_Rela *last = (Elf64_Rela *)(relsz + (char *)rp); - for (; rp < last; ++rp) { -- unsigned r_va = get_te64(&rp->r_offset); -+ upx_uint64_t r_va = get_te64(&rp->r_offset); - if (r_va == user_init_ava) { // found the Elf64_Rela -- unsigned r_info = get_te64(&rp->r_info); -+ upx_uint64_t r_info = get_te64(&rp->r_info); - unsigned r_type = ELF64_R_TYPE(r_info); - if (Elf64_Ehdr::EM_AARCH64 == e_machine - && R_AARCH64_RELATIVE == r_type) { -@@ -2581,7 +2605,7 @@ PackLinuxElf64::canPack() - } - else { - char msg[50]; snprintf(msg, sizeof(msg), -- "bad relocation %#x DT_INIT_ARRAY[0]", -+ "bad relocation %#llx DT_INIT_ARRAY[0]", - r_info); - throwCantPack(msg); - } |