summaryrefslogtreecommitdiff
path: root/source/l/glibc/glibc.CVE-2013-4332.diff
diff options
context:
space:
mode:
Diffstat (limited to 'source/l/glibc/glibc.CVE-2013-4332.diff')
-rw-r--r--source/l/glibc/glibc.CVE-2013-4332.diff64
1 files changed, 0 insertions, 64 deletions
diff --git a/source/l/glibc/glibc.CVE-2013-4332.diff b/source/l/glibc/glibc.CVE-2013-4332.diff
deleted file mode 100644
index 9f7f5886..00000000
--- a/source/l/glibc/glibc.CVE-2013-4332.diff
+++ /dev/null
@@ -1,64 +0,0 @@
-From 0d6085cb1b4330b835ad08a3ec8f80b30f0cadb4 Mon Sep 17 00:00:00 2001
-From: mancha <mancha1@hush.com>
-Date: Wed, 11 Sep 2013
-Subject: CVE-2013-4332
-
-malloc: Check for integer overflow in pvalloc, valloc, and memalign.
-
-A large bytes parameter to pvalloc, valloc, or memalign could cause
-an integer overflow and corrupt allocator internals. Check the
-overflow does not occur before continuing with the allocation.
-
-Note: This is a backport to glibc 2.17 of the following three commits:
- * https://sourceware.org/git/?p=glibc.git;a=commit;h=1159a193696a
- * https://sourceware.org/git/?p=glibc.git;a=commit;h=55e17aadc1ef
- * https://sourceware.org/git/?p=glibc.git;a=commit;h=b73ed247781d
----
-
-malloc.c | 21 +++++++++++++++++++++
- 1 file changed, 21 insertions(+)
-
---- a/malloc/malloc.c
-+++ b/malloc/malloc.c
-@@ -3020,6 +3020,13 @@ __libc_memalign(size_t alignment, size_t
- /* Otherwise, ensure that it is at least a minimum chunk size */
- if (alignment < MINSIZE) alignment = MINSIZE;
-
-+ /* Check for overflow. */
-+ if (bytes > SIZE_MAX - alignment - MINSIZE)
-+ {
-+ __set_errno (ENOMEM);
-+ return 0;
-+ }
-+
- arena_get(ar_ptr, bytes + alignment + MINSIZE);
- if(!ar_ptr)
- return 0;
-@@ -3051,6 +3058,13 @@ __libc_valloc(size_t bytes)
-
- size_t pagesz = GLRO(dl_pagesize);
-
-+ /* Check for overflow. */
-+ if (bytes > SIZE_MAX - pagesz - MINSIZE)
-+ {
-+ __set_errno (ENOMEM);
-+ return 0;
-+ }
-+
- __malloc_ptr_t (*hook) __MALLOC_PMT ((size_t, size_t,
- const __malloc_ptr_t)) =
- force_reg (__memalign_hook);
-@@ -3088,6 +3102,13 @@ __libc_pvalloc(size_t bytes)
- size_t page_mask = GLRO(dl_pagesize) - 1;
- size_t rounded_bytes = (bytes + page_mask) & ~(page_mask);
-
-+ /* Check for overflow. */
-+ if (bytes > SIZE_MAX - 2*pagesz - MINSIZE)
-+ {
-+ __set_errno (ENOMEM);
-+ return 0;
-+ }
-+
- __malloc_ptr_t (*hook) __MALLOC_PMT ((size_t, size_t,
- const __malloc_ptr_t)) =
- force_reg (__memalign_hook);