internal/rosa/libseccomp: fix upstream out-of-bounds read
All checks were successful
Test / Create distribution (push) Successful in 1m2s
Test / Sandbox (push) Successful in 2m39s
Test / Hakurei (push) Successful in 3m41s
Test / ShareFS (push) Successful in 3m40s
Test / Sandbox (race detector) (push) Successful in 5m5s
Test / Hakurei (race detector) (push) Successful in 6m9s
Test / Flake checks (push) Successful in 1m15s
All checks were successful
Test / Create distribution (push) Successful in 1m2s
Test / Sandbox (push) Successful in 2m39s
Test / Hakurei (push) Successful in 3m41s
Test / ShareFS (push) Successful in 3m40s
Test / Sandbox (race detector) (push) Successful in 5m5s
Test / Hakurei (race detector) (push) Successful in 6m9s
Test / Flake checks (push) Successful in 1m15s
This was revealed by optimisation changes in the latest toolchain. Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
@@ -16,6 +16,23 @@ func (t Toolchain) newLibseccomp() (pkg.Artifact, string) {
|
||||
ScriptEarly: `
|
||||
ln -s ../system/bin/bash /bin/
|
||||
`,
|
||||
|
||||
Patches: [][2]string{
|
||||
{"fix-export-oob-read", `diff --git a/src/api.c b/src/api.c
|
||||
index adccef3..65a277a 100644
|
||||
--- a/src/api.c
|
||||
+++ b/src/api.c
|
||||
@@ -786,7 +786,7 @@ API int seccomp_export_bpf_mem(const scmp_filter_ctx ctx, void *buf,
|
||||
if (BPF_PGM_SIZE(program) > *len)
|
||||
rc = _rc_filter(-ERANGE);
|
||||
else
|
||||
- memcpy(buf, program->blks, *len);
|
||||
+ memcpy(buf, program->blks, BPF_PGM_SIZE(program));
|
||||
}
|
||||
*len = BPF_PGM_SIZE(program);
|
||||
|
||||
`},
|
||||
},
|
||||
}, (*MakeHelper)(nil),
|
||||
Bash,
|
||||
Diffutils,
|
||||
|
||||
Reference in New Issue
Block a user