internal/rosa/libseccomp: fix upstream out-of-bounds read
All checks were successful
Test / Create distribution (push) Successful in 1m2s
Test / Sandbox (push) Successful in 2m39s
Test / Hakurei (push) Successful in 3m41s
Test / ShareFS (push) Successful in 3m40s
Test / Sandbox (race detector) (push) Successful in 5m5s
Test / Hakurei (race detector) (push) Successful in 6m9s
Test / Flake checks (push) Successful in 1m15s
All checks were successful
Test / Create distribution (push) Successful in 1m2s
Test / Sandbox (push) Successful in 2m39s
Test / Hakurei (push) Successful in 3m41s
Test / ShareFS (push) Successful in 3m40s
Test / Sandbox (race detector) (push) Successful in 5m5s
Test / Hakurei (race detector) (push) Successful in 6m9s
Test / Flake checks (push) Successful in 1m15s
This was revealed by optimisation changes in the latest toolchain. Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
@@ -16,6 +16,23 @@ func (t Toolchain) newLibseccomp() (pkg.Artifact, string) {
|
|||||||
ScriptEarly: `
|
ScriptEarly: `
|
||||||
ln -s ../system/bin/bash /bin/
|
ln -s ../system/bin/bash /bin/
|
||||||
`,
|
`,
|
||||||
|
|
||||||
|
Patches: [][2]string{
|
||||||
|
{"fix-export-oob-read", `diff --git a/src/api.c b/src/api.c
|
||||||
|
index adccef3..65a277a 100644
|
||||||
|
--- a/src/api.c
|
||||||
|
+++ b/src/api.c
|
||||||
|
@@ -786,7 +786,7 @@ API int seccomp_export_bpf_mem(const scmp_filter_ctx ctx, void *buf,
|
||||||
|
if (BPF_PGM_SIZE(program) > *len)
|
||||||
|
rc = _rc_filter(-ERANGE);
|
||||||
|
else
|
||||||
|
- memcpy(buf, program->blks, *len);
|
||||||
|
+ memcpy(buf, program->blks, BPF_PGM_SIZE(program));
|
||||||
|
}
|
||||||
|
*len = BPF_PGM_SIZE(program);
|
||||||
|
|
||||||
|
`},
|
||||||
|
},
|
||||||
}, (*MakeHelper)(nil),
|
}, (*MakeHelper)(nil),
|
||||||
Bash,
|
Bash,
|
||||||
Diffutils,
|
Diffutils,
|
||||||
|
|||||||
Reference in New Issue
Block a user