mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-03-19 13:49:41 +01:00
Code Issues Packages Projects Releases Wiki Activity

libseccomp: fix seccomp_export_bpf_mem out-of-bounds read

Browse Source 
Fixes segfaults in ptests on musl
Failed ptests:
{'libseccomp': ['11-basic-basic_errors%%001-00001_11-basic-basic_errors_rc=139']}

(From OE-Core rev: 4f26edb6fd7e3dc5f81c56faed3a0edd9264bf66)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Khem Raj
2025-08-23 13:04:04 -07:00
committed by Richard Purdie
parent 6471b9a898
commit 9cb33630b0
2 changed files with 38 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
meta/recipes-support/libseccomp/files/0001-api-fix-seccomp_export_bpf_mem-out-of-bounds-read.patch Normal file
View File

@@ -0,0 +1,37 @@
From 83a56d74482ef6b6cc9311b14bf9ea23573f5d4e Mon Sep 17 00:00:00 2001
From: Alyssa Ross <hi@alyssa.is>
Date: Thu, 13 Feb 2025 12:05:17 +0100
Subject: [PATCH] api: fix seccomp_export_bpf_mem out-of-bounds read
*len is the length of the destination buffer, but program->blks is
probably not anywhere near that long. It's already been checked above
that BPF_PGM_SIZE(program) is less than or equal to *len, so that's
the correct value to use here to avoid either reading or writing too
much.
I noticed this because tests/11-basic-basic_errors started failing on
musl after e797591 ("all: add seccomp_precompute() functionality").
Upstream-Status: Backport [https://github.com/seccomp/libseccomp/commit/dd759e8c4f5685b526638fba9ec4fc24c37c9aec]
Signed-off-by: Alyssa Ross <hi@alyssa.is>
Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
(imported from commit e8dbc6b555fb936bdfb8ab86f9a45fda96a8b7a2)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
src/api.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/api.c b/src/api.c
index adccef3..65a277a 100644
--- a/src/api.c
+++ b/src/api.c
@@ -786,7 +786,7 @@ API int seccomp_export_bpf_mem(const scmp_filter_ctx ctx, void *buf,
if (BPF_PGM_SIZE(program) > *len)
rc = _rc_filter(-ERANGE);
else
- memcpy(buf, program->blks, *len);
+ memcpy(buf, program->blks, BPF_PGM_SIZE(program));
}
*len = BPF_PGM_SIZE(program);

1
meta/recipes-support/libseccomp/libseccomp_2.6.0.bb
View File

@@ -10,6 +10,7 @@ DEPENDS += "gperf-native"
SRCREV = "c7c0caed1d04292500ed4b9bb386566053eb9775"
SRC_URI = "git://github.com/seccomp/libseccomp.git;branch=release-2.6;protocol=https \
file://0001-api-fix-seccomp_export_bpf_mem-out-of-bounds-read.patch \
file://run-ptest \
"