poky/meta/recipes-support/libcap/files/CVE-2023-2602.patch

From bc6b36682f188020ee4770fae1d41bde5b2c97bb Mon Sep 17 00:00:00 2001
From: "Andrew G. Morgan" <morgan@kernel.org>
Date: Wed, 3 May 2023 19:18:36 -0700
Subject: Correct the check of pthread_create()'s return value.

This function returns a positive number (errno) on error, so the code
wasn't previously freeing some memory in this situation.

Discussion:

  https://stackoverflow.com/a/3581020/14760867

Credit for finding this bug in libpsx goes to David Gstir of
X41 D-Sec GmbH (https://x41-dsec.de/) who performed a security
audit of the libcap source code in April of 2023. The audit
was sponsored by the Open Source Technology Improvement Fund
(https://ostif.org/).

Audit ref: LCAP-CR-23-01 (CVE-2023-2602)

Signed-off-by: Andrew G. Morgan <morgan@kernel.org>

Upstream-Status: Backport [https://git.kernel.org/pub/scm/libs/libcap/libcap.git/patch/?id=bc6b36682f188020ee4770fae1d41bde5b2c97bb]
CVE: CVE-2023-2602
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
 psx/psx.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/psx/psx.c b/psx/psx.c
index d9c0485..65eb2aa 100644
--- a/psx/psx.c
+++ b/psx/psx.c
@@ -516,7 +516,7 @@ int __wrap_pthread_create(pthread_t *thread, const pthread_attr_t *attr,
     pthread_sigmask(SIG_BLOCK, &sigbit, NULL);
 
     int ret = __real_pthread_create(thread, attr, _psx_start_fn, starter);
-    if (ret == -1) {
+    if (ret > 0) {
 	psx_new_state(_PSX_CREATE, _PSX_IDLE);
 	memset(starter, 0, sizeof(*starter));
 	free(starter);
-- 
2.25.1