me
/
guix
Archived
1
0
Fork 0

gnu: libtommath: Prevent possible integer overflow.

* gnu/packages/multiprecision.scm (libtommath)[source]: Add patch.
* gnu/packages/patches/libtommath-integer-overflow.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
master
Efraim Flashner 2023-06-01 15:43:45 +03:00
parent 7c52ae295b
commit b428b49d8f
No known key found for this signature in database
GPG Key ID: 41AAE7DCCA3D8351
3 changed files with 144 additions and 2 deletions

View File

@ -1494,6 +1494,7 @@ dist_patch_DATA = \
%D%/packages/patches/libtirpc-CVE-2021-46828.patch \
%D%/packages/patches/libtirpc-hurd.patch \
%D%/packages/patches/libtommath-fix-linkage.patch \
%D%/packages/patches/libtommath-integer-overflow.patch \
%D%/packages/patches/libtool-grep-compat.patch \
%D%/packages/patches/libtool-skip-tests2.patch \
%D%/packages/patches/libusb-0.1-disable-tests.patch \

View File

@ -6,7 +6,7 @@
;;; Copyright © 2016, 2020 Jan (janneke) Nieuwenhuizen <janneke@gnu.org>
;;; Copyright © 2018, 2019 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2018 Eric Bavier <bavier@member.fsf.org>
;;; Copyright © 2018, 2019, 2021 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2018, 2019, 2021, 2023 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2021 Vinicius Monego <monego@posteo.net>
;;; Copyright © 2022 Maxim Cournoyer <maxim.cournoyer@gmail.com>
;;;
@ -450,7 +450,8 @@ number generators, public key cryptography and a plethora of other routines.")
"download/v" version "/ltm-" version ".tar.xz"))
(sha256
(base32
"1c8q1qy88cjhdjlk3g24mra94h34c1ldvkjz0n2988c0yvn5xixp"))))
"1c8q1qy88cjhdjlk3g24mra94h34c1ldvkjz0n2988c0yvn5xixp"))
(patches (search-patches "libtommath-integer-overflow.patch"))))
(build-system gnu-build-system)
(arguments
'(#:phases

View File

@ -0,0 +1,140 @@
This patch is from upstream:
https://github.com/libtom/libtommath/pull/546
From beba892bc0d4e4ded4d667ab1d2a94f4d75109a9 Mon Sep 17 00:00:00 2001
From: czurnieden <czurnieden@gmx.de>
Date: Tue, 9 May 2023 17:17:12 +0200
Subject: [PATCH] Fix possible integer overflow
---
bn_mp_2expt.c | 4 ++++
bn_mp_grow.c | 4 ++++
bn_mp_init_size.c | 5 +++++
bn_mp_mul_2d.c | 4 ++++
bn_s_mp_mul_digs.c | 4 ++++
bn_s_mp_mul_digs_fast.c | 4 ++++
bn_s_mp_mul_high_digs.c | 4 ++++
bn_s_mp_mul_high_digs_fast.c | 4 ++++
8 files changed, 33 insertions(+)
diff --git a/bn_mp_2expt.c b/bn_mp_2expt.c
index 0ae3df1bf..23de0c3c5 100644
--- a/bn_mp_2expt.c
+++ b/bn_mp_2expt.c
@@ -12,6 +12,10 @@ mp_err mp_2expt(mp_int *a, int b)
{
mp_err err;
+ if (b < 0) {
+ return MP_VAL;
+ }
+
/* zero a as per default */
mp_zero(a);
diff --git a/bn_mp_grow.c b/bn_mp_grow.c
index 9e904c547..2b1682651 100644
--- a/bn_mp_grow.c
+++ b/bn_mp_grow.c
@@ -9,6 +9,10 @@ mp_err mp_grow(mp_int *a, int size)
int i;
mp_digit *tmp;
+ if (size < 0) {
+ return MP_VAL;
+ }
+
/* if the alloc size is smaller alloc more ram */
if (a->alloc < size) {
/* reallocate the array a->dp
diff --git a/bn_mp_init_size.c b/bn_mp_init_size.c
index d62268721..99573833f 100644
--- a/bn_mp_init_size.c
+++ b/bn_mp_init_size.c
@@ -6,6 +6,11 @@
/* init an mp_init for a given size */
mp_err mp_init_size(mp_int *a, int size)
{
+
+ if (size < 0) {
+ return MP_VAL;
+ }
+
size = MP_MAX(MP_MIN_PREC, size);
/* alloc mem */
diff --git a/bn_mp_mul_2d.c b/bn_mp_mul_2d.c
index 87354de20..bfeaf2eb2 100644
--- a/bn_mp_mul_2d.c
+++ b/bn_mp_mul_2d.c
@@ -9,6 +9,10 @@ mp_err mp_mul_2d(const mp_int *a, int b, mp_int *c)
mp_digit d;
mp_err err;
+ if (b < 0) {
+ return MP_VAL;
+ }
+
/* copy */
if (a != c) {
if ((err = mp_copy(a, c)) != MP_OKAY) {
diff --git a/bn_s_mp_mul_digs.c b/bn_s_mp_mul_digs.c
index 64509d4cb..3682b4980 100644
--- a/bn_s_mp_mul_digs.c
+++ b/bn_s_mp_mul_digs.c
@@ -16,6 +16,10 @@ mp_err s_mp_mul_digs(const mp_int *a, const mp_int *b, mp_int *c, int digs)
mp_word r;
mp_digit tmpx, *tmpt, *tmpy;
+ if (digs < 0) {
+ return MP_VAL;
+ }
+
/* can we use the fast multiplier? */
if ((digs < MP_WARRAY) &&
(MP_MIN(a->used, b->used) < MP_MAXFAST)) {
diff --git a/bn_s_mp_mul_digs_fast.c b/bn_s_mp_mul_digs_fast.c
index b2a287b02..3c4176a87 100644
--- a/bn_s_mp_mul_digs_fast.c
+++ b/bn_s_mp_mul_digs_fast.c
@@ -26,6 +26,10 @@ mp_err s_mp_mul_digs_fast(const mp_int *a, const mp_int *b, mp_int *c, int digs)
mp_digit W[MP_WARRAY];
mp_word _W;
+ if (digs < 0) {
+ return MP_VAL;
+ }
+
/* grow the destination as required */
if (c->alloc < digs) {
if ((err = mp_grow(c, digs)) != MP_OKAY) {
diff --git a/bn_s_mp_mul_high_digs.c b/bn_s_mp_mul_high_digs.c
index 2bb2a5098..c9dd355f8 100644
--- a/bn_s_mp_mul_high_digs.c
+++ b/bn_s_mp_mul_high_digs.c
@@ -15,6 +15,10 @@ mp_err s_mp_mul_high_digs(const mp_int *a, const mp_int *b, mp_int *c, int digs)
mp_word r;
mp_digit tmpx, *tmpt, *tmpy;
+ if (digs < 0) {
+ return MP_VAL;
+ }
+
/* can we use the fast multiplier? */
if (MP_HAS(S_MP_MUL_HIGH_DIGS_FAST)
&& ((a->used + b->used + 1) < MP_WARRAY)
diff --git a/bn_s_mp_mul_high_digs_fast.c b/bn_s_mp_mul_high_digs_fast.c
index a2c4fb692..4ce7f590c 100644
--- a/bn_s_mp_mul_high_digs_fast.c
+++ b/bn_s_mp_mul_high_digs_fast.c
@@ -19,6 +19,10 @@ mp_err s_mp_mul_high_digs_fast(const mp_int *a, const mp_int *b, mp_int *c, int
mp_digit W[MP_WARRAY];
mp_word _W;
+ if (digs < 0) {
+ return MP_VAL;
+ }
+
/* grow the destination as required */
pa = a->used + b->used;
if (c->alloc < pa) {