import glibc-2.28-101.el8.src.rpm

Signed-off-by: zhangbinchen <zhangbinchen@openanolis.org>
2021-01-20 13:33:51 +08:00 · 2021-01-20 13:33:51 +08:00 · ba6a26df65
commit ba6a26df65
268 changed files with 59851 additions and 0 deletions
--- a/glibc-rh1651283-2.patch
+++ b/glibc-rh1651283-2.patch
@ -0,0 +1,30 @@
+commit 30a17d8c95fbfb15c52d1115803b63aaa73a285c
+Author: Pochang Chen <johnchen902@gmail.com>
+Date:   Thu Aug 16 15:24:24 2018 -0400
+
+    malloc: Verify size of top chunk.
+    
+    The House of Force is a well-known technique to exploit heap
+    overflow. In essence, this exploit takes three steps:
+    1. Overwrite the size of top chunk with very large value (e.g. -1).
+    2. Request x bytes from top chunk. As the size of top chunk
+       is corrupted, x can be arbitrarily large and top chunk will
+       still be offset by x.
+    3. The next allocation from top chunk will thus be controllable.
+    
+    If we verify the size of top chunk at step 2, we can stop such attack.
+
+diff --git a/malloc/malloc.c b/malloc/malloc.c
+index e450597e2e527fb7..d8d4581a9dcea80a 100644
+--- a/malloc/malloc.c
+++ b/malloc/malloc.c
+@@ -4084,6 +4084,9 @@ _int_malloc (mstate av, size_t bytes)
+       victim = av->top;
+       size = chunksize (victim);
+ 
+      if (__glibc_unlikely (size > av->system_mem))
+        malloc_printerr ("malloc(): corrupted top size");
+
+       if ((unsigned long) (size) >= (unsigned long) (nb + MINSIZE))
+         {
+           remainder_size = size - nb;