blob: b2bb7f09693a2d974dd84168e27a1ed74ee22ace (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
From: Karel Zak <kzak@redhat.com>
Date: Tue, 27 Jul 2021 11:58:31 +0200
Subject: sys-utils/ipcutils: be careful when call calloc() for uint64 nmembs
Signed-off-by: Karel Zak <kzak@redhat.com>
Bug: https://github.com/karelzak/util-linux/issues/1395
Origin: https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
Bug-Debian: https://bugs.debian.org/991619
Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2021-37600
---
sys-utils/ipcutils.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sys-utils/ipcutils.c b/sys-utils/ipcutils.c
index 5fe297f..989e299 100644
--- a/sys-utils/ipcutils.c
+++ b/sys-utils/ipcutils.c
@@ -215,7 +215,7 @@ static void get_sem_elements(struct sem_data *p)
{
size_t i;
- if (!p || !p->sem_nsems || p->sem_perm.id < 0)
+ if (!p || !p->sem_nsems || p->sem_nsems > SIZE_MAX || p->sem_perm.id < 0)
return;
p->elements = xcalloc(p->sem_nsems, sizeof(struct sem_elem));
|