forked from STashakkori/Remediations
-
Notifications
You must be signed in to change notification settings - Fork 0
/
CVE-2023-4911_reportpatch
50 lines (42 loc) · 1.2 KB
/
CVE-2023-4911_reportpatch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
QVLx Report for Remediating CVE-2023-4911:
-$t@$h
Obviously updating glibc is the easy fix. Else:
Based on commitdiff 061fe3f, look for these signatures in glibc:
c
Copy code
parse_tunables (char *tunestr, char *valstring)
...
if (p[len] == '\0')
...
for (size_t i = 0; i < sizeof (tunable_list) / sizeof (tunable_t); i++)
Patch Instructions:
Locate the parse_tunables function in elf/dl-tunables.c.
Apply patch similar to this, adjusting line numbers to signature locations:
diff
Copy code
--- a/elf/dl-tunables.c
+++ b/elf/dl-tunables.c
@@ -174,6 +174,7 @@ parse_tunables (char *tunestr, char *valstring)
{
char *p = tunestr;
size_t off = 0;
while (true)
{
@@ -213,12 +218,15 @@ parse_tunables (char *tunestr, char *valstring)
if (tunable_is_name (cur->name, name))
{
if (__libc_enable_secure)
{
if (cur->security_level != TUNABLE_SECLEVEL_SXID_ERASE)
{
+ if (off + len + 1 > tunestr_size)
+ break;
+
if (off > 0)
tunestr[off++] = ':';
// ... existing code for handling tunables ...
}
}
}
}
}