diff --git a/debian/patches/302-CVE-2016-6252-fix-integer-overflow.patch b/debian/patches/302-CVE-2016-6252-fix-integer-overflow.patch new file mode 100644 index 00000000..2f2195b4 --- /dev/null +++ b/debian/patches/302-CVE-2016-6252-fix-integer-overflow.patch @@ -0,0 +1,46 @@ +From 1d5a926cc2d6078d23a96222b1ef3e558724dad1 Mon Sep 17 00:00:00 2001 +From: Sebastian Krahmer +Date: Wed, 3 Aug 2016 11:51:07 -0500 +Subject: [PATCH] Simplify getulong + +Use strtoul to read an unsigned long, rather than reading +a signed long long and casting it. + +https://bugzilla.suse.com/show_bug.cgi?id=979282 +--- + lib/getulong.c | 9 +++------ + 1 file changed, 3 insertions(+), 6 deletions(-) + +diff --git a/lib/getulong.c b/lib/getulong.c +index 61579ca..08d2c1a 100644 +--- a/lib/getulong.c ++++ b/lib/getulong.c +@@ -44,22 +44,19 @@ + */ + int getulong (const char *numstr, /*@out@*/unsigned long int *result) + { +- long long int val; ++ unsigned long int val; + char *endptr; + + errno = 0; +- val = strtoll (numstr, &endptr, 0); ++ val = strtoul (numstr, &endptr, 0); + if ( ('\0' == *numstr) + || ('\0' != *endptr) + || (ERANGE == errno) +- /*@+ignoresigns@*/ +- || (val != (unsigned long int)val) +- /*@=ignoresigns@*/ + ) { + return 0; + } + +- *result = (unsigned long int)val; ++ *result = val; + return 1; + } + +-- +2.1.4 + diff --git a/debian/patches/series b/debian/patches/series index ceb25e02..56790820 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -5,6 +5,7 @@ 503_shadowconfig.8 008_login_log_failure_in_FTMP 301-CVE-2017-2616-su-properly-clear-child-PID.patch +302-CVE-2016-6252-fix-integer-overflow.patch 429_login_FAILLOG_ENAB 401_cppw_src.dpatch # 402 should be merged in 401, but should be reviewed by SE Linux experts first