diff --git a/0005-Avoid-divide-by-zero-in-uint64_mult_overflow.patch b/0005-Avoid-divide-by-zero-in-uint64_mult_overflow.patch new file mode 100644 index 0000000000000000000000000000000000000000..90505cfed9fb52c05299b4f1dbbeafe0bd3e07e3 --- /dev/null +++ b/0005-Avoid-divide-by-zero-in-uint64_mult_overflow.patch @@ -0,0 +1,31 @@ +From 33e26be58be852df80f945f328f5ee408a313563 Mon Sep 17 00:00:00 2001 +From: Milan Broz +Date: Thu, 18 Apr 2024 08:39:52 +0200 +Subject: [PATCH] Avoid divide by zero in uint64_mult_overflow. + +This function is used with block size, where 0 does +not make sense, so failing the check is the simple way +to avoid sividion by zero. + +In reality, this should never happen, but it was seen +in (unreproducible) fuzzing input. +--- + lib/internal.h | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/lib/internal.h b/lib/internal.h +index 3a0d6e64..38b99d91 100644 +--- a/lib/internal.h ++++ b/lib/internal.h +@@ -266,6 +266,8 @@ static inline void *crypt_zalloc(size_t size) { return calloc(1, size); } + static inline bool uint64_mult_overflow(uint64_t *u, uint64_t b, size_t size) + { + *u = (uint64_t)b * size; ++ if (size == 0) ++ return true; + if ((uint64_t)(*u / size) != b) + return true; + return false; +-- +2.27.0 + diff --git a/cryptsetup.spec b/cryptsetup.spec index a8c11bd338c60a380688e51a1c8009d1d6f8cdfb..fd01adb5927c10dafb94e7acb44d39805cde5b60 100644 --- a/cryptsetup.spec +++ b/cryptsetup.spec @@ -1,6 +1,6 @@ Name: cryptsetup Version: 2.6.1 -Release: 1 +Release: 2 Summary: Utility used to conveniently set up disk encryption License: GPLv2+ and CC0-1.0 and LGPLv2+ URL: https://gitlab.com/cryptsetup/cryptsetup @@ -10,6 +10,7 @@ Patch1: 0001-cryptsetup-add-system-library-paths.patch Patch2: 0002-fix-compat-test.patch Patch3: 0003-fix-potential-null-pointer-dereference.patch Patch4: 0004-Update-file-cryptsetup-ssh.c.patch +Patch5: 0005-Avoid-divide-by-zero-in-uint64_mult_overflow.patch BuildRequires: openssl-devel, popt-devel, device-mapper-devel, gcc, libssh-devel, asciidoctor BuildRequires: libuuid-devel, json-c-devel, libargon2-devel, libpwquality-devel, libblkid-devel @@ -104,6 +105,9 @@ make check %{_mandir}/man8/* %changelog +* Fri Jun 28 2024 kouwenqi - 2.6.1-2 +- avoid divide by zero in uint64_mult_overflow + * Tue Feb 6 2024 wangzhiqiang - 2.6.1-1 - upgrade version to 2.6.1