- Fix: CVE-2021-43618

Resolves: RHEL-23055
4 months ago · d7760a4f9e
parent e188299dd2
commit d7760a4f9e
2 changed files with 31 additions and 1 deletions
--- a/SOURCES/cve-2021-43618.patch
+++ b/SOURCES/cve-2021-43618.patch
@ -0,0 +1,25 @@
+
+# HG changeset patch
+# User Marco Bodrato <bodrato@mail.dm.unipi.it>
+# Date 1634836009 -7200
+# Node ID 561a9c25298e17bb01896801ff353546c6923dbd
+# Parent  e1fd9db13b475209a864577237ea4b9105b3e96e
+mpz/inp_raw.c: Avoid bit size overflows
+
+diff -r e1fd9db13b47 -r 561a9c25298e mpz/inp_raw.c
+--- a/mpz/inp_raw.c	Tue Dec 22 23:49:51 2020 +0100
+++ b/mpz/inp_raw.c	Thu Oct 21 19:06:49 2021 +0200
+@@ -88,8 +88,11 @@
+ 
+   abs_csize = ABS (csize);
+ 
+  if (UNLIKELY (abs_csize > ~(mp_bitcnt_t) 0 / 8))
+    return 0; /* Bit size overflows */
+
+   /* round up to a multiple of limbs */
+-  abs_xsize = BITS_TO_LIMBS (abs_csize*8);
+  abs_xsize = BITS_TO_LIMBS ((mp_bitcnt_t) abs_csize * 8);
+ 
+   if (abs_xsize != 0)
+     {
+
--- a/SPECS/gmp.spec
+++ b/SPECS/gmp.spec
@ -6,7 +6,7 @@
 Summary: A GNU arbitrary precision library
 Name: gmp
 Version: 6.1.2
-Release: 10%{?dist}
+Release: 11%{?dist}
 Epoch: 1
 URL: http://gmplib.org/
 Source0: ftp://ftp.gmplib.org/pub/gmp-%{version}/gmp-%{version}.tar.bz2
@ -15,6 +15,7 @@ Source2: gmp.h
 Source3: gmp-mparam.h
 Patch2: gmp-6.0.0-debuginfo.patch
 Patch3: gmp-fcf-protection.patch
+Patch4: cve-2021-43618.patch
 License: LGPLv3+ or GPLv2+
 Group: System Environment/Libraries
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@ -200,6 +201,10 @@ exit 0
 %{_libdir}/libgmpxx.a

 %changelog
+* Mon Jan 29 2024 Jakub Martisko <jamartis@redhat.com> - 1:6.1.2-11
+- Fix: CVE-2021-43618
+Resolves: RHEL-23055
+
 * Tue Jul 25 2023 MSVSphere Packaging Team <packager@msvsphere.ru> - 1:6.1.2-10
 - Rebuilt for MSVSphere 8.8