01/02: gnu: libtommath: Prevent possible integer overflow.

guix-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

01/02: gnu: libtommath: Prevent possible integer overflow.

From:	guix-commits
Subject:	01/02: gnu: libtommath: Prevent possible integer overflow.
Date:	Thu, 1 Jun 2023 08:57:46 -0400 (EDT)

efraim pushed a commit to branch master
in repository guix.

commit b428b49d8f2953ee0c26bd7a4770a4fe27b8e306
Author: Efraim Flashner <efraim@flashner.co.il>
AuthorDate: Thu Jun 1 15:43:45 2023 +0300

    gnu: libtommath: Prevent possible integer overflow.
    
    * gnu/packages/multiprecision.scm (libtommath)[source]: Add patch.
    * gnu/packages/patches/libtommath-integer-overflow.patch: New file.
    * gnu/local.mk (dist_patch_DATA): Register it.
---
 gnu/local.mk                                       |   1 +
 gnu/packages/multiprecision.scm                    |   5 +-
 .../patches/libtommath-integer-overflow.patch      | 140 +++++++++++++++++++++
 3 files changed, 144 insertions(+), 2 deletions(-)

diff --git a/gnu/local.mk b/gnu/local.mk
index ba1b42fc05..df294564df 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1494,6 +1494,7 @@ dist_patch_DATA =                                         
\
   %D%/packages/patches/libtirpc-CVE-2021-46828.patch           \
   %D%/packages/patches/libtirpc-hurd.patch                     \
   %D%/packages/patches/libtommath-fix-linkage.patch            \
+  %D%/packages/patches/libtommath-integer-overflow.patch       \
   %D%/packages/patches/libtool-grep-compat.patch               \
   %D%/packages/patches/libtool-skip-tests2.patch               \
   %D%/packages/patches/libusb-0.1-disable-tests.patch          \
diff --git a/gnu/packages/multiprecision.scm b/gnu/packages/multiprecision.scm
index 6ba08be3a3..bb68ea06bf 100644
--- a/gnu/packages/multiprecision.scm
+++ b/gnu/packages/multiprecision.scm
@@ -6,7 +6,7 @@
 ;;; Copyright © 2016, 2020 Jan (janneke) Nieuwenhuizen <janneke@gnu.org>
 ;;; Copyright © 2018, 2019 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2018 Eric Bavier <bavier@member.fsf.org>
-;;; Copyright © 2018, 2019, 2021 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2018, 2019, 2021, 2023 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2021 Vinicius Monego <monego@posteo.net>
 ;;; Copyright © 2022 Maxim Cournoyer <maxim.cournoyer@gmail.com>
 ;;;
@@ -450,7 +450,8 @@ number generators, public key cryptography and a plethora 
of other routines.")
                             "download/v" version "/ltm-" version ".tar.xz"))
         (sha256
          (base32
-          "1c8q1qy88cjhdjlk3g24mra94h34c1ldvkjz0n2988c0yvn5xixp"))))
+          "1c8q1qy88cjhdjlk3g24mra94h34c1ldvkjz0n2988c0yvn5xixp"))
+        (patches (search-patches "libtommath-integer-overflow.patch"))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases
diff --git a/gnu/packages/patches/libtommath-integer-overflow.patch 
b/gnu/packages/patches/libtommath-integer-overflow.patch
new file mode 100644
index 0000000000..5241726775
--- /dev/null
+++ b/gnu/packages/patches/libtommath-integer-overflow.patch
@@ -0,0 +1,140 @@
+This patch is from upstream:
+https://github.com/libtom/libtommath/pull/546
+
+From beba892bc0d4e4ded4d667ab1d2a94f4d75109a9 Mon Sep 17 00:00:00 2001
+From: czurnieden <czurnieden@gmx.de>
+Date: Tue, 9 May 2023 17:17:12 +0200
+Subject: [PATCH] Fix possible integer overflow
+
+---
+ bn_mp_2expt.c                | 4 ++++
+ bn_mp_grow.c                 | 4 ++++
+ bn_mp_init_size.c            | 5 +++++
+ bn_mp_mul_2d.c               | 4 ++++
+ bn_s_mp_mul_digs.c           | 4 ++++
+ bn_s_mp_mul_digs_fast.c      | 4 ++++
+ bn_s_mp_mul_high_digs.c      | 4 ++++
+ bn_s_mp_mul_high_digs_fast.c | 4 ++++
+ 8 files changed, 33 insertions(+)
+
+diff --git a/bn_mp_2expt.c b/bn_mp_2expt.c
+index 0ae3df1bf..23de0c3c5 100644
+--- a/bn_mp_2expt.c
++++ b/bn_mp_2expt.c
+@@ -12,6 +12,10 @@ mp_err mp_2expt(mp_int *a, int b)
+ {
+    mp_err    err;
+ 
++   if (b < 0) {
++      return MP_VAL;
++   }
++
+    /* zero a as per default */
+    mp_zero(a);
+ 
+diff --git a/bn_mp_grow.c b/bn_mp_grow.c
+index 9e904c547..2b1682651 100644
+--- a/bn_mp_grow.c
++++ b/bn_mp_grow.c
+@@ -9,6 +9,10 @@ mp_err mp_grow(mp_int *a, int size)
+    int     i;
+    mp_digit *tmp;
+ 
++   if (size < 0) {
++      return MP_VAL;
++   }
++
+    /* if the alloc size is smaller alloc more ram */
+    if (a->alloc < size) {
+       /* reallocate the array a->dp
+diff --git a/bn_mp_init_size.c b/bn_mp_init_size.c
+index d62268721..99573833f 100644
+--- a/bn_mp_init_size.c
++++ b/bn_mp_init_size.c
+@@ -6,6 +6,11 @@
+ /* init an mp_init for a given size */
+ mp_err mp_init_size(mp_int *a, int size)
+ {
++
++   if (size < 0) {
++      return MP_VAL;
++   }
++
+    size = MP_MAX(MP_MIN_PREC, size);
+ 
+    /* alloc mem */
+diff --git a/bn_mp_mul_2d.c b/bn_mp_mul_2d.c
+index 87354de20..bfeaf2eb2 100644
+--- a/bn_mp_mul_2d.c
++++ b/bn_mp_mul_2d.c
+@@ -9,6 +9,10 @@ mp_err mp_mul_2d(const mp_int *a, int b, mp_int *c)
+    mp_digit d;
+    mp_err   err;
+ 
++   if (b < 0) {
++      return MP_VAL;
++   }
++
+    /* copy */
+    if (a != c) {
+       if ((err = mp_copy(a, c)) != MP_OKAY) {
+diff --git a/bn_s_mp_mul_digs.c b/bn_s_mp_mul_digs.c
+index 64509d4cb..3682b4980 100644
+--- a/bn_s_mp_mul_digs.c
++++ b/bn_s_mp_mul_digs.c
+@@ -16,6 +16,10 @@ mp_err s_mp_mul_digs(const mp_int *a, const mp_int *b, 
mp_int *c, int digs)
+    mp_word r;
+    mp_digit tmpx, *tmpt, *tmpy;
+ 
++   if (digs < 0) {
++      return MP_VAL;
++   }
++
+    /* can we use the fast multiplier? */
+    if ((digs < MP_WARRAY) &&
+        (MP_MIN(a->used, b->used) < MP_MAXFAST)) {
+diff --git a/bn_s_mp_mul_digs_fast.c b/bn_s_mp_mul_digs_fast.c
+index b2a287b02..3c4176a87 100644
+--- a/bn_s_mp_mul_digs_fast.c
++++ b/bn_s_mp_mul_digs_fast.c
+@@ -26,6 +26,10 @@ mp_err s_mp_mul_digs_fast(const mp_int *a, const mp_int *b, 
mp_int *c, int digs)
+    mp_digit W[MP_WARRAY];
+    mp_word  _W;
+ 
++   if (digs < 0) {
++      return MP_VAL;
++   }
++
+    /* grow the destination as required */
+    if (c->alloc < digs) {
+       if ((err = mp_grow(c, digs)) != MP_OKAY) {
+diff --git a/bn_s_mp_mul_high_digs.c b/bn_s_mp_mul_high_digs.c
+index 2bb2a5098..c9dd355f8 100644
+--- a/bn_s_mp_mul_high_digs.c
++++ b/bn_s_mp_mul_high_digs.c
+@@ -15,6 +15,10 @@ mp_err s_mp_mul_high_digs(const mp_int *a, const mp_int *b, 
mp_int *c, int digs)
+    mp_word  r;
+    mp_digit tmpx, *tmpt, *tmpy;
+ 
++   if (digs < 0) {
++      return MP_VAL;
++   }
++
+    /* can we use the fast multiplier? */
+    if (MP_HAS(S_MP_MUL_HIGH_DIGS_FAST)
+        && ((a->used + b->used + 1) < MP_WARRAY)
+diff --git a/bn_s_mp_mul_high_digs_fast.c b/bn_s_mp_mul_high_digs_fast.c
+index a2c4fb692..4ce7f590c 100644
+--- a/bn_s_mp_mul_high_digs_fast.c
++++ b/bn_s_mp_mul_high_digs_fast.c
+@@ -19,6 +19,10 @@ mp_err s_mp_mul_high_digs_fast(const mp_int *a, const 
mp_int *b, mp_int *c, int
+    mp_digit W[MP_WARRAY];
+    mp_word  _W;
+ 
++   if (digs < 0) {
++      return MP_VAL;
++   }
++
+    /* grow the destination as required */
+    pa = a->used + b->used;
+    if (c->alloc < pa) {

[Prev in Thread]

Current Thread

[Next in Thread]

branch master updated (7c52ae295b -> cf388642ce), guix-commits, 2023/06/01
- 01/02: gnu: libtommath: Prevent possible integer overflow., guix-commits <=
- 02/02: gnu: libtommath: Honor the #:tests? flag., guix-commits, 2023/06/01

Prev by Date: branch master updated (7c52ae295b -> cf388642ce)
Next by Date: 02/02: gnu: libtommath: Honor the #:tests? flag.
Previous by thread: branch master updated (7c52ae295b -> cf388642ce)
Next by thread: 02/02: gnu: libtommath: Honor the #:tests? flag.
Index(es):
- Date
- Thread