From c52a2c784116fec217571ea7ea5591d380b45954 Mon Sep 17 00:00:00 2001 From: Miro Stauder Date: Thu, 10 Mar 2022 14:47:06 +0100 Subject: [PATCH] patch deps CodeQL alerts --- deps/Makefile | 14 ++++- deps/libev/ev.c-multiplication-overflow.patch | 18 +++++++ .../connection.c-snprintf-overflow.patch | 20 +++++++ .../a_time.c-multiplication-overflow.patch | 9 ++++ .../curve448.c-multiplication-overflow.patch | 9 ++++ .../ma_array.c-multiplication-overflow.patch | 53 +++++++++++++++++++ ...adb_dyncol.c-multiplication-overflow.patch | 16 ++++++ .../zutil.c-multiplication-overflow.patch | 9 ++++ .../pcretest.c-multiplication-overflow.patch | 9 ++++ .../onepass.cc-multiplication-overflow.patch | 12 +++++ .../sqlite3.c-multiplication-overflow.patch | 18 +++++++ 11 files changed, 185 insertions(+), 2 deletions(-) create mode 100644 deps/libev/ev.c-multiplication-overflow.patch create mode 100644 deps/libmicrohttpd/connection.c-snprintf-overflow.patch create mode 100644 deps/libssl/a_time.c-multiplication-overflow.patch create mode 100644 deps/libssl/curve448.c-multiplication-overflow.patch create mode 100644 deps/mariadb-client-library/ma_array.c-multiplication-overflow.patch create mode 100644 deps/mariadb-client-library/mariadb_dyncol.c-multiplication-overflow.patch create mode 100644 deps/mariadb-client-library/zutil.c-multiplication-overflow.patch create mode 100644 deps/pcre/pcretest.c-multiplication-overflow.patch create mode 100644 deps/re2/onepass.cc-multiplication-overflow.patch create mode 100644 deps/sqlite3/sqlite3.c-multiplication-overflow.patch diff --git a/deps/Makefile b/deps/Makefile index 2b441693d..02da46a2c 100644 --- a/deps/Makefile +++ b/deps/Makefile @@ -58,7 +58,9 @@ libssl/openssl/libssl.a: cd libssl && rm -rf openssl-1.1.1j || true cd libssl && rm -rf openssl-openssl-3.0.0 || true cd libssl && tar -zxf openssl-3.0.0.tar.gz - cd libssl/openssl && ./config no-ssl3 no-tests + cd libssl/openssl && patch crypto/ec/curve448/curve448.c < ../curve448.c-multiplication-overflow.patch + cd libssl/openssl && patch crypto/asn1/a_time.c < ../a_time.c-multiplication-overflow.patch + cd libssl/openssl && ./config no-ssl3 no-tests cd libssl/openssl && CC=${CC} CXX=${CXX} ${MAKE} cd libssl/openssl && ln -s . lib # curl wants this path libssl: libssl/openssl/libssl.a @@ -98,6 +100,7 @@ libhttpserver: libhttpserver/libhttpserver/build/src/.libs/libhttpserver.a libev/libev/.libs/libev.a: cd libev && rm -rf libev-4.24 || true cd libev && tar -zxf libev-4.24.tar.gz + cd libev/libev && patch ev.c < ../ev.c-multiplication-overflow.patch cd libev/libev && ./configure cd libev/libev && CC=${CC} CXX=${CXX} ${MAKE} ev: libev/libev/.libs/libev.a @@ -124,6 +127,7 @@ endif ifeq ($(OS),Darwin) cd libmicrohttpd/libmicrohttpd && patch src/microhttpd/mhd_sockets.c < ../mhd_sockets.c-issue-5977.patch endif + cd libmicrohttpd/libmicrohttpd && patch src/microhttpd/connection.c < ../connection.c-snprintf-overflow.patch cd libmicrohttpd/libmicrohttpd && ./configure --enable-https && CC=${CC} CXX=${CXX} ${MAKE} microhttpd: libmicrohttpd/libmicrohttpd/src/microhttpd/.libs/libmicrohttpd.a @@ -200,6 +204,9 @@ mariadb-client-library/mariadb_client/libmariadb/libmariadbclient.a: libssl/open ifeq ($(WITHASAN),1) cd mariadb-client-library/mariadb_client && patch -p0 < ../mariadb_asan.patch endif + cd mariadb-client-library/mariadb_client && patch libmariadb/mariadb_dyncol.c < ../mariadb_dyncol.c-multiplication-overflow.patch + cd mariadb-client-library/mariadb_client && patch libmariadb/ma_array.c < ../ma_array.c-multiplication-overflow.patch + cd mariadb-client-library/mariadb_client && patch zlib/zutil.c < ../zutil.c-multiplication-overflow.patch cd mariadb-client-library/mariadb_client && CC=${CC} CXX=${CXX} ${MAKE} mariadbclient # cd mariadb-client-library/mariadb_client/include && make my_config.h @@ -210,6 +217,7 @@ sqlite3/sqlite3/sqlite3.o: cd sqlite3 && rm -rf sqlite-amalgamation-3190200 cd sqlite3 && tar -zxf sqlite-amalgamation-3190200.tar.gz cd sqlite3/sqlite3 && patch sqlite3.c < ../from_unixtime.patch + cd sqlite3/sqlite3 && patch sqlite3.c < ../sqlite3.c-multiplication-overflow.patch cd sqlite3/sqlite3 && ${CC} ${MYCFLAGS} -fPIC -c -o sqlite3.o sqlite3.c -DSQLITE_ENABLE_MEMORY_MANAGEMENT -DSQLITE_ENABLE_JSON1 -DSQLITE_DLL=1 cd sqlite3/sqlite3 && ${CC} -shared -o libsqlite3.so sqlite3.o @@ -241,7 +249,8 @@ re2/re2/obj/libre2.a: # cd re2 && tar -zxf re2-20140304.tgz cd re2 && tar -zxf re2.tar.gz # cd re2/re2 && sed -i -e 's/-O3 -g /-O3 -fPIC /' Makefile -# cd re2 && patch re2/util/mutex.h < mutex.h.patch +# cd re2/re2 && patch util/mutex.h < ../mutex.h.patch + cd re2/re2 && patch re2/onepass.cc < ../onepass.cc-multiplication-overflow.patch cd re2/re2 && sed -i -e 's/-O3 /-O3 -fPIC -DMEMORY_SANITIZER -DRE2_ON_VALGRIND /' Makefile cd re2/re2 && sed -i -e 's/RE2_CXXFLAGS?=-std=c++11 /RE2_CXXFLAGS?=-std=c++11 -fPIC /' Makefile cd re2/re2 && CC=${CC} CXX=${CXX} ${MAKE} @@ -252,6 +261,7 @@ pcre/pcre/.libs/libpcre.a: cd pcre && rm -rf pcre-8.39 cd pcre && rm -rf pcre-8.44 cd pcre && tar -zxf pcre-8.44.tar.gz + cd pcre/pcre && patch pcretest.c < ../pcretest.c-multiplication-overflow.patch cd pcre/pcre && ./configure cd pcre/pcre && CC=${CC} CXX=${CXX} ${MAKE} pcre: pcre/pcre/.libs/libpcre.a diff --git a/deps/libev/ev.c-multiplication-overflow.patch b/deps/libev/ev.c-multiplication-overflow.patch new file mode 100644 index 000000000..e72cdc9bf --- /dev/null +++ b/deps/libev/ev.c-multiplication-overflow.patch @@ -0,0 +1,18 @@ +@@ -1937,7 +1937,7 @@ + while (cnt > ncur); + + /* if size is large, round to MALLOC_ROUND - 4 * longs to accommodate malloc overhead */ +- if (elem * ncur > MALLOC_ROUND - sizeof (void *) * 4) ++ if ((long) elem * ncur > MALLOC_ROUND - sizeof (void *) * 4) + { + ncur *= elem; + ncur = (ncur + elem + (MALLOC_ROUND - 1) + sizeof (void *) * 4) & ~(MALLOC_ROUND - 1); +@@ -1953,7 +1953,7 @@ + array_realloc (int elem, void *base, int *cur, int cnt) + { + *cur = array_nextsize (elem, *cur, cnt); +- return ev_realloc (base, elem * *cur); ++ return ev_realloc (base, (long) elem * *cur); + } + + #define array_init_zero(base,count) \ diff --git a/deps/libmicrohttpd/connection.c-snprintf-overflow.patch b/deps/libmicrohttpd/connection.c-snprintf-overflow.patch new file mode 100644 index 000000000..af08efccc --- /dev/null +++ b/deps/libmicrohttpd/connection.c-snprintf-overflow.patch @@ -0,0 +1,20 @@ +@@ -1582,11 +1582,18 @@ + MHD_HTTP_HEADER_CONNECTION))) && + (MHD_str_equal_caseless_ (pos->value, + "Keep-Alive")) ) ) ) +- off += MHD_snprintf_ (&data[off], ++ { ++ int n = MHD_snprintf_ (&data[off], + size - off, + "%s: %s\r\n", + pos->header, + pos->value); ++ if (n < 0 || n >= size - off) ++ { ++ break; ++ } ++ off += n; ++ } + } + if (MHD_CONNECTION_FOOTERS_RECEIVED == connection->state) + { diff --git a/deps/libssl/a_time.c-multiplication-overflow.patch b/deps/libssl/a_time.c-multiplication-overflow.patch new file mode 100644 index 000000000..9dbae8092 --- /dev/null +++ b/deps/libssl/a_time.c-multiplication-overflow.patch @@ -0,0 +1,9 @@ +@@ -248,7 +248,7 @@ + } + o++; + } +- if (offset && !OPENSSL_gmtime_adj(&tmp, 0, offset * offsign)) ++ if (offset && !OPENSSL_gmtime_adj(&tmp, 0, (long) offset * offsign)) + goto err; + } else { + /* not Z, or not +/- in non-strict mode */ diff --git a/deps/libssl/curve448.c-multiplication-overflow.patch b/deps/libssl/curve448.c-multiplication-overflow.patch new file mode 100644 index 000000000..732b8e1b5 --- /dev/null +++ b/deps/libssl/curve448.c-multiplication-overflow.patch @@ -0,0 +1,9 @@ +@@ -588,7 +588,7 @@ + assert(position >= 0); + if (odd & (1 << (table_bits + 1))) + delta -= (1 << (table_bits + 1)); +- current -= delta * (1 << pos); ++ current -= (long) delta * (1 << pos); + control[position].power = pos + 16 * (w - 1); + control[position].addend = delta; + position--; diff --git a/deps/mariadb-client-library/ma_array.c-multiplication-overflow.patch b/deps/mariadb-client-library/ma_array.c-multiplication-overflow.patch new file mode 100644 index 000000000..76bcb496f --- /dev/null +++ b/deps/mariadb-client-library/ma_array.c-multiplication-overflow.patch @@ -0,0 +1,53 @@ +@@ -46,7 +46,7 @@ + array->max_element=init_alloc; + array->alloc_increment=alloc_increment; + array->size_of_element=element_size; +- if (!(array->buffer=(char*) malloc(element_size*init_alloc))) ++ if (!(array->buffer=(char*) malloc((long) element_size*init_alloc))) + { + array->max_element=0; + return(TRUE); +@@ -80,7 +80,7 @@ + if (array->elements == array->max_element) + { + char *new_ptr; +- if (!(new_ptr=(char*) realloc(array->buffer,(array->max_element+ ++ if (!(new_ptr=(char*) realloc(array->buffer,(long) (array->max_element+ + array->alloc_increment)* + array->size_of_element))) + return 0; +@@ -111,14 +111,14 @@ + char *new_ptr; + size=(idx+array->alloc_increment)/array->alloc_increment; + size*= array->alloc_increment; +- if (!(new_ptr=(char*) realloc(array->buffer,size* ++ if (!(new_ptr=(char*) realloc(array->buffer,(long) size* + array->size_of_element))) + return TRUE; + array->buffer=new_ptr; + array->max_element=size; + } + memset((array->buffer+array->elements*array->size_of_element), 0, +- (idx - array->elements)*array->size_of_element); ++ (long) (idx - array->elements)*array->size_of_element); + array->elements=idx+1; + } + memcpy(array->buffer+(idx * array->size_of_element),element, +@@ -155,7 +155,7 @@ + char *ptr=array->buffer+array->size_of_element*idx; + array->elements--; + memmove(ptr,ptr+array->size_of_element, +- (array->elements-idx)*array->size_of_element); ++ (long) (array->elements-idx)*array->size_of_element); + } + + +@@ -166,7 +166,7 @@ + if (array->buffer && array->max_element != elements) + { + array->buffer=(char*) realloc(array->buffer, +- elements*array->size_of_element); ++ (long) elements*array->size_of_element); + array->max_element=elements; + } + } diff --git a/deps/mariadb-client-library/mariadb_dyncol.c-multiplication-overflow.patch b/deps/mariadb-client-library/mariadb_dyncol.c-multiplication-overflow.patch new file mode 100644 index 000000000..7df44d4e5 --- /dev/null +++ b/deps/mariadb-client-library/mariadb_dyncol.c-multiplication-overflow.patch @@ -0,0 +1,16 @@ +@@ -3999,13 +3999,13 @@ + (val->x.time_value.neg ? -1 : 1); + break; + case DYN_COL_DATE: +- *ll= (val->x.time_value.year * 10000 + ++ *ll= ((long) val->x.time_value.year * 10000 + + val->x.time_value.month * 100 + + val->x.time_value.day) * + (val->x.time_value.neg ? -1 : 1); + break; + case DYN_COL_TIME: +- *ll= (val->x.time_value.hour * 10000 + ++ *ll= ((long) val->x.time_value.hour * 10000 + + val->x.time_value.minute * 100 + + val->x.time_value.second) * + (val->x.time_value.neg ? -1 : 1); diff --git a/deps/mariadb-client-library/zutil.c-multiplication-overflow.patch b/deps/mariadb-client-library/zutil.c-multiplication-overflow.patch new file mode 100644 index 000000000..524149f84 --- /dev/null +++ b/deps/mariadb-client-library/zutil.c-multiplication-overflow.patch @@ -0,0 +1,9 @@ +@@ -303,7 +303,7 @@ + unsigned size; + { + if (opaque) items += size - size; /* make compiler happy */ +- return sizeof(uInt) > 2 ? (voidpf)malloc(items * size) : ++ return sizeof(uInt) > 2 ? (voidpf)malloc((long) items * size) : + (voidpf)calloc(items, size); + } + diff --git a/deps/pcre/pcretest.c-multiplication-overflow.patch b/deps/pcre/pcretest.c-multiplication-overflow.patch new file mode 100644 index 000000000..31d6bb37d --- /dev/null +++ b/deps/pcre/pcretest.c-multiplication-overflow.patch @@ -0,0 +1,9 @@ +@@ -4094,7 +4094,7 @@ + #endif + new_info(re, NULL, PCRE_INFO_SIZE, &size); + fprintf(outfile, "Memory allocation (code space): %d\n", +- (int)(size - real_pcre_size - name_count * name_entry_size)); ++ (int)(size - real_pcre_size - (long) name_count * name_entry_size)); + } + + /* If -s or /S was present, study the regex to generate additional info to diff --git a/deps/re2/onepass.cc-multiplication-overflow.patch b/deps/re2/onepass.cc-multiplication-overflow.patch new file mode 100644 index 000000000..67706ace5 --- /dev/null +++ b/deps/re2/onepass.cc-multiplication-overflow.patch @@ -0,0 +1,12 @@ +@@ -611,9 +611,9 @@ + LOG(ERROR) << "nodes:\n" << dump; + } + +- dfa_mem_ -= nalloc*statesize; ++ dfa_mem_ -= static_cast(nalloc)*statesize; + onepass_nodes_ = PODArray(nalloc*statesize); +- memmove(onepass_nodes_.data(), nodes.data(), nalloc*statesize); ++ memmove(onepass_nodes_.data(), nodes.data(), static_cast(nalloc)*statesize); + return true; + + fail: diff --git a/deps/sqlite3/sqlite3.c-multiplication-overflow.patch b/deps/sqlite3/sqlite3.c-multiplication-overflow.patch new file mode 100644 index 000000000..364c7c52a --- /dev/null +++ b/deps/sqlite3/sqlite3.c-multiplication-overflow.patch @@ -0,0 +1,18 @@ +@@ -103301,7 +103301,7 @@ + int n = *pnEntry; + if( (n & (n-1))==0 ){ + int sz = (n==0) ? 1 : 2*n; +- void *pNew = sqlite3DbRealloc(db, pArray, sz*szEntry); ++ void *pNew = sqlite3DbRealloc(db, pArray, (long) sz*szEntry); + if( pNew==0 ){ + *pIdx = -1; + return pArray; +@@ -141183,7 +141183,7 @@ + pStart = 0; + }else if( pBuf==0 ){ + sqlite3BeginBenignMalloc(); +- pStart = sqlite3Malloc( sz*cnt ); /* IMP: R-61949-35727 */ ++ pStart = sqlite3Malloc( (long) sz*cnt ); /* IMP: R-61949-35727 */ + sqlite3EndBenignMalloc(); + if( pStart ) cnt = sqlite3MallocSize(pStart)/sz; + }else{