Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP2:Update
slurm.19751
PMIx-fix-potential-buffer-overflows-from-use-of...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File PMIx-fix-potential-buffer-overflows-from-use-of-unpackmen_CVE-2020-27745.patch of Package slurm.19751
From c3142dd87e06621ff148791c3d2f298b5c0b3a81 Mon Sep 17 00:00:00 2001 From: Tim Wickberg <tim@schedmd.com> Date: Thu, 12 Nov 2020 08:47:51 -0800 Subject: PMIx - fix potential buffer overflows from use of unpackmem(). CVE-2020-27745. --- diff --git a/src/plugins/mpi/pmix/pmixp_coll_ring.c b/src/plugins/mpi/pmix/pmixp_coll_ring.c index 20c54edfe6..64da0c9a6a 100644 --- a/src/plugins/mpi/pmix/pmixp_coll_ring.c +++ b/src/plugins/mpi/pmix/pmixp_coll_ring.c @@ -148,6 +148,7 @@ int pmixp_coll_ring_unpack(Buf buf, pmixp_coll_type_t *type, uint32_t nprocs = 0; uint32_t tmp; int rc, i; + char *temp_ptr; /* 1. extract the type of collective */ if (SLURM_SUCCESS != (rc = unpack32(&tmp, buf))) { @@ -168,13 +169,13 @@ int pmixp_coll_ring_unpack(Buf buf, pmixp_coll_type_t *type, /* 3. get namespace/rank of particular process */ for (i = 0; i < (int)nprocs; i++) { - rc = unpackmem(procs[i].nspace, &tmp, buf); - if (SLURM_SUCCESS != rc) { + if ((rc = unpackmem_ptr(&temp_ptr, &tmp, buf)) || + (strlcpy(procs[i].nspace, temp_ptr, + PMIXP_MAX_NSLEN + 1) > PMIXP_MAX_NSLEN)) { PMIXP_ERROR("Cannot unpack namespace for process #%d", i); return rc; } - procs[i].nspace[tmp] = '\0'; rc = unpack32(&tmp, buf); procs[i].rank = tmp; @@ -186,11 +187,14 @@ int pmixp_coll_ring_unpack(Buf buf, pmixp_coll_type_t *type, } /* 4. extract the ring info */ - if (SLURM_SUCCESS != (rc = unpackmem((char *)ring_hdr, &tmp, buf))) { + if ((rc = unpackmem_ptr(&temp_ptr, &tmp, buf)) || + (tmp != sizeof(pmixp_coll_ring_msg_hdr_t))) { PMIXP_ERROR("Cannot unpack ring info"); return rc; } + memcpy(ring_hdr, temp_ptr, sizeof(pmixp_coll_ring_msg_hdr_t)); + return SLURM_SUCCESS; } diff --git a/src/plugins/mpi/pmix/pmixp_coll_tree.c b/src/plugins/mpi/pmix/pmixp_coll_tree.c index b0990e92ce..4829c2286c 100644 --- a/src/plugins/mpi/pmix/pmixp_coll_tree.c +++ b/src/plugins/mpi/pmix/pmixp_coll_tree.c @@ -76,6 +76,7 @@ int pmixp_coll_tree_unpack(Buf buf, pmixp_coll_type_t *type, uint32_t nprocs = 0; uint32_t tmp; int i, rc; + char *temp_ptr; /* 1. extract the type of collective */ if (SLURM_SUCCESS != (rc = unpack32(&tmp, buf))) { @@ -96,13 +97,13 @@ int pmixp_coll_tree_unpack(Buf buf, pmixp_coll_type_t *type, for (i = 0; i < (int)nprocs; i++) { /* 3. get namespace/rank of particular process */ - rc = unpackmem(procs[i].nspace, &tmp, buf); - if (SLURM_SUCCESS != rc) { + if ((rc = unpackmem_ptr(&temp_ptr, &tmp, buf)) || + (strlcpy(procs[i].nspace, temp_ptr, + PMIXP_MAX_NSLEN + 1) > PMIXP_MAX_NSLEN)) { PMIXP_ERROR("Cannot unpack namespace for process #%d", i); return rc; } - procs[i].nspace[tmp] = '\0'; unsigned int tmp; rc = unpack32(&tmp, buf); -- 2.29.2
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor