Skip to content
Snippets Groups Projects
Select Git revision
  • r8 default protected
  • r9
  • r10s
  • r9-beta
  • r8s
  • r8-beta
  • imports/r8/glibc-2.28-251.el8_10.16
  • imports/r8/glibc-2.28-251.el8_10.14
  • imports/r9/glibc-2.34-125.el9_5.3
  • imports/r8/glibc-2.28-251.el8_10.13
  • imports/r8/glibc-2.28-251.el8_10.11
  • imports/r10s/glibc-2.39-37.el10
  • imports/r10s/glibc-2.39-36.el10
  • imports/r10s/glibc-2.39-32.el10
  • imports/r10s/glibc-2.39-31.el10
  • imports/r10s/glibc-2.39-30.el10
  • imports/r10s/glibc-2.39-29.el10
  • imports/r9/glibc-2.34-125.el9_5.1
  • imports/r9-beta/glibc-2.34-122.el9_5
  • imports/r10s/glibc-2.39-23.el10
  • imports/r9/glibc-2.34-100.el9_4.4
  • imports/r8/glibc-2.28-251.el8_10.5
  • imports/r8/glibc-2.28-251.el8_10.4
  • imports/r9/glibc-2.34-100.el9_4.3
  • imports/r10s/glibc-2.39-22.el10
  • imports/r10s/glibc-2.39-17.el10
26 results
Blame Permalink
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
0001-Attempt-to-patch-CVE-2023-4911.patch 4.25 KiB 
From cd7b5d6d2dc137383577e61633391608a23c8981 Mon Sep 17 00:00:00 2001
From: Louis Abel <label@rockylinux.org>
Date: Tue, 3 Oct 2023 18:11:01 -0700
Subject: [PATCH] Attempt to patch CVE-2023-4911

This attempts to patch Rocky Linux 8 for CVE-2023-4911, otherwise known
as "looney tunables". This comes directly from sourceware.org, commit
hash of 1056e5b4c3f2d90ed2b4a55f96add28da2f4c8fa.
---
 elf/dl-tunables.c             | 17 +++++++++-------
 elf/tst-env-setuid-tunables.c | 37 +++++++++++++++++++++++++++--------
 2 files changed, 39 insertions(+), 15 deletions(-)

diff --git a/elf/dl-tunables.c b/elf/dl-tunables.c
index 3c84809d..2c878e08 100644
--- a/elf/dl-tunables.c
+++ b/elf/dl-tunables.c
@@ -193,11 +193,7 @@ parse_tunables (char *tunestr, char *valstring)
       /* If we reach the end of the string before getting a valid name-value
 	 pair, bail out.  */
       if (p[len] == '\0')
-	{
-	  if (__libc_enable_secure)
-	    tunestr[off] = '\0';
-	  return;
-	}
+	break;
 
       /* We did not find a valid name-value pair before encountering the
 	 colon.  */
@@ -257,9 +253,16 @@ parse_tunables (char *tunestr, char *valstring)
 	    }
 	}
 
-      if (p[len] != '\0')
-	p += len + 1;
+      /* We reached the end while processing the tunable string.  */
+      if (p[len] == '\0')
+	break;
+
+      p += len + 1;
     }
+
+  /* Terminate tunestr before we leave.  */
+  if (__libc_enable_secure)
+    tunestr[off] = '\0';
 }
 #endif
 
diff --git a/elf/tst-env-setuid-tunables.c b/elf/tst-env-setuid-tunables.c
index 0b9b075c..8b0861c4 100644
--- a/elf/tst-env-setuid-tunables.c
+++ b/elf/tst-env-setuid-tunables.c
@@ -52,6 +52,8 @@ const char *teststrings[] =
   "glibc.malloc.perturb=0x800:not_valid.malloc.check=2:glibc.malloc.mmap_threshold=4096",
   "glibc.not_valid.check=2:glibc.malloc.mmap_threshold=4096",
   "not_valid.malloc.check=2:glibc.malloc.mmap_threshold=4096",
+  "glibc.malloc.mmap_threshold=glibc.malloc.mmap_threshold=4096",
+  "glibc.malloc.check=2",
   "glibc.malloc.garbage=2:glibc.maoc.mmap_threshold=4096:glibc.malloc.check=2",
   "glibc.malloc.check=4:glibc.malloc.garbage=2:glibc.maoc.mmap_threshold=4096",
   ":glibc.malloc.garbage=2:glibc.malloc.check=1",
@@ -70,6 +72,8 @@ const char *resultstrings[] =
   "glibc.malloc.perturb=0x800:glibc.malloc.mmap_threshold=4096",
   "glibc.malloc.mmap_threshold=4096",
   "glibc.malloc.mmap_threshold=4096",
+  "glibc.malloc.mmap_threshold=glibc.malloc.mmap_threshold=4096",
+  "",
   "",
   "",