procps: Backport the CVE-2023-4016 fix

The upstream patch from the 4.x branch: 2c933ecba3.diff
2024-09-29 16:57:40 +03:00 · 2023-09-19 10:04:26 -07:00 · 2023-09-19 10:04:26 -07:00 · d5938b21cf
commit d5938b21cf
parent 63678e9f3d
2 changed files with 66 additions and 1 deletions
--- a/pkgs/os-specific/linux/procps-ng/default.nix
+++ b/pkgs/os-specific/linux/procps-ng/default.nix
@ -27,7 +27,9 @@ stdenv.mkDerivation rec {
    sha256 = "sha256-RRiz56r9NOwH0AY9JQ/UdJmbILIAIYw65W9dIRPxQbQ=";
  };

-  patches = lib.optionals stdenv.hostPlatform.isMusl [
+  patches = [
+    ./v3-CVE-2023-4016.patch
+  ] ++ lib.optionals stdenv.hostPlatform.isMusl [
    # NOTE: Starting from 4.x we will not need a patch anymore, but need to add
    # "--disable-w" to configureFlags instead to prevent the utmp errors
    (fetchpatch {
--- a/pkgs/os-specific/linux/procps-ng/v3-CVE-2023-4016.patch
+++ b/pkgs/os-specific/linux/procps-ng/v3-CVE-2023-4016.patch
@ -0,0 +1,63 @@
+This is https://gitlab.com/procps-ng/procps/-/commit/2c933ecba3bb1d3041a5a7a53a7b4078a6003413.diff
+back-ported to procps 3.3.17.  That commit changes xmalloc to xcalloc.  This patch differs in two ways:
+
+* We modify it to change malloc (no x-) to xcalloc instead
+* We pull in procps-4's definition of xcalloc
+
+Alternative considered: Also pull in commits that changed malloc to xmalloc and defined xcalloc.
+This alternative is rejected because those commits contain many other unrelated changes.
+
+diff --git a/ps/parser.c b/ps/parser.c
+index 4263a1fb..ee9a57d9 100644
+--- a/ps/parser.c
+++ b/ps/parser.c
+@@ -36,6 +36,14 @@
+ #include "common.h"
+ #include "c.h"
+ 
+static void *xxcalloc(const size_t nelems, const size_t size)
+{
+  void *ret = calloc(nelems, size);
+  if (!ret && size && nelems)
+    xerrx(EXIT_FAILURE, "cannot allocate %zu bytes", nelems*size);
+  return ret;
+}
+
+ #define ARG_GNU  0
+ #define ARG_END  1
+ #define ARG_PGRP 2
+@@ -184,7 +192,6 @@ static const char *parse_list(const char *arg, const char *(*parse_fn)(char *, s
+   const char *err;       /* error code that could or did happen */
+   /*** prepare to operate ***/
+   node = malloc(sizeof(selection_node));
+-  node->u = malloc(strlen(arg)*sizeof(sel_union)); /* waste is insignificant */
+   node->n = 0;
+   buf = strdup(arg);
+   /*** sanity check and count items ***/
+@@ -205,6 +212,7 @@ static const char *parse_list(const char *arg, const char *(*parse_fn)(char *, s
+   } while (*++walk);
+   if(need_item) goto parse_error;
+   node->n = items;
+  node->u = xxcalloc(items, sizeof(sel_union));
+   /*** actually parse the list ***/
+   walk = buf;
+   while(items--){
+@@ -1031,15 +1039,15 @@ static const char *parse_trailing_pids(void){
+   thisarg = ps_argc - 1;   /* we must be at the end now */
+ 
+   pidnode = malloc(sizeof(selection_node));
+-  pidnode->u = malloc(i*sizeof(sel_union)); /* waste is insignificant */
+  pidnode->u = xxcalloc(i, sizeof(sel_union)); /* waste is insignificant */
+   pidnode->n = 0;
+ 
+   grpnode = malloc(sizeof(selection_node));
+-  grpnode->u = malloc(i*sizeof(sel_union)); /* waste is insignificant */
+  grpnode->u = xxcalloc(i, sizeof(sel_union)); /* waste is insignificant */
+   grpnode->n = 0;
+ 
+   sidnode = malloc(sizeof(selection_node));
+-  sidnode->u = malloc(i*sizeof(sel_union)); /* waste is insignificant */
+  sidnode->u = xxcalloc(i, sizeof(sel_union)); /* waste is insignificant */
+   sidnode->n = 0;
+ 
+   while(i--){