[PATCH v2 1/2] arm: remove string/tst-memmove-overflow XFAIL

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

[PATCH v2 1/2] arm: remove string/tst-memmove-overflow XFAIL

Aurelien Jarno
The arm string/tst-memmove-overflow XFAIL has been added in commit
eca1b233322 ("arm: XFAIL string/tst-memmove-overflow due to bug 25620")
as a way to reproduce the reported bug.

Now that this bug has been fixed in commits 79a4fa341b8 ("arm:
CVE-2020-6096: fix memcpy and memmove for negative length [BZ #25620]")
and beea3610507 ("arm: CVE-2020-6096: Fix multiarch memcpy for negative
length [BZ #25620]"), let's remove the XFAIL.
---
 sysdeps/arm/Makefile | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/sysdeps/arm/Makefile b/sysdeps/arm/Makefile
index a0cb7f3c32e..ad2042b93a1 100644
--- a/sysdeps/arm/Makefile
+++ b/sysdeps/arm/Makefile
@@ -68,8 +68,3 @@ ifeq ($(subdir),nptl)
 libpthread-sysdep_routines += pt-arm-unwind-resume
 libpthread-shared-only-routines += pt-arm-unwind-resume
 endif
-
-ifeq ($(subdir),string)
-# This test fails on arm due to bug 25620 and related issues.
-test-xfail-tst-memmove-overflow = yes
-endif
--
2.27.0

Reply | Threaded
Open this post in threaded view
|

[PATCH v2 2/2] Add NEWS entry for CVE-2020-6096 (bug 25620)

Aurelien Jarno
---
 NEWS | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/NEWS b/NEWS
index 81b014a7ee4..5051e804eaf 100644
--- a/NEWS
+++ b/NEWS
@@ -174,6 +174,11 @@ Security related changes:
   CVE-2020-1752: A use-after-free vulnerability in the glob function when
   expanding ~user has been fixed.
 
+  CVE-2020-6096: A signed comparison vulnerability in the ARMv7 memcpy and
+  memmove functions has been fixed.  Discovered by Jason Royes and Samual
+  Dytrych of the Cisco Security Assessment and Penetration Team (See
+  TALOS-2020-1019).
+
 The following bugs are resolved with this release:
 
   [The release manager will add the list generated by
--
2.27.0

Reply | Threaded
Open this post in threaded view
|

Re: [PATCH v2 1/2] arm: remove string/tst-memmove-overflow XFAIL

Sourceware - libc-alpha mailing list
In reply to this post by Aurelien Jarno
On 7/13/20 5:23 PM, Aurelien Jarno wrote:
> The arm string/tst-memmove-overflow XFAIL has been added in commit
> eca1b233322 ("arm: XFAIL string/tst-memmove-overflow due to bug 25620")
> as a way to reproduce the reported bug.
>
> Now that this bug has been fixed in commits 79a4fa341b8 ("arm:
> CVE-2020-6096: fix memcpy and memmove for negative length [BZ #25620]")
> and beea3610507 ("arm: CVE-2020-6096: Fix multiarch memcpy for negative
> length [BZ #25620]"), let's remove the XFAIL.

OK for 2.32.

Reviewed-by: Carlos O'Donell <[hidden email]>

> ---
>  sysdeps/arm/Makefile | 5 -----
>  1 file changed, 5 deletions(-)
>
> diff --git a/sysdeps/arm/Makefile b/sysdeps/arm/Makefile
> index a0cb7f3c32e..ad2042b93a1 100644
> --- a/sysdeps/arm/Makefile
> +++ b/sysdeps/arm/Makefile
> @@ -68,8 +68,3 @@ ifeq ($(subdir),nptl)
>  libpthread-sysdep_routines += pt-arm-unwind-resume
>  libpthread-shared-only-routines += pt-arm-unwind-resume
>  endif
> -
> -ifeq ($(subdir),string)
> -# This test fails on arm due to bug 25620 and related issues.
> -test-xfail-tst-memmove-overflow = yes
> -endif
>


--
Cheers,
Carlos.

Reply | Threaded
Open this post in threaded view
|

Re: [PATCH v2 2/2] Add NEWS entry for CVE-2020-6096 (bug 25620)

Sourceware - libc-alpha mailing list
In reply to this post by Aurelien Jarno

OK for 2.32

Reviewed-by: Carlos O'Donell <[hidden email]

On 7/13/20 5:23 PM, Aurelien Jarno wrote:

> ---
>  NEWS | 5 +++++
>  1 file changed, 5 insertions(+)
>
> diff --git a/NEWS b/NEWS
> index 81b014a7ee4..5051e804eaf 100644
> --- a/NEWS
> +++ b/NEWS
> @@ -174,6 +174,11 @@ Security related changes:
>    CVE-2020-1752: A use-after-free vulnerability in the glob function when
>    expanding ~user has been fixed.
>  
> +  CVE-2020-6096: A signed comparison vulnerability in the ARMv7 memcpy and
> +  memmove functions has been fixed.  Discovered by Jason Royes and Samual
> +  Dytrych of the Cisco Security Assessment and Penetration Team (See
> +  TALOS-2020-1019).
> +
>  The following bugs are resolved with this release:
>  
>    [The release manager will add the list generated by
>


--
Cheers,
Carlos.