upx: Backport patches for CVEs
CVE-2023-23456 and CVE-2023-23457.
This commit is contained in:
parent
d5d66b1dea
commit
c155d9b9da
|
@ -3,6 +3,7 @@ TERMUX_PKG_DESCRIPTION="the Ultimate Packer for eXecutables"
|
|||
TERMUX_PKG_LICENSE="GPL-2.0"
|
||||
TERMUX_PKG_MAINTAINER="@termux"
|
||||
TERMUX_PKG_VERSION=4.0.1
|
||||
TERMUX_PKG_REVISION=1
|
||||
TERMUX_PKG_SRCURL=https://github.com/upx/upx/releases/download/v${TERMUX_PKG_VERSION}/upx-${TERMUX_PKG_VERSION}-src.tar.xz
|
||||
TERMUX_PKG_SHA256=77003c8e2e29aa9804e2fbaeb30f055903420b3e01d95eafe01aed957fb7e190
|
||||
TERMUX_PKG_DEPENDS="libc++"
|
||||
|
|
|
@ -0,0 +1,32 @@
|
|||
Backport of
|
||||
|
||||
https://github.com/upx/upx/commit/510505a85cbe45e51fbd470f1aa8b02157c429d4
|
||||
|
||||
--- a/src/p_tmt.cpp
|
||||
+++ b/src/p_tmt.cpp
|
||||
@@ -177,6 +177,8 @@ int PackTmt::readFileHeader()
|
||||
unsigned const entry = get_le32(&ih.entry);
|
||||
unsigned const relocsize = get_le32(&ih.relocsize);
|
||||
if (!imagesize
|
||||
+ || imagesize < sizeof(ih)
|
||||
+ || entry < sizeof(ih)
|
||||
|| file_size <= imagesize
|
||||
|| file_size <= entry
|
||||
|| file_size <= relocsize) {
|
||||
@@ -216,14 +218,14 @@ void PackTmt::pack(OutputFile *fo)
|
||||
obuf.allocForCompression(usize+rsize+128);
|
||||
|
||||
MemBuffer wrkmem;
|
||||
- wrkmem.alloc(rsize+EXTRA_INFO); // relocations
|
||||
+ wrkmem.alloc(rsize+EXTRA_INFO+4); // relocations + original entry point + relocsize
|
||||
|
||||
fi->seek(adam_offset+sizeof(ih),SEEK_SET);
|
||||
fi->readx(ibuf,usize);
|
||||
fi->readx(wrkmem+4,rsize);
|
||||
const unsigned overlay = file_size - fi->tell();
|
||||
|
||||
- if (find_le32(ibuf,128,get_le32("UPX ")) >= 0)
|
||||
+ if (find_le32(ibuf,UPX_MIN(128u,usize),get_le32("UPX ")) >= 0)
|
||||
throwAlreadyPacked();
|
||||
if (rsize == 0)
|
||||
throwCantPack("file is already compressed with another packer");
|
|
@ -0,0 +1,47 @@
|
|||
https://github.com/upx/upx/commit/779b648c5f6aa9b33f4728f79dd4d0efec0bf860
|
||||
|
||||
From 779b648c5f6aa9b33f4728f79dd4d0efec0bf860 Mon Sep 17 00:00:00 2001
|
||||
From: John Reiser <jreiser@BitWagon.com>
|
||||
Date: Wed, 23 Nov 2022 19:49:28 -0800
|
||||
Subject: [PATCH] invert_pt_dynamic: fix thinko; PackLinuxElf64help1 insist on
|
||||
ELF
|
||||
|
||||
https://github.com/upx/upx/issues/631
|
||||
modified: src/p_lx_elf.cpp
|
||||
---
|
||||
src/p_lx_elf.cpp | 8 +++++---
|
||||
1 file changed, 5 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/p_lx_elf.cpp b/src/p_lx_elf.cpp
|
||||
index fa55470f7..b698ee0a2 100644
|
||||
--- a/src/p_lx_elf.cpp
|
||||
+++ b/src/p_lx_elf.cpp
|
||||
@@ -256,7 +256,8 @@ PackLinuxElf32::PackLinuxElf32help1(InputFile *f)
|
||||
e_phnum = get_te16(&ehdri.e_phnum);
|
||||
e_shnum = get_te16(&ehdri.e_shnum);
|
||||
unsigned const e_phentsize = get_te16(&ehdri.e_phentsize);
|
||||
- if (ehdri.e_ident[Elf32_Ehdr::EI_CLASS]!=Elf32_Ehdr::ELFCLASS32
|
||||
+ if (memcmp((char const *)&ehdri, "\x7f\x45\x4c\x46", 4) // "\177ELF"
|
||||
+ || ehdri.e_ident[Elf32_Ehdr::EI_CLASS]!=Elf32_Ehdr::ELFCLASS32
|
||||
|| sizeof(Elf32_Phdr) != e_phentsize
|
||||
|| (Elf32_Ehdr::ELFDATA2MSB == ehdri.e_ident[Elf32_Ehdr::EI_DATA]
|
||||
&& &N_BELE_RTP::be_policy != bele)
|
||||
@@ -761,7 +762,8 @@ PackLinuxElf64::PackLinuxElf64help1(InputFile *f)
|
||||
e_phnum = get_te16(&ehdri.e_phnum);
|
||||
e_shnum = get_te16(&ehdri.e_shnum);
|
||||
unsigned const e_phentsize = get_te16(&ehdri.e_phentsize);
|
||||
- if (ehdri.e_ident[Elf64_Ehdr::EI_CLASS]!=Elf64_Ehdr::ELFCLASS64
|
||||
+ if (memcmp((char const *)&ehdri, "\x7f\x45\x4c\x46", 4) // "\177ELF"
|
||||
+ || ehdri.e_ident[Elf64_Ehdr::EI_CLASS]!=Elf64_Ehdr::ELFCLASS64
|
||||
|| sizeof(Elf64_Phdr) != e_phentsize
|
||||
|| (Elf64_Ehdr::ELFDATA2MSB == ehdri.e_ident[Elf64_Ehdr::EI_DATA]
|
||||
&& &N_BELE_RTP::be_policy != bele)
|
||||
@@ -5780,7 +5782,7 @@ PackLinuxElf64::invert_pt_dynamic(Elf64_Dyn const *dynp, upx_uint64_t headway)
|
||||
}
|
||||
if (file_size <= dt_offsets[n_off]) {
|
||||
char msg[60]; snprintf(msg, sizeof(msg), "bad DT_{%#x} = %#x (beyond EOF)",
|
||||
- dt_names[k], dt_offsets[n_off]);
|
||||
+ k, dt_offsets[n_off]);
|
||||
throwCantPack(msg);
|
||||
}
|
||||
n_off += !!dt_offsets[n_off];
|
Loading…
Reference in New Issue