File PMIx-fix-potential-buffer-overflows-from-use-of... of Package slurm.26118

Overview Repositories Revisions Requests Users Attributes Meta

File PMIx-fix-potential-buffer-overflows-from-use-of-unpackmen_CVE-2020-27745.patch of Package slurm.26118

From: Ana Guerrero Lopez <aguerrero@suse.com>

Adapted for Slurm 17.11 from:

From: Tim Wickberg <tim@schedmd.com>
Date: Thu, 12 Nov 2020 08:47:51 -0800
Subject: PMIx - fix potential buffer overflows from use of unpackmem().

CVE-2020-27745.
---
diff -Nrua slurm-17.11.13.orig/src/plugins/mpi/pmix/pmixp_coll.c slurm-17.11.13/src/plugins/mpi/pmix/pmixp_coll.c
--- slurm-17.11.13.orig/src/plugins/mpi/pmix/pmixp_coll.c
+++ slurm-17.11.13/src/plugins/mpi/pmix/pmixp_coll.c
@@ -107,6 +107,7 @@
 	uint32_t nprocs = 0;
 	uint32_t tmp;
 	int i, rc;
+	char *temp_ptr;
 
 	/* 1. extract the type of collective */
 	if (SLURM_SUCCESS != (rc = unpack32(&tmp, buf))) {
@@ -127,13 +128,13 @@
 
 	for (i = 0; i < (int)nprocs; i++) {
 		/* 3. get namespace/rank of particular process */
-		rc = unpackmem(procs[i].nspace, &tmp, buf);
-		if (SLURM_SUCCESS != rc) {
+		if ((rc = unpackmem_ptr(&temp_ptr, &tmp, buf)) ||
+			(strlcpy(procs[i].nspace, temp_ptr,
+				 PMIXP_MAX_NSLEN + 1) > PMIXP_MAX_NSLEN)) {
 			PMIXP_ERROR("Cannot unpack namespace for process #%d",
 				    i);
 			return rc;
 		}
-		procs[i].nspace[tmp] = '\0';
 
 		unsigned int tmp;
 		rc = unpack32(&tmp, buf);

Places

File PMIx-fix-potential-buffer-overflows-from-use-of-unpackmen_CVE-2020-27745.patch of Package slurm.26118

Places