Projects
Factory:RISC-V:Base
pkgconf
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 3
View file
_service:tar_scm:pkgconf.spec
Changed
@@ -2,13 +2,15 @@ Name: pkgconf Version: 1.8.0 -Release: 2 +Release: 3 Summary: Package compiler and linker metadata toolkit License: ISC URL: http://pkgconf.org/ Source0: https://distfiles.dereferenced.org/%{name}/%{name}-%{version}.tar.xz +Patch6000: backport-CVE-2023-24056.patch + BuildRequires: gcc, make, autoconf, automake, libtool #tests BuildRequires: kyua, atf-tests @@ -104,6 +106,9 @@ %{_mandir}/*/* %changelog +* Sun Jan 29 2023 dongyuzhen <dongyuzhen@h-partners.com> - 1.8.0-3 +- fix CVE-2023-24056 + * Thu May 05 2022 shixuantong <shixuantong@h-partners.com> - 1.8.0-2 - Type: NA - ID: NA
View file
_service:tar_scm:backport-CVE-2023-24056.patch
Added
@@ -0,0 +1,71 @@ +From 628b2b2bafa5d3a2017193ddf375093e70666059 Mon Sep 17 00:00:00 2001 +From: Ariadne Conill <ariadne@dereferenced.org> +Date: Fri, 20 Jan 2023 22:07:03 +0000 +Subject: PATCH tuple: test for, and stop string processing, on truncation + +otherwise a buffer overflow occurs. +this has been a bug in pkgconf since the beginning, it seems. +instead of disclosing the bug correctly, a "hotshot" developer +decided to blog about it instead. sigh. + +https://nullprogram.com/blog/2023/01/18/ +--- + libpkgconf/tuple.c | 28 +++++++++++++++++++++++----- + 1 file changed, 23 insertions(+), 5 deletions(-) + +diff --git a/libpkgconf/tuple.c b/libpkgconf/tuple.c +index 2d550d8..b831070 100644 +--- a/libpkgconf/tuple.c ++++ b/libpkgconf/tuple.c +@@ -293,12 +293,21 @@ pkgconf_tuple_parse(const pkgconf_client_t *client, pkgconf_list_t *vars, const + } + } + ++ size_t remain = PKGCONF_BUFSIZE - (bptr - buf); + ptr += (pptr - ptr); + kv = pkgconf_tuple_find_global(client, varname); + if (kv != NULL) + { +- strncpy(bptr, kv, PKGCONF_BUFSIZE - (bptr - buf)); +- bptr += strlen(kv); ++ size_t nlen = pkgconf_strlcpy(bptr, kv, remain); ++ if (nlen > remain) ++ { ++ pkgconf_warn(client, "warning: truncating very long variable to 64KB\n"); ++ ++ bptr = buf + (PKGCONF_BUFSIZE - 1); ++ break; ++ } ++ ++ bptr += nlen; + } + else + { +@@ -306,12 +315,21 @@ pkgconf_tuple_parse(const pkgconf_client_t *client, pkgconf_list_t *vars, const + + if (kv != NULL) + { ++ size_t nlen; ++ + parsekv = pkgconf_tuple_parse(client, vars, kv); ++ nlen = pkgconf_strlcpy(bptr, parsekv, remain); ++ free(parsekv); + +- strncpy(bptr, parsekv, PKGCONF_BUFSIZE - (bptr - buf)); +- bptr += strlen(parsekv); ++ if (nlen > remain) ++ { ++ pkgconf_warn(client, "warning: truncating very long variable to 64KB\n"); + +- free(parsekv); ++ bptr = buf + (PKGCONF_BUFSIZE - 1); ++ break; ++ } ++ ++ bptr += nlen; + } + } + } +-- +2.33.0 +
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2