File _service:obs_scm:fix-CVE-2024-25768.patch of Package opendmarc

From e6e0ceae014f9c8519ed52b9871ca0111b6ec468 Mon Sep 17 00:00:00 2001
From: wangshuo <wangshuo@kylinos.cn>
Date: Mon, 6 May 2024 14:32:49 +0800
Subject: [PATCH] fix CVE-2024-25768

Instead of:
if (list_buf != NULL || size_of_buf > 0)
the code at libopendmarc/opendmarc_policy.c#L1478 should be:
if (list_buf != NULL && size_of_buf > 0)

In the OpenDMARC project, this bug is out of reach,
as opendmarc_policy_fetch_ruf() is always called with both list_buf = NULL and size_of_buf = 0

opendmarc/opendmarc.c#L3289
ruv = opendmarc_policy_fetch_ruf(cc->cctx_dmarc, NULL, 0, TRUE);

opendmarc/opendmarc-check.c#L224
ruf = opendmarc_policy_fetch_ruf(dmarc, NULL, 0, 1);

However, this is a library function and may be used outside of this project in a way that could trigger the bug.
---
 libopendmarc/opendmarc_policy.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libopendmarc/opendmarc_policy.c b/libopendmarc/opendmarc_policy.c
index 32053db..43daedc 100644
--- a/libopendmarc/opendmarc_policy.c
+++ b/libopendmarc/opendmarc_policy.c
@@ -1475,7 +1475,7 @@ opendmarc_policy_fetch_ruf(DMARC_POLICY_T *pctx, u_char *list_buf, size_t size_o
 	{
 		return NULL;
 	}
-	if (list_buf != NULL || size_of_buf > 0)
+	if (list_buf != NULL && size_of_buf > 0)
 	{
 		(void) memset(list_buf, '\0', size_of_buf);
 		sp = list_buf;
-- 
2.27.0