diff --git a/CVE-2022-48554.patch b/CVE-2022-48554.patch new file mode 100644 index 0000000000000000000000000000000000000000..c3dcec87c3bbd0c05b6488182aa09af19f38fec9 --- /dev/null +++ b/CVE-2022-48554.patch @@ -0,0 +1,34 @@ +From c4d10f78b3946fc32624d78c038e9731ca2ce454 Mon Sep 17 00:00:00 2001 +From: liningjie +Date: Tue, 15 Aug 2023 00:54:28 +0800 +Subject: [PATCH] PR/310: p870613: Don't use strlcpy to copy the string, it + will try to scan the source string to find out how much space is needed the + source string might not be NUL terminated. + +--- + src/funcs.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/src/funcs.c b/src/funcs.c +index 33c3f85..295fb75 100644 +--- a/src/funcs.c ++++ b/src/funcs.c +@@ -54,9 +54,12 @@ FILE_RCSID("@(#)$File: funcs.c,v 1.122 2021/06/30 10:08:48 christos Exp $") + protected char * + file_copystr(char *buf, size_t blen, size_t width, const char *str) + { +- if (++width > blen) +- width = blen; +- strlcpy(buf, str, width); ++ if (blen == 0) ++ return buf; ++ if (width >= blen) ++ width = blen - 1; ++ memcpy(buf, str, width); ++ buf[width] = '\0'; + return buf; + } + +-- +2.33.0 + diff --git a/file.spec b/file.spec index dad3718b409a56aad5c33ca2114a8550e92415c1..cbde5d50aee77e5d6eea53bfd02674b6816ac5d5 100644 --- a/file.spec +++ b/file.spec @@ -1,6 +1,6 @@ Name: file Version: 5.39 -Release: 6 +Release: 7 Summary: A tool to identify the type of a particular file type License: BSD URL: http://www.darwinsys.com/file/ @@ -8,6 +8,7 @@ Source0: ftp://ftp.astron.com/pub/file/file-%{version}.tar.gz Patch1: 0001-file-localmagic.patch Patch2: 0002-improve-detection-of-static-pie-binaries.patch +Patch3: CVE-2022-48554.patch Requires: %{name}-libs = %{version}-%{release} BuildRequires: autoconf automake libtool zlib-devel @@ -153,6 +154,9 @@ make check %{python3_sitelib}/__pycache__/* %changelog +* Wed Aug 23 2023 liningjie - 5.39-7 +- fix CVE-2022-48554 + * Fri Jul 30 2021 chenyanpanHW - 5.39-6 - DESC: delete -S git from %autosetup, and delete BuildRequires git