diff --git a/backport-Large-strings-can-confuse-libcap-s-internal-strdup-c.patch b/backport-Large-strings-can-confuse-libcap-s-internal-strdup-c.patch
new file mode 100644
index 0000000000000000000000000000000000000000..3dc5064a6b22d431a21686f296806472a5da4769
--- /dev/null
+++ b/backport-Large-strings-can-confuse-libcap-s-internal-strdup-c.patch
@@ -0,0 +1,57 @@
+From e362c60eb89c923acda7efd4a23ca6d4df1cf965 Mon Sep 17 00:00:00 2001
+From: yunjia_w <yunjia.wang@huawei.com>
+Date: Wed, 31 May 2023 11:34:54 +0800
+Subject: [PATCH] Large strings can confuse libcap's internal strdup
+code.
+
+Avoid something subtle with really long strings: 1073741823 should
+be enough for anybody. This is an improved fix over something attempted
+in libcap-2.55 to address some static analysis findings.
+
+Reviewing the library, cap_proc_root() and cap_launcher_set_chroot()
+are the only two calls where the library is potentially exposed to a
+user controlled string input.
+
+Credit for finding this bug in libcap goes to Richard Weinberger of
+X41 D-Sec GmbH (https://x41-dsec.de/) who performed a security audit
+of the libcap source code in April of 2023. The audit was sponsored
+by the Open Source Technology Improvement Fund (https://ostif.org/).
+
+Audit ref: LCAP-CR-23-02 (CVE-2023-2603)
+
+Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
+Signed-off-by: wangyunjia <yunjia.wang@huawei.com>
+
+---
+ libcap/cap_alloc.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/libcap/cap_alloc.c b/libcap/cap_alloc.c
+index 57991a5..0849808 100644
+--- a/libcap/cap_alloc.c
++++ b/libcap/cap_alloc.c
+@@ -76,13 +76,20 @@ cap_t cap_init(void)
+ char *_libcap_strdup(const char *old)
+ {
+     __u32 *raw_data;
++    size_t len;
+ 
+     if (old == NULL) {
+ 	errno = EINVAL;
+ 	return NULL;
+     }
+ 
+-    raw_data = malloc( sizeof(__u32) + strlen(old) + 1 );
++    len = strlen(old);
++    if ((len & 0x3fffffff) != len) {
++       _cap_debug("len is too long for libcap to manage");
++       errno = EINVAL;
++       return NULL;
++    }
++    raw_data = malloc( sizeof(__u32) + len + 1 );
+     if (raw_data == NULL) {
+ 	errno = ENOMEM;
+ 	return NULL;
+-- 
+2.27.0
+
diff --git a/libcap.spec b/libcap.spec
index b4611824e9188e2e7e7d512a29efa0beed28e584..c9e4d68799270ed06aa318bc2b97d35f8c0bfa36 100644
--- a/libcap.spec
+++ b/libcap.spec
@@ -1,6 +1,6 @@
 Name:     libcap
 Version:  2.32
-Release:  5
+Release:  6
 Summary:  A library for getting and setting POSIX.1e draft 15 capabilities        
 License:  GPLv2
 URL:      https://sites.google.com/site/fullycapable
@@ -13,6 +13,7 @@ Patch3:   backport-setcap-clean-up-error-handling-of-the-ns-rootid-argument.patc
 Patch4:   backport-If-needed-search-PATH-for-capsh-self-execution.patch
 Patch5:   backport-Guarantee-sufficient-memory-for-scratch-pathname.patch
 Patch6:   backport-getpcaps-catch-PID-parsing-errors.patch
+Patch7:   backport-Large-strings-can-confuse-libcap-s-internal-strdup-c.patch
 
 BuildRequires: libattr-devel pam-devel perl-interpreter gcc
 
@@ -73,6 +74,9 @@ chmod +x %{buildroot}/%{_libdir}/*.so.*
 %{_mandir}/man8/*.gz
 
 %changelog
+* Wed May 31 2023 wangyunjia <yunjia.wang@huawei.com> - 2.32-6
+- fix CVE-2023-2603
+
 * Thu Feb 16 2023 zhangguangzhi <zhangguangzhi3@huawei.com> - 2.32-5
 - backport patch
   backport getpcaps catch PID parsing errors