Accepting request 1002767 from home:oertel:branches:devel:libraries:c_c++

- add fix from upstream git
  libconfuse-d73777c2c3566fb2647727bb56d9a2295b81669b.patch
  cfg_tilde_expand in confuse.c has a heap-based buffer over-read
  (CVE-2022-40320 boo#1203326)

OBS-URL: https://build.opensuse.org/request/show/1002767
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libconfuse?expand=0&rev=11
This commit is contained in:
Dirk Mueller 2022-09-12 14:58:28 +00:00 committed by Git OBS Bridge
parent b8fcb1d057
commit 424f8c88d7
3 changed files with 50 additions and 2 deletions

View File

@ -0,0 +1,38 @@
commit d73777c2c3566fb2647727bb56d9a2295b81669b
Author: Joachim Wiberg <troglobit@gmail.com>
Date: Fri Sep 2 16:12:46 2022 +0200
Fix #163: unterminated username used with getpwnam()
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
diff --git a/src/confuse.c b/src/confuse.c
index 6d1fdbd..05566b5 100644
--- a/src/confuse.c
+++ b/src/confuse.c
@@ -1894,18 +1894,20 @@ DLLIMPORT char *cfg_tilde_expand(const char *filename)
passwd = getpwuid(geteuid());
file = filename + 1;
} else {
- /* ~user or ~user/path */
- char *user;
+ char *user; /* ~user or ~user/path */
+ size_t len;
file = strchr(filename, '/');
- if (file == 0)
+ if (file == NULL)
file = filename + strlen(filename);
- user = malloc(file - filename);
+ len = file - filename - 1;
+ user = malloc(len + 1);
if (!user)
return NULL;
- strncpy(user, filename + 1, file - filename - 1);
+ strncpy(user, &filename[1], len);
+ user[len] = 0;
passwd = getpwnam(user);
free(user);
}

View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Mon Sep 12 11:02:59 CEST 2022 - ro@suse.de
- add fix from upstream git
libconfuse-d73777c2c3566fb2647727bb56d9a2295b81669b.patch
cfg_tilde_expand in confuse.c has a heap-based buffer over-read
(CVE-2022-40320 boo#1203326)
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Jun 25 07:08:53 UTC 2020 - Michael Vetter <mvetter@suse.com> Thu Jun 25 07:08:53 UTC 2020 - Michael Vetter <mvetter@suse.com>

View File

@ -1,7 +1,7 @@
# #
# spec file for package libconfuse # spec file for package libconfuse
# #
# Copyright (c) 2020 SUSE LLC # Copyright (c) 2022 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -25,6 +25,8 @@ License: LGPL-2.1-or-later
Group: Development/Libraries/C and C++ Group: Development/Libraries/C and C++
URL: http://www.nongnu.org/confuse/ URL: http://www.nongnu.org/confuse/
Source: https://github.com/martinh/libconfuse/releases/download/v%{version}/confuse-%{version}.tar.xz Source: https://github.com/martinh/libconfuse/releases/download/v%{version}/confuse-%{version}.tar.xz
# PATCH-FIX_UPSTREAM
Patch0: libconfuse-d73777c2c3566fb2647727bb56d9a2295b81669b.patch
BuildRequires: check-devel BuildRequires: check-devel
BuildRequires: gcc-c++ BuildRequires: gcc-c++
BuildRequires: gettext-devel BuildRequires: gettext-devel
@ -67,7 +69,7 @@ This package holds the development files for libconfuse.
%lang_package -r %{library_name} %lang_package -r %{library_name}
%prep %prep
%setup -q -n confuse-%{version} %autosetup -n confuse-%{version} -p1
%build %build
%configure --enable-shared --disable-static %configure --enable-shared --disable-static