fix buffer overflow in split

Resolves: CVE-2024-0684
This commit is contained in:
Lukáš Zaoral 2024-01-18 15:34:40 +01:00
parent bf0817f5a5
commit b851cbdafc
No known key found for this signature in database
GPG Key ID: 39157506DD67752D
2 changed files with 38 additions and 1 deletions

View File

@ -0,0 +1,31 @@
From c4c5ed8f4e9cd55a12966d4f520e3a13101637d9 Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Tue, 16 Jan 2024 13:48:32 -0800
Subject: [PATCH] split: do not shrink hold buffer
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
* src/split.c (line_bytes_split): Do not shrink hold buffer.
If its large for this batch its likely to be large for the next
batch, and for split its not worth the complexity/CPU hassle to
shrink it. Do not assume hold_size can be bufsize.
---
src/split.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/src/split.c b/src/split.c
index 64020c859..037960a59 100644
--- a/src/split.c
+++ b/src/split.c
@@ -809,10 +809,7 @@ line_bytes_split (intmax_t n_bytes, char *buf, idx_t bufsize)
{
cwrite (n_out == 0, hold, n_hold);
n_out += n_hold;
- if (n_hold > bufsize)
- hold = xirealloc (hold, bufsize);
n_hold = 0;
- hold_size = bufsize;
}
/* Output to eol if present. */

View File

@ -1,7 +1,7 @@
Summary: A set of basic GNU tools commonly used in shell scripts Summary: A set of basic GNU tools commonly used in shell scripts
Name: coreutils Name: coreutils
Version: 9.4 Version: 9.4
Release: 1%{?dist} Release: 2%{?dist}
# some used parts of gnulib are under various variants of LGPL # some used parts of gnulib are under various variants of LGPL
License: GPL-3.0-or-later AND GFDL-1.3-no-invariants-or-later AND LGPL-2.1-or-later AND LGPL-3.0-or-later License: GPL-3.0-or-later AND GFDL-1.3-no-invariants-or-later AND LGPL-2.1-or-later AND LGPL-3.0-or-later
Url: https://www.gnu.org/software/coreutils/ Url: https://www.gnu.org/software/coreutils/
@ -32,6 +32,9 @@ Patch104: coreutils-df-direct.patch
# fix crash with --enable-systemd # fix crash with --enable-systemd
Patch105: coreutils-9.4-systemd-coredump.patch Patch105: coreutils-9.4-systemd-coredump.patch
# fix buffer overflow in split (CVE-2024-0684)
Patch106: coreutils-9.4-CVE-2024-0684.patch
# (sb) lin18nux/lsb compliance - multibyte functionality patch # (sb) lin18nux/lsb compliance - multibyte functionality patch
Patch800: coreutils-i18n.patch Patch800: coreutils-i18n.patch
@ -256,6 +259,9 @@ rm -f $RPM_BUILD_ROOT%{_infodir}/dir
%license COPYING %license COPYING
%changelog %changelog
* Thu Jan 18 2024 Lukáš Zaoral <lzaoral@redhat.com> - 9.4-2
- fix buffer overflow in split (CVE-2024-0684)
* Fri Sep 15 2023 Lukáš Zaoral <lzaoral@redhat.com> - 9.4-1 * Fri Sep 15 2023 Lukáš Zaoral <lzaoral@redhat.com> - 9.4-1
- new upstream release 9.4 (#2235759) - new upstream release 9.4 (#2235759)
- enable integration with systemd - enable integration with systemd