fix buffer overflow in split
Resolves: CVE-2024-0684
This commit is contained in:
parent
bf0817f5a5
commit
b851cbdafc
31
coreutils-9.4-CVE-2024-0684.patch
Normal file
31
coreutils-9.4-CVE-2024-0684.patch
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
From c4c5ed8f4e9cd55a12966d4f520e3a13101637d9 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Paul Eggert <eggert@cs.ucla.edu>
|
||||||
|
Date: Tue, 16 Jan 2024 13:48:32 -0800
|
||||||
|
Subject: [PATCH] split: do not shrink hold buffer
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
* src/split.c (line_bytes_split): Do not shrink hold buffer.
|
||||||
|
If it’s large for this batch it’s likely to be large for the next
|
||||||
|
batch, and for ‘split’ it’s not worth the complexity/CPU hassle to
|
||||||
|
shrink it. Do not assume hold_size can be bufsize.
|
||||||
|
---
|
||||||
|
src/split.c | 3 ---
|
||||||
|
1 file changed, 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/split.c b/src/split.c
|
||||||
|
index 64020c859..037960a59 100644
|
||||||
|
--- a/src/split.c
|
||||||
|
+++ b/src/split.c
|
||||||
|
@@ -809,10 +809,7 @@ line_bytes_split (intmax_t n_bytes, char *buf, idx_t bufsize)
|
||||||
|
{
|
||||||
|
cwrite (n_out == 0, hold, n_hold);
|
||||||
|
n_out += n_hold;
|
||||||
|
- if (n_hold > bufsize)
|
||||||
|
- hold = xirealloc (hold, bufsize);
|
||||||
|
n_hold = 0;
|
||||||
|
- hold_size = bufsize;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Output to eol if present. */
|
@ -1,7 +1,7 @@
|
|||||||
Summary: A set of basic GNU tools commonly used in shell scripts
|
Summary: A set of basic GNU tools commonly used in shell scripts
|
||||||
Name: coreutils
|
Name: coreutils
|
||||||
Version: 9.4
|
Version: 9.4
|
||||||
Release: 1%{?dist}
|
Release: 2%{?dist}
|
||||||
# some used parts of gnulib are under various variants of LGPL
|
# some used parts of gnulib are under various variants of LGPL
|
||||||
License: GPL-3.0-or-later AND GFDL-1.3-no-invariants-or-later AND LGPL-2.1-or-later AND LGPL-3.0-or-later
|
License: GPL-3.0-or-later AND GFDL-1.3-no-invariants-or-later AND LGPL-2.1-or-later AND LGPL-3.0-or-later
|
||||||
Url: https://www.gnu.org/software/coreutils/
|
Url: https://www.gnu.org/software/coreutils/
|
||||||
@ -32,6 +32,9 @@ Patch104: coreutils-df-direct.patch
|
|||||||
# fix crash with --enable-systemd
|
# fix crash with --enable-systemd
|
||||||
Patch105: coreutils-9.4-systemd-coredump.patch
|
Patch105: coreutils-9.4-systemd-coredump.patch
|
||||||
|
|
||||||
|
# fix buffer overflow in split (CVE-2024-0684)
|
||||||
|
Patch106: coreutils-9.4-CVE-2024-0684.patch
|
||||||
|
|
||||||
# (sb) lin18nux/lsb compliance - multibyte functionality patch
|
# (sb) lin18nux/lsb compliance - multibyte functionality patch
|
||||||
Patch800: coreutils-i18n.patch
|
Patch800: coreutils-i18n.patch
|
||||||
|
|
||||||
@ -256,6 +259,9 @@ rm -f $RPM_BUILD_ROOT%{_infodir}/dir
|
|||||||
%license COPYING
|
%license COPYING
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Jan 18 2024 Lukáš Zaoral <lzaoral@redhat.com> - 9.4-2
|
||||||
|
- fix buffer overflow in split (CVE-2024-0684)
|
||||||
|
|
||||||
* Fri Sep 15 2023 Lukáš Zaoral <lzaoral@redhat.com> - 9.4-1
|
* Fri Sep 15 2023 Lukáš Zaoral <lzaoral@redhat.com> - 9.4-1
|
||||||
- new upstream release 9.4 (#2235759)
|
- new upstream release 9.4 (#2235759)
|
||||||
- enable integration with systemd
|
- enable integration with systemd
|
||||||
|
Loading…
Reference in New Issue
Block a user