From ff838f9ddc71672e2cc28c34d9c9ee3bb71a786c Mon Sep 17 00:00:00 2001
From: Vincent Mihalkovic <vmihalko@redhat.com>
Date: Thu, 23 Nov 2023 13:16:02 +0100
Subject: [PATCH] Fix stack-based buffer over-read in file_copystr()

Resolves: RHEL-5733
---
 file-5.42-cve-strlcpy.patch | 20 ++++++++++++++++++++
 file.spec                   |  7 ++++++-
 2 files changed, 26 insertions(+), 1 deletion(-)
 create mode 100644 file-5.42-cve-strlcpy.patch

diff --git a/file-5.42-cve-strlcpy.patch b/file-5.42-cve-strlcpy.patch
new file mode 100644
index 0000000..601212f
--- /dev/null
+++ b/file-5.42-cve-strlcpy.patch
@@ -0,0 +1,20 @@
+diff --git a/src/funcs.c b/src/funcs.c
+index 9bd054f..a5363e7 100644
+--- a/src/funcs.c
++++ b/src/funcs.c
+@@ -54,9 +54,12 @@ FILE_RCSID("@(#)$File: funcs.c,v 1.118 2020/12/08 21:26:00 christos Exp $")
+ protected char *
+ file_copystr(char *buf, size_t blen, size_t width, const char *str)
+ {
+-	if (++width > blen)
+-		width = blen;
+-	strlcpy(buf, str, width);
++	if (blen == 0)
++		return buf;
++	if (width >= blen)
++		width = blen - 1;
++	memcpy(buf, str, width);
++	buf[width] = '\0';
+ 	return buf;
+ }
+ 
diff --git a/file.spec b/file.spec
index 3c2bc61..11a2c90 100644
--- a/file.spec
+++ b/file.spec
@@ -15,7 +15,7 @@
 Summary: Utility for determining file types
 Name: file
 Version: 5.39
-Release: 15%{?dist}
+Release: 16%{?dist}
 License: BSD
 Source0: http://ftp.astron.com/pub/file/file-%{version}.tar.gz
 
@@ -60,6 +60,8 @@ Patch15: file-5.39-static-PIE-binaries.patch
 Patch16: file-5.39-wasm-magic.patch
 # Upstream commit c8deb32eab1089d1841482fb2e91833f114b6712 (#5734)
 Patch17: file-5.41-python-magic-threads.patch
+# Upstream commit 497aabb29cd08d2a5aeb63e45798d65fcbe03502 (#5733)
+Patch18: file-5.42-cve-strlcpy.patch
 
 URL: https://www.darwinsys.com/file/
 Requires: file-libs%{?_isa} = %{version}-%{release}
@@ -239,6 +241,9 @@ cd %{py3dir}
 %endif
 
 %changelog
+* Thu Nov 23 2023 Vincent Mihalkovic <vmihalko@redhat.com> - 5.39-16
+- Fix stack-based buffer over-read in file_copystr() (CVE-2022-48554)
+
 * Thu Oct 12 2023 Vincent Mihalkovic <vmihalko@redhat.com> - 5.39-15
 - Fix segfault in python3-file-magic concurrent method calls