Fix CVE-2023-2603

- Fix integer overflow in _libcap_strdup() (CVE-2023-2603)

Resolves: rhbz#2210637

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

libcap-cve-2023-2603.patch

@@ -0,0 +1,18 @@
+--- a/libcap/cap_alloc.c	2023-06-26 18:42:42.295817583 +0200
++++ b/libcap/cap_alloc.c	2023-06-26 18:40:32.485375859 +0200
+@@ -82,7 +82,14 @@
+ 	return NULL;
+     }
+ 
+-    raw_data = malloc( sizeof(__u32) + strlen(old) + 1 );
++    size_t len = strlen(old);
++    if ((len & 0x3fffffff) != len) {
++	_cap_debug("len is too long for libcap to manage");
++	errno = EINVAL;
++	return NULL;
++    }
++    len += 1 + sizeof(__u32);
++    raw_data = calloc(1, len);
+     if (raw_data == NULL) {
+ 	errno = ENOMEM;
+ 	return NULL;

libcap.spec

@@ -1,6 +1,6 @@
 Name: libcap
 Version: 2.48
-Release: 4%{?dist}
+Release: 5%{?dist}
 Summary: Library for getting and setting POSIX.1e capabilities
 URL: https://sites.google.com/site/fullycapable/
 License: BSD or GPLv2
@@ -13,6 +13,7 @@ Patch2: %{name}-static-analysis.patch
 Patch3: %{name}-fix-ambient-caps.patch
 Patch4: %{name}-fix-prctl-usage.patch
 Patch5: %{name}-check-allocation.patch
+Patch6: %{name}-cve-2023-2603.patch
 
 BuildRequires: libattr-devel pam-devel perl-interpreter
 BuildRequires: make
@@ -91,6 +92,10 @@ chmod +x %{buildroot}/%{_libdir}/*.so.*
 %{_libdir}/pkgconfig/libpsx.pc
 
 %changelog
+* Mon Jun 26 2023 Anderson Toshiyuki Sasaki <ansasaki@redhat.com> - 2.48-5
+- Fix integer overflow in _libcap_strdup() (CVE-2023-2603)
+  Resolves: rhbz#2210637
+
 * Tue May 17 2022 Anderson Toshiyuki Sasaki <ansasaki@redhat.com> - 2.48-4
 - check for successful memory allocation
   related: rhbz#2062648