import CS libeconf-0.4.1-4.el9

This commit is contained in:
eabdullin 2024-09-30 15:51:19 +00:00
parent e8a94ada75
commit 0bdd081395
4 changed files with 111 additions and 1 deletions

View File

@ -0,0 +1,31 @@
From 8d086dfc69d4299e55e4844e3573b3a4cf420f19 Mon Sep 17 00:00:00 2001
From: Stefan Schubert <stefan@gefluegelhof-schubert.de>
Date: Fri, 24 Mar 2023 15:14:07 +0100
Subject: [PATCH] Aarch64 gcc13 (#183)
* fixed buffer overflow
---
lib/getfilecontents.c | 7 +++----
4 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/lib/getfilecontents.c b/lib/getfilecontents.c
index 94e1db9..f9b1afc 100644
--- a/lib/getfilecontents.c
+++ b/lib/getfilecontents.c
@@ -265,11 +265,12 @@ read_file(econf_file *ef, const char *file,
}
ef->delimiter = *delim;
- while (fgets(buf, sizeof(buf), kf)) {
+ while (fgets(buf, BUFSIZ-1, kf)) {
char *p, *name, *data = NULL;
bool quote_seen = false, delim_seen = false;
char *org_buf __attribute__ ((__cleanup__(free_buffer))) = strdup(buf);
+ buf[BUFSIZ-1] = '\0';
line++;
last_scanned_line_nr = line;
--
2.40.1

View File

@ -0,0 +1,12 @@
diff --git a/doc/CMakeLists.txt b/doc/CMakeLists.txt
index 726183a..8da1f45 100644
--- a/doc/CMakeLists.txt
+++ b/doc/CMakeLists.txt
@@ -18,7 +18,6 @@ if(BUILD_DOCUMENTATION)
COMMENT "Generating API documentation with Doxygen"
VERBATIM)
- install(DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/html DESTINATION share/doc)
endif()
install(FILES ${CMAKE_CURRENT_SOURCE_DIR}/man/libeconf.3 DESTINATION ${CMAKE_INSTALL_MANDIR}/man3)

View File

@ -0,0 +1,54 @@
diff --git a/lib/libeconf.c b/lib/libeconf.c
index d7de070..c6a7c73 100644
--- a/lib/libeconf.c
+++ b/lib/libeconf.c
@@ -158,7 +158,7 @@ econf_err econf_readDirsHistory(econf_file ***key_files,
{
const char *suffix, *default_dirs[3] = {NULL, NULL, NULL};
char *distfile, *etcfile, *cp;
- econf_file *key_file;
+ econf_file *key_file = NULL;
econf_err error;
*size = 0;
@@ -267,8 +267,12 @@ econf_err econf_readDirsHistory(econf_file ***key_files,
const char *conf_dirs[] = { NULL, /* "/conf.d/", ".d/", "/", */ NULL};
char *project_path = combine_strings(default_dirs[i], project_name, '/');
char *suffix_d = malloc (strlen(suffix) + 4); /* + strlen(".d/") */
- if (suffix_d == NULL)
+ if (suffix_d == NULL) {
+ free(project_path);
+ free(*key_files);
+ *key_files = NULL;
return ECONF_NOMEM;
+ }
cp = stpcpy(suffix_d, suffix);
stpcpy(cp, ".d");
conf_dirs[0] = suffix_d;
diff --git a/lib/libeconf_ext.c b/lib/libeconf_ext.c
index aafba45..6155a0c 100644
--- a/lib/libeconf_ext.c
+++ b/lib/libeconf_ext.c
@@ -86,15 +86,19 @@ econf_getExtValue(econf_file *kf, const char *group,
{
/* one quoted string only */
(*result)->values = realloc ((*result)->values, sizeof (char*) * ++n_del);
- if ((*result)->values == NULL)
+ if ((*result)->values == NULL) {
+ econf_freeExtValue(*result);
return ECONF_NOMEM; /* memory allocation failed */
+ }
(*result)->values[n_del-1] = strdup(value_string);
} else {
/* splitting into a character array */
while ((line = strsep(&value_string, "\n")) != NULL) {
(*result)->values = realloc ((*result)->values, sizeof (char*) * ++n_del);
- if ((*result)->values == NULL)
- return ECONF_NOMEM; /* memory allocation failed */
+ if ((*result)->values == NULL) {
+ econf_freeExtValue(*result);
+ return ECONF_NOMEM; /* memory allocation failed */
+ }
(*result)->values[n_del-1] = strdup(trim(line));
}
}

View File

@ -5,13 +5,20 @@
Name: libeconf
Version: 0.4.1
Release: 2%{?dist}
Release: 4%{?dist}
Summary: Enhanced config file parser library
License: MIT
URL: https://github.com/openSUSE/libeconf
Source0: %{url}/archive/%{version}/%{name}-%{version}.tar.gz
### Patches ###
Patch0001: 0001-getfilecontents-buffer-overflow.patch
Patch0002: 0002-cmake-no-install-html.patch
# https://github.com/openSUSE/libeconf/commit/7c5d0a7198eb97104952e56e43c37eb337c3cf21
Patch0003: 0003-Fix-static-analyzer-detected-issues.patch
BuildRequires: cmake >= 3.12
BuildRequires: gcc
BuildRequires: make
@ -76,6 +83,12 @@ configuration files from applications that use %{name}.
%changelog
* Thu Apr 11 2024 Iker Pedrosa <ipedrosa@redhat.com> - 0.4.1-4
- Fix static analyzer detected issues. Resolves: RHEL-24989
* Wed Jun 7 2023 Iker Pedrosa <ipedrosa@redhat.com> - 0.4.1-3
- Fix stack-based buffer overflow in read_file(). Resolves: #2212467 (CVE-2023-22652)
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.4.1-2
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688