rpms/p11-kit
5
0
Fork 0
Code Issues Pull Requests Releases Activity

import UBI p11-kit-0.25.3-3.el9_5

Browse Source
This commit is contained in:
eabdullin 2024-12-17 09:42:02 +00:00
parent 149c768542
commit 6fb1ed2c2a
2 changed files with 80 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
SOURCES/p11-kit-0.25.5-trust-file-length.patch Normal file
View File

@ -0,0 +1,73 @@
From a8b94642dbe6d52aa7a7805fbb60b64c4cfd7245 Mon Sep 17 00:00:00 2001
From: Zoltan Fridrich <zfridric@redhat.com>
Date: Thu, 3 Oct 2024 11:34:14 +0200
Subject: [PATCH] trust: don't create file names longer then 255
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
---
trust/save.c | 19 ++++++++++++++++---
1 file changed, 16 insertions(+), 3 deletions(-)
diff --git a/trust/save.c b/trust/save.c
index 057a9c5e3..acabcbf6d 100644
--- a/trust/save.c
+++ b/trust/save.c
@@ -61,6 +61,8 @@
#define O_DIRECTORY 0
#endif
+#define MAX_FILE_NAME 255
+
struct _p11_save_file {
char *bare;
char *extension;
@@ -414,12 +416,23 @@ make_unique_name (const char *bare,
p11_buffer buf;
int ret;
int i;
+ int bare_len, ext_len, diff;
assert (bare != NULL);
assert (check != NULL);
p11_buffer_init_null (&buf, 0);
+ /*
+ * Make sure the name will not be longer then MAX_FILE_NAME
+ */
+ bare_len = strlen (bare);
+ ext_len = extension ? strlen (extension) : 0;
+ diff = bare_len + ext_len + sizeof (unique) - MAX_FILE_NAME;
+ if (diff > 0)
+ bare_len -= diff;
+ return_val_if_fail (bare_len > 0, NULL);
+
for (i = 0; true; i++) {
p11_buffer_reset (&buf, 64);
@@ -431,7 +444,7 @@ make_unique_name (const char *bare,
* provided by the caller.
*/
case 0:
- p11_buffer_add (&buf, bare, -1);
+ p11_buffer_add (&buf, bare, bare_len);
break;
/*
@@ -448,14 +461,14 @@ make_unique_name (const char *bare,
/* fall through */
default:
- p11_buffer_add (&buf, bare, -1);
+ p11_buffer_add (&buf, bare, bare_len);
snprintf (unique, sizeof (unique), ".%d", i);
p11_buffer_add (&buf, unique, -1);
break;
}
if (extension)
- p11_buffer_add (&buf, extension, -1);
+ p11_buffer_add (&buf, extension, ext_len);
return_val_if_fail (p11_buffer_ok (&buf), NULL);

9
SPECS/p11-kit.spec
View File

@ -1,6 +1,6 @@
# This spec file has been automatically updated # This spec file has been automatically updated
Version: 0.25.3 Version: 0.25.3
Release: 2%{?dist} Release: 3%{?dist}
Name: p11-kit Name: p11-kit
Summary: Library for loading and sharing PKCS#11 modules Summary: Library for loading and sharing PKCS#11 modules
@ -12,7 +12,8 @@ Source2: https://p11-glue.github.io/p11-glue/p11-kit/p11-kit-release-keyr
Source3: trust-extract-compat Source3: trust-extract-compat
Source4: p11-kit-client.service Source4: p11-kit-client.service
Patch0: 001-static-analysis.patch Patch: 001-static-analysis.patch
Patch: p11-kit-0.25.5-trust-file-length.patch
BuildRequires: gcc BuildRequires: gcc
BuildRequires: libtasn1-devel >= 2.3 BuildRequires: libtasn1-devel >= 2.3
@ -154,6 +155,10 @@ fi
%changelog %changelog
* Fri Oct 25 2024 Zoltan Fridrich <zfridric@redhat.com> - 0.25.3-3
- Fix regression in trust where file creation fails for long cert labels
Resolves: RHEL-64917
* Thu Nov 23 2023 Zoltan Fridrich <zfridric@redhat.com> - 0.25.3-2 * Thu Nov 23 2023 Zoltan Fridrich <zfridric@redhat.com> - 0.25.3-2
- Fix issues found by static analysis - Fix issues found by static analysis
Related: RHEL-14834 Related: RHEL-14834