diff --git a/cve-2023-4016.patch b/cve-2023-4016.patch new file mode 100644 index 0000000..371fda7 --- /dev/null +++ b/cve-2023-4016.patch @@ -0,0 +1,75 @@ +From 8e7c09895b2d8dc0d65980d757926351ad6817e8 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 14 Aug 2023 14:12:41 +0200 +Subject: [PATCH] ps buffer overflow + +Resolves: bz#2230186 +--- + local/xalloc.h | 2 +- + src/ps/parser.c | 11 ++++++----- + 2 files changed, 7 insertions(+), 6 deletions(-) + +diff --git a/local/xalloc.h b/local/xalloc.h +index 8b4d368..a804689 100644 +--- a/local/xalloc.h ++++ b/local/xalloc.h +@@ -42,7 +42,7 @@ void *xcalloc(const size_t nelems, const size_t size) + { + void *ret = calloc(nelems, size); + if (!ret && size && nelems) +- xerrx(XALLOC_EXIT_CODE, "cannot allocate %zu bytes", size); ++ xerrx(XALLOC_EXIT_CODE, "cannot allocate %zu bytes", nelems*size); + return ret; + } + +diff --git a/src/ps/parser.c b/src/ps/parser.c +index 248aa74..c46855c 100644 +--- a/src/ps/parser.c ++++ b/src/ps/parser.c +@@ -189,8 +189,8 @@ static const char *parse_list(const char *arg, const char *(*parse_fn)(char *, s + const char *err; /* error code that could or did happen */ + /*** prepare to operate ***/ + node = xmalloc(sizeof(selection_node)); +- node->u = xmalloc(strlen(arg)*sizeof(sel_union)); /* waste is insignificant */ + node->n = 0; ++ node->u = NULL; + buf = strdup(arg); + /*** sanity check and count items ***/ + need_item = 1; /* true */ +@@ -204,12 +204,13 @@ static const char *parse_list(const char *arg, const char *(*parse_fn)(char *, s + need_item=1; + break; + default: +- if(need_item) items++; ++ if(need_item && itemsn = items; ++ node->u = xcalloc(items, sizeof(sel_union)); + /*** actually parse the list ***/ + walk = buf; + while(items--){ +@@ -1050,15 +1051,15 @@ static const char *parse_trailing_pids(void){ + thisarg = ps_argc - 1; /* we must be at the end now */ + + pidnode = xmalloc(sizeof(selection_node)); +- pidnode->u = xmalloc(i*sizeof(sel_union)); /* waste is insignificant */ ++ pidnode->u = xcalloc(i, sizeof(sel_union)); /* waste is insignificant */ + pidnode->n = 0; + + grpnode = xmalloc(sizeof(selection_node)); +- grpnode->u = xmalloc(i*sizeof(sel_union)); /* waste is insignificant */ ++ grpnode->u = xcalloc(i,sizeof(sel_union)); /* waste is insignificant */ + grpnode->n = 0; + + sidnode = xmalloc(sizeof(selection_node)); +- sidnode->u = xmalloc(i*sizeof(sel_union)); /* waste is insignificant */ ++ sidnode->u = xcalloc(i, sizeof(sel_union)); /* waste is insignificant */ + sidnode->n = 0; + + while(i--){ +-- +2.40.1 + diff --git a/procps-ng.spec b/procps-ng.spec index a183f4b..6a4beb2 100644 --- a/procps-ng.spec +++ b/procps-ng.spec @@ -4,13 +4,14 @@ Summary: System and process monitoring utilities Name: procps-ng Version: 4.0.3 -Release: 4%{?dist} +Release: 5%{?dist} License: GPL-2.0-or-later AND LGPL-2.0-or-later AND LGPL-2.1-or-later URL: https://sourceforge.net/projects/procps-ng/ Source0: https://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.xz Patch1: sysctl-nameonly-shows-value.patch +Patch2: cve-2023-4016.patch BuildRequires: make BuildRequires: ncurses-devel @@ -147,6 +148,10 @@ ln -s %{_bindir}/pidof %{buildroot}%{_sbindir}/pidof %files i18n -f %{name}.lang %changelog +* Mon Aug 14 2023 Jan Rybar - 4.0.3-5 +- ps: buffer overflow +- Resolves: bz#2230186 + * Mon Aug 07 2023 Lukáš Zaoral - 4.0.3-4 - migrate to SPDX license format