fix buffer overflow with high port numbers

Resolves: RHEL-11034
2023-10-23 12:47:00 +02:00 · 2023-10-23 12:47:00 +02:00 · 3b5a8be450
commit 3b5a8be450
parent ff8325e2a3
2 changed files with 17 additions and 1 deletions
--- a/sgpio-1.2-buffer-overflow.patch
+++ b/sgpio-1.2-buffer-overflow.patch
@ -0,0 +1,11 @@
 --- sgpio/sgpio.c
 +++ sgpio/sgpio.c
@@ -126,7 +126,7 @@
 	int id;
 	int host_port;
 	int init;
 -	char name[7];
 +	char name[5 /* prefix */ + 10 /* port number */ + 1 /* terminator */];
 };
 /* structure for the disks associated with the led structure */
--- a/sgpio.spec
+++ b/sgpio.spec
@ -1,7 +1,7 @@
 Summary: SGPIO captive backplane tool
 Name: sgpio
 Version: 1.2.0.10
-Release: 21%{?dist}
+Release: 22%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 URL: http://sources.redhat.com/lvm2/wiki/DMRAID_Eventing
@ -10,6 +10,7 @@ Source: sgpio-1.2-0.10-src.tar.gz
 #Source: http://sources.redhat.com/lvm2/wiki/DMRAID_Eventing?action=AttachFile&do=get&target=sgpio-1.2.tgz
 Patch0: sgpio-1.2-makefile.patch
 Patch1: sgpio-1.2-coverity.patch
 Patch2: sgpio-1.2-buffer-overflow.patch
 BuildRequires: dos2unix
 %description
@ -20,6 +21,7 @@ Intel SGPIO enclosure management utility
 dos2unix --keepdate Makefile README
 %patch0 -p1 -b .makefile
 %patch1 -p1 -b .coverity
 %patch2 -p1 -b .buffer-overflow
 chmod a-x *
 %build
@ -36,6 +38,9 @@ make install INSTALL="%{__install} -p" DESTDIR=$RPM_BUILD_ROOT SBIN_DIR=$RPM_BUI
 %{_mandir}/man1/sgpio.*
 %changelog
 * Mon Oct 09 2023 Lukáš Zaoral <lzaoral@redhat.com> - 1.2.0.10-22
 - fix buffer overflow with high port numbers (RHEL-11034)
 * Mon Feb 26 2018 Jan Synáček <jsynacek@redhat.com> - 1.2.0.10-21
 - use distribution LDFLAGS during build (#1548559)