fix buffer overflow with high port numbers

Resolves: RHEL-14440
This commit is contained in:
Lukáš Zaoral 2023-10-23 14:28:27 +02:00 committed by Henrich Hofbauer
parent a05a068785
commit 715a280ffc
2 changed files with 17 additions and 1 deletions

View File

@ -0,0 +1,11 @@
--- sgpio/sgpio.c
+++ sgpio/sgpio.c
@@ -126,7 +126,7 @@
int id;
int host_port;
int init;
- char name[7];
+ char name[5 /* prefix */ + 10 /* port number */ + 1 /* terminator */];
};
/* structure for the disks associated with the led structure */

View File

@ -1,7 +1,7 @@
Summary: SGPIO captive backplane tool
Name: sgpio
Version: 1.2.0.10
Release: 30%{?dist}
Release: 31%{?dist}
License: GPLv2+
URL: http://sources.redhat.com/lvm2/wiki/DMRAID_Eventing
Source: sgpio-1.2-0.10-src.tar.gz
@ -9,6 +9,7 @@ Source: sgpio-1.2-0.10-src.tar.gz
#Source: http://sources.redhat.com/lvm2/wiki/DMRAID_Eventing?action=AttachFile&do=get&target=sgpio-1.2.tgz
Patch0: sgpio-1.2-makefile.patch
Patch1: sgpio-1.2-coverity.patch
Patch2: sgpio-1.2-buffer-overflow.patch
BuildRequires: make
BuildRequires: gcc
BuildRequires: dos2unix
@ -21,6 +22,7 @@ Intel SGPIO enclosure management utility
dos2unix --keepdate Makefile README
%patch0 -p1 -b .makefile
%patch1 -p1 -b .coverity
%patch2 -p1 -b .buffer-overflow
chmod a-x *
%build
@ -37,6 +39,9 @@ make clean
%{_mandir}/man1/sgpio.*
%changelog
* Mon Oct 23 2023 Lukáš Zaoral <lzaoral@redhat.com> - 1.2.0.10-31
- fix buffer overflow with high port numbers (RHEL-14440)
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 1.2.0.10-30
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688