From 8103dae2896d99a37316fe9f31cf8d98765061df Mon Sep 17 00:00:00 2001 From: Kou Wenqi Date: Fri, 28 Jun 2024 16:40:39 +0800 Subject: [PATCH] Fix possible buffer underflow --- Fix-possible-buffer-underflow.patch | 117 ++++++++++++++++++++++++++++ gdbm.spec | 6 +- 2 files changed, 122 insertions(+), 1 deletion(-) create mode 100644 Fix-possible-buffer-underflow.patch diff --git a/Fix-possible-buffer-underflow.patch b/Fix-possible-buffer-underflow.patch new file mode 100644 index 0000000..4af8821 --- /dev/null +++ b/Fix-possible-buffer-underflow.patch @@ -0,0 +1,117 @@ +From 988d3600c24a54ca23bd2a8717083210f29c712d Mon Sep 17 00:00:00 2001 +From: Sergey Poznyakoff +Date: Mon, 18 Mar 2024 23:42:45 +0200 +Subject: [PATCH] Bugfix + +* src/gdbmload.c (get_dump_line): Fix possible buffer underflow. +Return error code. +Return number of bytes read in the memory location passed by +the second argument. All uses changed +--- + src/gdbmload.c | 32 +++++++++++++++++++++----------- + 1 file changed, 21 insertions(+), 11 deletions(-) + +diff --git a/src/gdbmload.c b/src/gdbmload.c +index 5a4f022..aec0ea1 100644 +--- a/src/gdbmload.c ++++ b/src/gdbmload.c +@@ -73,8 +73,8 @@ getparm (const char *buf, const char *parm) + return NULL; + } + +-static size_t +-get_dump_line (struct dump_file *file) ++static int ++get_dump_line (struct dump_file *file, size_t *nread) + { + char buf[80]; + +@@ -83,8 +83,8 @@ get_dump_line (struct dump_file *file) + while (fgets (buf, sizeof buf, file->fp)) + { + size_t n = strlen (buf); +- +- if (buf[n-1] == '\n') ++ ++ if (n > 0 && buf[n-1] == '\n') + { + file->line++; + --n; +@@ -111,21 +111,26 @@ get_dump_line (struct dump_file *file) + } + } + } +- return file->lblevel; ++ if (ferror (file->fp)) ++ return GDBM_FILE_READ_ERROR; ++ if ((*nread = file->lblevel) == 0) ++ return GDBM_FILE_EOF; ++ return GDBM_NO_ERROR; + } + + static int + get_data (struct dump_file *file) + { + size_t n; ++ int rc; + + file->buflevel = 0; + file->parmc = 0; + +- while ((n = get_dump_line (file))) ++ while ((rc = get_dump_line (file, &n)) == GDBM_NO_ERROR) + { + if (file->linebuf[0] == '#') +- return 0; ++ return GDBM_NO_ERROR; + if (n + file->buflevel > file->bufsize) + { + size_t s = ((file->buflevel + n + _GDBM_MAX_DUMP_LINE_LEN - 1) +@@ -141,24 +146,27 @@ get_data (struct dump_file *file) + file->buflevel += n; + file->lblevel = 0; + } +- return ferror (file->fp) ? GDBM_FILE_READ_ERROR : 0; ++ if (rc == GDBM_FILE_EOF && file->buflevel > 0) ++ rc = GDBM_NO_ERROR; ++ return rc; + } + + static int + get_parms (struct dump_file *file) + { + size_t n; ++ int rc; + + file->buflevel = 0; + file->parmc = 0; +- while ((n = get_dump_line (file))) ++ while ((rc = get_dump_line (file, &n)) == GDBM_NO_ERROR) + { + char *p; + + p = file->linebuf; + if (*p != '#') + return 0; +- if (n == 0 || *++p != ':') ++ if (*++p != ':') + { + file->lblevel = 0; + continue; +@@ -220,10 +228,12 @@ get_parms (struct dump_file *file) + file->lblevel = 0; + } + ++ if (rc == GDBM_FILE_EOF && file->buflevel > 0) ++ rc = GDBM_NO_ERROR; + if (file->buffer) + file->buffer[file->buflevel] = 0; + +- return ferror (file->fp) ? GDBM_FILE_READ_ERROR : 0; ++ return rc; + } + + static int +-- +2.27.0 + diff --git a/gdbm.spec b/gdbm.spec index c937535..4cc03cc 100644 --- a/gdbm.spec +++ b/gdbm.spec @@ -1,6 +1,6 @@ Name: gdbm Version: 1.23 -Release: 2 +Release: 3 Epoch: 1 Summary: A library of database functions that work similar to the standard UNIX dbm License: GPLv3+ @@ -16,6 +16,7 @@ Patch5: Improve-handling-of-u-in-gdbm_load.patch Patch6: Fix-allocated-memory-not-released.patch Patch7: Restore-accidentally-removed-parameter-and-New-macro.patch Patch8: Minor-fix-in-the-compatibility-library.patch +Patch9: Fix-possible-buffer-underflow.patch BuildRequires: gcc libtool gettext readline-devel bison flex texinfo @@ -107,6 +108,9 @@ fi %{_infodir}/*.info* %changelog +* Fri Jun 28 2024 kouwenqi - 1:1.23-3 +- DESC: Fix possible buffer underflow + * Thu Mar 16 2023 wangzhiqiang - 1:1.23-2 - DESC:backport upstream patch -- Gitee