From 8d57c9da293a87f30647976c9d809dd8001a7f75 Mon Sep 17 00:00:00 2001
From: Wei Jiangang <wei_jiangang@hoperun.com>
Date: Tue, 14 Jan 2025 15:57:47 +0800
Subject: [PATCH] Fix CVE-2024-0962

Signed-off-by: Wei Jiangang <wei_jiangang@hoperun.com>
---
 ...x-parsing-OSCORE-configuration-infor.patch | 39 +++++++++++++++++++
 libcoap.spec                                  |  6 ++-
 2 files changed, 44 insertions(+), 1 deletion(-)
 create mode 100644 0002-coap_oscore.c-Fix-parsing-OSCORE-configuration-infor.patch

diff --git a/0002-coap_oscore.c-Fix-parsing-OSCORE-configuration-infor.patch b/0002-coap_oscore.c-Fix-parsing-OSCORE-configuration-infor.patch
new file mode 100644
index 0000000..e1e4ab2
--- /dev/null
+++ b/0002-coap_oscore.c-Fix-parsing-OSCORE-configuration-infor.patch
@@ -0,0 +1,39 @@
+Date: Thu, 25 Jan 2024 18:03:17 +0000
+Subject: [PATCH] [PATCH] coap_oscore.c: Fix parsing OSCORE configuration
+ information
+
+Signed-off-by: Jon Shallow <supjps-libcoap@jpshallow.com>
+---
+ src/coap_oscore.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/src/coap_oscore.c b/src/coap_oscore.c
+index bf4f23f..2d7dd6d 100644
+--- src/coap_oscore.c
++++ src/coap_oscore.c
+@@ -1672,11 +1672,12 @@ get_split_entry(const char **start,
+                 oscore_value_t *value) {
+   const char *begin = *start;
+   const char *end;
++  const char *kend;
+   const char *split;
+   size_t i;
+ 
+ retry:
+-  end = memchr(begin, '\n', size);
++  kend = end = memchr(begin, '\n', size);
+   if (end == NULL)
+     return 0;
+ 
+@@ -1687,7 +1688,7 @@ retry:
+ 
+   if (begin[0] == '#' || (end - begin) == 0) {
+     /* Skip comment / blank line */
+-    size -= end - begin + 1;
++    size -= kend - begin + 1;
+     begin = *start;
+     goto retry;
+   }
+-- 
+2.43.0
+
diff --git a/libcoap.spec b/libcoap.spec
index 24af69a..b791d48 100644
--- a/libcoap.spec
+++ b/libcoap.spec
@@ -1,6 +1,6 @@
 Name:           libcoap
 Version:        4.3.4
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        Implementation of a lightweight application-protocol CoAP
 # If build against gnutls the license is BSD + LGPL 2.1
 License:	BSD
@@ -9,6 +9,7 @@ URL:            https://libcoap.net
 Source0:        %{name}-%{version}.tar.gz
 
 Patch0001:      0001-coap_pdu.c-Fix-UndefinedBehaviorSanitizer-undefined-.patch
+Patch0002:      0002-coap_oscore.c-Fix-parsing-OSCORE-configuration-infor.patch
 
 BuildRequires:  autoconf
 BuildRequires:  automake
@@ -94,6 +95,9 @@ make check
 %{_libdir}/libcoap-3*.so
 
 %changelog
+* Tue Jan 14 2025 Wei Jiangang <wei_jiangang@hoperun.com> - 4.3.4-3
+- Fix CVE-2024-0962
+
 * Wed Aug 14 2024 Wei Jiangang <wei_jiangang@hoperun.com> - 4.3.4-2
 - Fix CVE-2024-31031
 
-- 
Gitee