diff --git a/backport-evutil-don-t-call-memset-before-memcpy.patch b/backport-evutil-don-t-call-memset-before-memcpy.patch new file mode 100644 index 0000000000000000000000000000000000000000..602da9e2053160fa1c9a45aad3334ac6f33f53e5 --- /dev/null +++ b/backport-evutil-don-t-call-memset-before-memcpy.patch @@ -0,0 +1,39 @@ +From 39073df8318364fc868ab6d90a345ea4fc66e864 Mon Sep 17 00:00:00 2001 +From: Liu Dongmiao +Date: Sat, 30 Mar 2024 21:44:50 +0800 +Subject: [PATCH] evutil: don't call memset before memcpy + +In `evutil_parse_sockaddr_port`, it would `memset` the `out` to zero, +however, the `memset` is unnecessary before `memcpy`, and may cause +undefined behavior if the `outlen` is invalid. + +This should close #1573. + +Reference:https://github.com/libevent/libevent/commit/39073df8 +--- + evutil.c | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/evutil.c b/evutil.c +index 9817f08..cc0133f 100644 +--- a/evutil.c ++++ b/evutil.c +@@ -2216,7 +2216,6 @@ evutil_parse_sockaddr_port(const char *ip_as_string, struct sockaddr *out, int * + if ((int)sizeof(sin6) > *outlen) + return -1; + sin6.sin6_scope_id = if_index; +- memset(out, 0, *outlen); + memcpy(out, &sin6, sizeof(sin6)); + *outlen = sizeof(sin6); + return 0; +@@ -2235,7 +2234,6 @@ evutil_parse_sockaddr_port(const char *ip_as_string, struct sockaddr *out, int * + return -1; + if ((int)sizeof(sin) > *outlen) + return -1; +- memset(out, 0, *outlen); + memcpy(out, &sin, sizeof(sin)); + *outlen = sizeof(sin); + return 0; +-- +2.27.0 + diff --git a/libevent.spec b/libevent.spec index a978114b0ecc0b5d43281ad99f6cdc151ebf30fb..42aba2cf257e611d1f49dc9b707271cabe843fd4 100644 --- a/libevent.spec +++ b/libevent.spec @@ -1,6 +1,6 @@ Name: libevent Version: 2.1.12 -Release: 7 +Release: 8 Summary: An event notification library License: BSD @@ -15,6 +15,7 @@ Patch6000: backport-ssl-do-not-trigger-EOF-if-some-data-had-been-successf.patch Patch6001: backport-http-eliminate-redundant-bev-fd-manipulating-and-cac.patch Patch6002: backport-http-fix-fd-leak-on-fd-reset-by-using-bufferevent_re.patch Patch6003: backport-bufferevent-introduce-bufferevent_replacefd-like-set.patch +Patch6004: backport-evutil-don-t-call-memset-before-memcpy.patch %description Libevent additionally provides a sophisticated framework for buffered network IO, with support for sockets, @@ -87,6 +88,12 @@ EOF %changelog +* Mon Apr 01 2024 shixuantong - 2.1.12-8 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:evutil: don't call memset before memcpy + * Mon Sep 18 2023 shixuantong - 2.1.12-7 - Type:bugfix - CVE:NA