From e26ff3c91800fc6b2ee9879e35e576d143414fdb Mon Sep 17 00:00:00 2001
From: starlet-dx <15929766099@163.com>
Date: Wed, 27 Mar 2024 09:51:36 +0800
Subject: [PATCH] Fix CVE-2022-2469

(cherry picked from commit 36de747bf933c5ea53f093fded18f145324cbee9)
---
 CVE-2022-2469.patch | 28 ++++++++++++++++++++++++++++
 libgsasl.spec       |  8 ++++++--
 2 files changed, 34 insertions(+), 2 deletions(-)
 create mode 100644 CVE-2022-2469.patch

diff --git a/CVE-2022-2469.patch b/CVE-2022-2469.patch
new file mode 100644
index 0000000..4bde605
--- /dev/null
+++ b/CVE-2022-2469.patch
@@ -0,0 +1,28 @@
+From 796e4197f696261c1f872d7576371232330bcc30 Mon Sep 17 00:00:00 2001
+From: Simon Josefsson <simon@josefsson.org>
+Date: Fri, 15 Jul 2022 16:23:58 +0200
+Subject: [PATCH] GSSAPI server: Boundary check gss_wrap token (read OOB).
+
+Origin: 
+https://gitlab.com/gsasl/gsasl/-/commit/796e4197f696261c1f872d7576371232330bcc30
+---
+ gssapi/server.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/gssapi/server.c b/gssapi/server.c
+index 4a5dfd7..a93e454 100644
+--- a/gssapi/server.c
++++ b/gssapi/server.c
+@@ -225,6 +225,9 @@ _gsasl_gssapi_server_step (Gsasl_session * sctx,
+          FALSE, and responds with the generated output_message.  The
+          client can then consider the server authenticated. */
+ 
++      if (bufdesc2.length < 4)
++	return GSASL_AUTHENTICATION_ERROR;
++
+       if ((((char *) bufdesc2.value)[0] & GSASL_QOP_AUTH) == 0)
+ 	{
+ 	  /* Integrity or privacy unsupported */
+-- 
+2.33.0
+
diff --git a/libgsasl.spec b/libgsasl.spec
index 732d8fb..ad15abb 100644
--- a/libgsasl.spec
+++ b/libgsasl.spec
@@ -1,11 +1,12 @@
 Name:                libgsasl
 Version:             1.10.0
-Release:             1
+Release:             2
 Summary:             GNU SASL library
 License:             LGPLv2+
 URL:                 https://www.gnu.org/software/gsasl/
 Source0:             https://ftp.gnu.org/gnu/gsasl/%{name}-%{version}.tar.gz
 Source1:             https://ftp.gnu.org/gnu/gsasl/%{name}-%{version}.tar.gz.sig
+Patch0:              CVE-2022-2469.patch
 BuildRequires:       gcc krb5-devel libgcrypt-devel libidn-devel libntlm-devel pkgconfig
 %description
 The library includes support for the SASL framework
@@ -21,7 +22,7 @@ The %{name}-devel package contains libraries and header files for
 developing applications that use %{name}.
 
 %prep
-%autosetup
+%autosetup -p1
 
 %build
 %configure --disable-static --disable-rpath --with-gssapi-impl=mit
@@ -45,6 +46,9 @@ find %{buildroot} -name '*.la' -exec rm -f {} ';'
 %{_libdir}/pkgconfig/libgsasl.pc
 
 %changelog
+* Wed Mar 27 2024 yaoxin <yao_xin001@hoperun.com> - 1.10.0-2
+- Fix CVE-2022-2469
+
 * Fri Apr 28 2023 wangkai <13474090681@163.com> - 1.10.0-1
 - Update to 1.10.0