fix CVE-2023-42118
(cherry picked from commit e70cbcf5d605f47a1e415d4d502f842df2e8a3ab)
This commit is contained in:
Funda Wang
openeuler-sync-bot
parent
801909a64f
commit
f13f62c610
134
CVE-2023-42118-and-other-fixes.patch
Normal file
134
CVE-2023-42118-and-other-fixes.patch
Normal file
@ -0,0 +1,134 @@
|
||||
From c93823faef044150e1b232928d225ff5ff297e6c Mon Sep 17 00:00:00 2001
|
||||
From: Simon Arlott <sa.me.uk>
|
||||
Date: Sat, 30 Sep 2023 12:18:51 +0100
|
||||
Subject: [PATCH] Fix integer underflow
|
||||
|
||||
---
|
||||
src/libspf2/spf_compile.c | 6 +++++-
|
||||
1 file changed, 5 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/libspf2/spf_compile.c b/src/libspf2/spf_compile.c
|
||||
index b08ffe2..d401028 100644
|
||||
--- a/src/libspf2/spf_compile.c
|
||||
+++ b/src/libspf2/spf_compile.c
|
||||
@@ -455,7 +455,11 @@ SPF_c_parse_var(SPF_response_t *spf_response, SPF_data_var_t *data,
|
||||
/* Magic numbers for x/Nc in gdb. */ \
|
||||
data->ds.__unused0 = 0xba; data->ds.__unused1 = 0xbe; \
|
||||
dst = SPF_data_str( data ); \
|
||||
- ds_avail = _avail - sizeof(SPF_data_t); \
|
||||
+ if ((_avail) < sizeof(SPF_data_t)) \
|
||||
+ return SPF_response_add_error_ptr(spf_response, \
|
||||
+ SPF_E_BIG_STRING, NULL, src, \
|
||||
+ "Out of memory for string literal");\
|
||||
+ ds_avail = (_avail) - sizeof(SPF_data_t); \
|
||||
ds_len = 0; \
|
||||
} while(0)
|
||||
|
||||
From faa9e02887e20d37e112c4ce7df34366e4f2fa2f Mon Sep 17 00:00:00 2001
|
||||
From: Simon Arlott <sa.me.uk>
|
||||
Date: Mon, 2 Oct 2023 19:34:38 +0100
|
||||
Subject: [PATCH] Used a fixed size buffer for DNS responses instead of
|
||||
doubling memory use
|
||||
|
||||
---
|
||||
src/libspf2/spf_dns_resolv.c | 21 +++------------------
|
||||
1 file changed, 3 insertions(+), 18 deletions(-)
|
||||
|
||||
diff --git a/src/libspf2/spf_dns_resolv.c b/src/libspf2/spf_dns_resolv.c
|
||||
index 9dacafe..ec687b8 100644
|
||||
--- a/src/libspf2/spf_dns_resolv.c
|
||||
+++ b/src/libspf2/spf_dns_resolv.c
|
||||
@@ -268,7 +268,7 @@ SPF_dns_resolv_lookup(SPF_dns_server_t *spf_dns_server,
|
||||
}
|
||||
#endif
|
||||
|
||||
- responselen = 2048;
|
||||
+ responselen = 65536;
|
||||
responsebuf = (u_char *)malloc(responselen);
|
||||
if (! responsebuf)
|
||||
return NULL; /* NULL always means OOM from DNS lookup. */
|
||||
@@ -319,23 +319,8 @@ SPF_dns_resolv_lookup(SPF_dns_server_t *spf_dns_server,
|
||||
domain, rr_type, 0, SPF_h_errno);
|
||||
}
|
||||
else if (dns_len > responselen) {
|
||||
- void *tmp;
|
||||
- /* We managed a lookup but our buffer was too small. */
|
||||
- responselen = dns_len + (dns_len >> 1);
|
||||
-#if 0
|
||||
- /* Sanity-trap - we should never hit this. */
|
||||
- if (responselen > 1048576) { /* One megabyte. */
|
||||
- free(responsebuf);
|
||||
- return SPF_dns_rr_new_init(spf_dns_server,
|
||||
- domain, rr_type, 0, SPF_h_errno);
|
||||
- }
|
||||
-#endif
|
||||
- tmp = realloc(responsebuf, responselen);
|
||||
- if (!tmp) {
|
||||
- free(responsebuf);
|
||||
- return NULL;
|
||||
- }
|
||||
- responsebuf = tmp;
|
||||
+ free(responsebuf);
|
||||
+ return NULL;
|
||||
}
|
||||
else {
|
||||
/* We managed a lookup, and our buffer was large enough. */
|
||||
From 1bd4c108b63927cd1229760e30936160d050d997 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Arlott <sa.me.uk>
|
||||
Date: Mon, 2 Oct 2023 19:37:00 +0100
|
||||
Subject: [PATCH] Allocate memory for string when the buffer is NULL
|
||||
|
||||
These can't ever be NULL but scan-build complains about them.
|
||||
---
|
||||
src/libspf2/spf_dns_cache.c | 2 +-
|
||||
src/libspf2/spf_get_exp.c | 2 +-
|
||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/libspf2/spf_dns_cache.c b/src/libspf2/spf_dns_cache.c
|
||||
index 16c9819..50d2660 100644
|
||||
--- a/src/libspf2/spf_dns_cache.c
|
||||
+++ b/src/libspf2/spf_dns_cache.c
|
||||
@@ -327,7 +327,7 @@ SPF_dns_cache_rr_fixup(SPF_dns_cache_config_t *spfhook,
|
||||
char *new_domain;
|
||||
size_t new_len = strlen(domain) + 1;
|
||||
|
||||
- if (cached_rr->domain_buf_len < new_len) {
|
||||
+ if (cached_rr->domain == NULL || cached_rr->domain_buf_len < new_len) {
|
||||
new_domain = realloc(cached_rr->domain, new_len);
|
||||
if (new_domain == NULL)
|
||||
return SPF_E_NO_MEMORY;
|
||||
diff --git a/src/libspf2/spf_get_exp.c b/src/libspf2/spf_get_exp.c
|
||||
index f4b5055..4a663e4 100644
|
||||
--- a/src/libspf2/spf_get_exp.c
|
||||
+++ b/src/libspf2/spf_get_exp.c
|
||||
@@ -62,7 +62,7 @@ SPF_server_get_default_explanation(SPF_server_t *spf_server,
|
||||
}
|
||||
else {
|
||||
size_t len = sizeof(SPF_LAME_EXP) + 1;
|
||||
- if (*buflenp < len) {
|
||||
+ if (*bufp == NULL || *buflenp < len) {
|
||||
char *tmp = realloc(*bufp, len);
|
||||
if (tmp == NULL)
|
||||
return SPF_E_NO_MEMORY;
|
||||
From 36c3af1dcfeb6c987dac00161f2ed57c6a42ed03 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Arlott <sa.me.uk>
|
||||
Date: Sat, 30 Sep 2023 11:40:47 +0100
|
||||
Subject: [PATCH] Use correct integer size for format string
|
||||
|
||||
---
|
||||
src/libspf2/spf_compile.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/libspf2/spf_compile.c b/src/libspf2/spf_compile.c
|
||||
index b08ffe2..ba3d804 100644
|
||||
--- a/src/libspf2/spf_compile.c
|
||||
+++ b/src/libspf2/spf_compile.c
|
||||
@@ -604,7 +604,7 @@ SPF_c_parse_macro(SPF_server_t *spf_server,
|
||||
|
||||
default:
|
||||
if (spf_server->debug > 3)
|
||||
- SPF_debugf("Adding illegal %%-follower '%c' at %d",
|
||||
+ SPF_debugf("Adding illegal %%-follower '%c' at %zu",
|
||||
src[idx], idx);
|
||||
/* SPF spec says to treat it as a literal, not
|
||||
* SPF_E_INVALID_ESC */
|
||||
11
libspf2.spec
11
libspf2.spec
@ -5,13 +5,14 @@
|
||||
|
||||
Name: libspf2
|
||||
Version: 1.2.11
|
||||
Release: 1
|
||||
Release: 2
|
||||
Summary: An implementation of the SPF specification
|
||||
License: BSD or LGPLv2+
|
||||
Url: http://www.libspf2.org/
|
||||
|
||||
Source0: libspf2-%{version}-%{git}.tar.xz
|
||||
Patch1: 0001-remove-libreplace-unneeded-on-Linux.patch
|
||||
Patch2: CVE-2023-42118-and-other-fixes.patch
|
||||
|
||||
BuildRequires: gcc
|
||||
BuildRequires: automake autoconf libtool
|
||||
@ -80,8 +81,7 @@ Requires(postun): /usr/sbin/alternatives, /usr/bin/readlink
|
||||
Programs for making SPF queries and checking their results using libspf2.
|
||||
|
||||
%prep
|
||||
%setup -q -n libspf2-%{version}-%{git}
|
||||
%patch1 -p1
|
||||
%autosetup -p1 -n libspf2-%{version}-%{git}
|
||||
|
||||
|
||||
%build
|
||||
@ -123,8 +123,6 @@ make -C tests check
|
||||
LD_PRELOAD=$(pwd)/src/libspf2/.libs/libspf2.so make -C perl test
|
||||
%endif
|
||||
|
||||
%ldconfig_scriptlets
|
||||
|
||||
%post progs
|
||||
/usr/sbin/alternatives --install %{_bindir}/spfquery spf %{_bindir}/spfquery.libspf2 20 \
|
||||
--slave %{_bindir}/spfd spf-daemon %{_bindir}/spfd.libspf2
|
||||
@ -169,5 +167,8 @@ exit 0
|
||||
%{_mandir}/man3/Mail::SPF_XS.3pm*
|
||||
|
||||
%changelog
|
||||
* Wed Dec 25 2024 Funda Wang <fundawang@yeah.net> - 1.2.11-2
|
||||
- fix CVE-2023-42118
|
||||
|
||||
* Tue Oct 18 2022 openEuler Application <dev@openeuler.org> - 1.2.11-1
|
||||
- DESC:Package init
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user