packages/ntp
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!45 fix CVE-2023-26551,CVE-2023-26552,CVE-2023-26553,CVE-2023-26554

Browse Source 
From: @chengyechun 
Reviewed-by: @kircher 
Signed-off-by: @kircher
This commit is contained in:
openeuler-ci-bot 2023-05-12 02:09:35 +00:00 committed by Gitee
commit 455f7dc0c9
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 55 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
backport-CVE-2023-26551.patch Normal file
View File

@ -0,0 +1,47 @@
From 562c0cc96b42afce4eeef8da8ac315f03e2e99df Mon Sep 17 00:00:00 2001
From: Miroslva Lichvar <mlichvar@redhat.com>
Date: Thu, 20 Apr 2023 08:27:41 PM GMT+0800
Subject: [PATCH] mstolfp:make sure the buffer has enough room for the input extra characters
Reference:https://build.opensuse.org/package/view_file/openSUSE:Factory/ntp/ntp-CVE-2023-26551.patch?expand=1
Conflict:NA
CVE-2023-26552, CVE-2023-26553 and CVE-2023-26554 are marked identical to CVE-2023-26551
https://github.com/spwpun/ntp-4.2.8p15-cves/issues/1#issuecomment-1507034339
---
libntp/mstolfp.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/libntp/mstolfp.c b/libntp/mstolfp.c
index 3dfc4ef..a8defa2 100644
--- a/libntp/mstolfp.c
+++ b/libntp/mstolfp.c
@@ -14,7 +14,7 @@ mstolfp(
l_fp *lfp
)
{
- register const char *cp;
+ register const char *cp, *end;
register char *bp;
register const char *cpdec;
char buf[100];
@@ -42,6 +42,15 @@ mstolfp(
if (*cp != '.' && !isdigit((unsigned char)*cp))
return 0;
+ /*
+ * Make sure the buffer has enough room for the input string and the
+ * extra characters, in the worst case replacing "." with "0.000"
+ */
+ end = cp;
+ while (isdigit((unsigned char)*end) || *end == '.')
+ end++;
+ if (end - cp + 4 >= sizeof (buf) - (bp - buf))
+ return 0;
/*
* Search forward for the decimal point or the end of the string.
--
2.27.0

9
ntp.spec
View File

@ -2,7 +2,7 @@
Name: ntp Name: ntp
Version: 4.2.8p15 Version: 4.2.8p15
Release: 7 Release: 8
Summary: A protocol designed to synchronize the clocks of computers over a network Summary: A protocol designed to synchronize the clocks of computers over a network
License: MIT and BSD and BSD with advertising License: MIT and BSD and BSD with advertising
URL: https://www.ntp.org/ URL: https://www.ntp.org/
@ -27,6 +27,7 @@ Patch4: fix-multiple-defination-with-gcc-10.patch
Patch5: Do-not-use-PTHREAD_STACK_MIN-on-glibc.patch Patch5: Do-not-use-PTHREAD_STACK_MIN-on-glibc.patch
Patch6: fix-MD5-manpage.patch Patch6: fix-MD5-manpage.patch
Patch7: modify-DSA-key-generation-parameters-base-on-openssl3.patch Patch7: modify-DSA-key-generation-parameters-base-on-openssl3.patch
Patch8: backport-CVE-2023-26551.patch
BuildRequires: libcap-devel openssl-devel libedit-devel libevent-devel pps-tools-devel BuildRequires: libcap-devel openssl-devel libedit-devel libevent-devel pps-tools-devel
BuildRequires: autogen autogen-libopts-devel systemd gcc perl-generators perl-HTML-Parser BuildRequires: autogen autogen-libopts-devel systemd gcc perl-generators perl-HTML-Parser
@ -209,6 +210,12 @@ make check
%{_mandir}/man8/*.8* %{_mandir}/man8/*.8*
%changelog %changelog
* Thu May 11 2023 chengyechun <chengyechun1@huawei.com> - 4.2.8p15-8
- Type:CVE
- ID:CVE-2023-26551
- SUG:NA
- DESC:make sure the buffer has enough room for the input extra characters
* Tue Mar 14 2023 chengyechun<chengyechun1@huawei.com> - 4.2.8p15-7 * Tue Mar 14 2023 chengyechun<chengyechun1@huawei.com> - 4.2.8p15-7
* Type:bugfix * Type:bugfix
- ID:NA - ID:NA