fix CVE 2023 26551
This commit is contained in:
chengyechun
parent
ae9357ff78
commit
e583598819
47
backport-CVE-2023-26551.patch
Normal file
47
backport-CVE-2023-26551.patch
Normal file
@ -0,0 +1,47 @@
|
||||
From 562c0cc96b42afce4eeef8da8ac315f03e2e99df Mon Sep 17 00:00:00 2001
|
||||
From: Miroslva Lichvar <mlichvar@redhat.com>
|
||||
Date: Thu, 20 Apr 2023 08:27:41 PM GMT+0800
|
||||
Subject: [PATCH] mstolfp:make sure the buffer has enough room for the input extra characters
|
||||
|
||||
Reference:https://build.opensuse.org/package/view_file/openSUSE:Factory/ntp/ntp-CVE-2023-26551.patch?expand=1
|
||||
Conflict:NA
|
||||
|
||||
CVE-2023-26552, CVE-2023-26553 and CVE-2023-26554 are marked identical to CVE-2023-26551
|
||||
https://github.com/spwpun/ntp-4.2.8p15-cves/issues/1#issuecomment-1507034339
|
||||
|
||||
---
|
||||
libntp/mstolfp.c | 11 ++++++++++-
|
||||
1 file changed, 10 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/libntp/mstolfp.c b/libntp/mstolfp.c
|
||||
index 3dfc4ef..a8defa2 100644
|
||||
--- a/libntp/mstolfp.c
|
||||
+++ b/libntp/mstolfp.c
|
||||
@@ -14,7 +14,7 @@ mstolfp(
|
||||
l_fp *lfp
|
||||
)
|
||||
{
|
||||
- register const char *cp;
|
||||
+ register const char *cp, *end;
|
||||
register char *bp;
|
||||
register const char *cpdec;
|
||||
char buf[100];
|
||||
@@ -42,6 +42,15 @@ mstolfp(
|
||||
if (*cp != '.' && !isdigit((unsigned char)*cp))
|
||||
return 0;
|
||||
|
||||
+ /*
|
||||
+ * Make sure the buffer has enough room for the input string and the
|
||||
+ * extra characters, in the worst case replacing "." with "0.000"
|
||||
+ */
|
||||
+ end = cp;
|
||||
+ while (isdigit((unsigned char)*end) || *end == '.')
|
||||
+ end++;
|
||||
+ if (end - cp + 4 >= sizeof (buf) - (bp - buf))
|
||||
+ return 0;
|
||||
|
||||
/*
|
||||
* Search forward for the decimal point or the end of the string.
|
||||
--
|
||||
2.27.0
|
||||
|
||||
9
ntp.spec
9
ntp.spec
@ -2,7 +2,7 @@
|
||||
|
||||
Name: ntp
|
||||
Version: 4.2.8p15
|
||||
Release: 7
|
||||
Release: 8
|
||||
Summary: A protocol designed to synchronize the clocks of computers over a network
|
||||
License: MIT and BSD and BSD with advertising
|
||||
URL: https://www.ntp.org/
|
||||
@ -27,6 +27,7 @@ Patch4: fix-multiple-defination-with-gcc-10.patch
|
||||
Patch5: Do-not-use-PTHREAD_STACK_MIN-on-glibc.patch
|
||||
Patch6: fix-MD5-manpage.patch
|
||||
Patch7: modify-DSA-key-generation-parameters-base-on-openssl3.patch
|
||||
Patch8: backport-CVE-2023-26551.patch
|
||||
|
||||
BuildRequires: libcap-devel openssl-devel libedit-devel libevent-devel pps-tools-devel
|
||||
BuildRequires: autogen autogen-libopts-devel systemd gcc perl-generators perl-HTML-Parser
|
||||
@ -209,6 +210,12 @@ make check
|
||||
%{_mandir}/man8/*.8*
|
||||
|
||||
%changelog
|
||||
* Thu May 11 2023 chengyechun <chengyechun1@huawei.com> - 4.2.8p15-8
|
||||
- Type:CVE
|
||||
- ID:CVE-2023-26551
|
||||
- SUG:NA
|
||||
- DESC:make sure the buffer has enough room for the input extra characters
|
||||
|
||||
* Tue Mar 14 2023 chengyechun<chengyechun1@huawei.com> - 4.2.8p15-7
|
||||
* Type:bugfix
|
||||
- ID:NA
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user