From ff183fcc65dde12621d767ab2a6a93d3fd0bfc58 Mon Sep 17 00:00:00 2001 From: wangjiang Date: Wed, 8 May 2024 15:02:41 +0800 Subject: [PATCH] =?UTF-8?q?Do=20not=20pass=20non=E2=80=93null=E2=80=90term?= =?UTF-8?q?inated=20strings=20to=20strcmp()?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit (cherry picked from commit d1d5a64d46f46da3c98573e3879a3477942014d3) --- ...non-null-terminated-strings-to-strcm.patch | 40 +++++++++++++++++++ libtdb.spec | 10 ++++- 2 files changed, 49 insertions(+), 1 deletion(-) create mode 100644 backport-tdb-Do-not-pass-non-null-terminated-strings-to-strcm.patch diff --git a/backport-tdb-Do-not-pass-non-null-terminated-strings-to-strcm.patch b/backport-tdb-Do-not-pass-non-null-terminated-strings-to-strcm.patch new file mode 100644 index 0000000..a635c05 --- /dev/null +++ b/backport-tdb-Do-not-pass-non-null-terminated-strings-to-strcm.patch @@ -0,0 +1,40 @@ +From 757cd49b8445f22c2c19380e948e7aba5a76399a Mon Sep 17 00:00:00 2001 +From: Joseph Sutton +Date: Fri, 6 Oct 2023 13:54:02 +1300 +Subject: [PATCH] =?UTF-8?q?tdb:=20Do=20not=20pass=20non=E2=80=93null?= + =?UTF-8?q?=E2=80=90terminated=20strings=20to=20strcmp()=20(CID=201449485)?= +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Joseph Sutton +Reviewed-by: Andrew Bartlett + +Reference:https://github.com/samba-team/samba/commit/757cd49b8445f22c2c19380e948e7aba5a76399a +Conflict:NA +--- + common/open.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/common/open.c b/common/open.c +index f7f65b0..4e138c6 100644 +--- a/common/open.c ++++ b/common/open.c +@@ -513,7 +513,13 @@ _PUBLIC_ struct tdb_context *tdb_open_ex(const char *name, int hash_size, int td + + errno = 0; + if (read(tdb->fd, &header, sizeof(header)) != sizeof(header) +- || strcmp(header.magic_food, TDB_MAGIC_FOOD) != 0) { ++ /* ++ * Call strncmp() rather than strcmp() in case header.magic_food is ++ * not zero‐terminated. We’re still checking the full string for ++ * equality, as tdb_header::magic_food is larger than ++ * TDB_MAGIC_FOOD. ++ */ ++ || strncmp(header.magic_food, TDB_MAGIC_FOOD, sizeof(header.magic_food)) != 0) { + if (!(open_flags & O_CREAT) || + tdb_new_database(tdb, &header, hash_size) == -1) { + if (errno == 0) { +-- +2.33.0 + diff --git a/libtdb.spec b/libtdb.spec index da4baf7..a311932 100644 --- a/libtdb.spec +++ b/libtdb.spec @@ -1,11 +1,13 @@ Name: libtdb Version: 1.4.9 -Release: 1 +Release: 2 Summary: The Tdb library License: LGPLv3+ URL: http://tdb.samba.org/ Source: http://samba.org/ftp/tdb/tdb-%{version}.tar.gz +Patch6000: backport-tdb-Do-not-pass-non-null-terminated-strings-to-strcm.patch + BuildRequires: gcc libxslt docbook-style-xsl BuildRequires: python3-devel Provides: bundled(libreplace) @@ -87,6 +89,12 @@ make %{?_smp_mflags} check %ldconfig_scriptlets %changelog +* Wed May 08 2024 wangjiang - 1.4.9-2 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:tdb: Do not pass non–null‐terminated strings to strcmp() + * Thu Aug 17 2023 dillon chen - 1.4.9-1 - upgrade version to 1.4.9