Control: tags 1067115 + patch
Control: tags 1067115 + pending
Dear maintainer,
I've prepared an NMU for gross (versioned as 1.0.2-4.1) and uploaded
it to DELAYED/2. Please feel free to tell me if I should cancel it.
cu
Adrian
diffstat for gross-1.0.2 gross-1.0.2
changelog|7 ++
patches/0001-fix-misuse-of-strncat.patch | 95 +++
patches/series |1
3 files changed, 103 insertions(+)
diff -Nru gross-1.0.2/debian/changelog gross-1.0.2/debian/changelog
--- gross-1.0.2/debian/changelog 2014-10-25 11:20:12.0 +0300
+++ gross-1.0.2/debian/changelog 2024-03-23 23:23:34.0 +0200
@@ -1,3 +1,10 @@
+gross (1.0.2-4.1) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * CVE-2023-52159: Stack-based buffer overflow (Closes: #1067115)
+
+ -- Adrian Bunk Sat, 23 Mar 2024 23:23:34 +0200
+
gross (1.0.2-4) unstable; urgency=low
* debian/README: fixed a typo (Closes: 670596)
diff -Nru gross-1.0.2/debian/patches/0001-fix-misuse-of-strncat.patch gross-1.0.2/debian/patches/0001-fix-misuse-of-strncat.patch
--- gross-1.0.2/debian/patches/0001-fix-misuse-of-strncat.patch 1970-01-01 02:00:00.0 +0200
+++ gross-1.0.2/debian/patches/0001-fix-misuse-of-strncat.patch 2024-03-23 23:23:34.0 +0200
@@ -0,0 +1,95 @@
+From ec697f4dd5b057ad5af17468dac7955f3d1c03c6 Mon Sep 17 00:00:00 2001
+From: Dmitry Mikhirev
+Date: Wed, 27 Dec 2023 03:42:29 +0400
+Subject: fix misuse of strncat
+
+---
+ src/gross.c | 11 ---
+ src/worker.c | 21 -
+ 2 files changed, 20 insertions(+), 12 deletions(-)
+
+diff --git a/src/gross.c b/src/gross.c
+index 6e1a277..f477845 100644
+--- a/src/gross.c
b/src/gross.c
+@@ -111,7 +111,9 @@ configure_grossd(configlist_t *config)
+ configlist_t *cp;
+ const char *updatestr;
+ struct hostent *host = NULL;
+- char buffer[MAXLINELEN] = { '\0' };
++ char buffer[MAXLINELEN];
++ char *lineend;
++ size_t len;
+ params_t *pp;
+
+ cp = config;
+@@ -119,11 +121,14 @@ configure_grossd(configlist_t *config)
+ while (cp) {
+ pp = cp->params;
+ *buffer = '\0';
++ lineend = buffer;
++ len = 0;
+ while (pp) {
+-strncat(buffer, " ; ", MAXLINELEN - 1);
+-strncat(buffer, pp->value, MAXLINELEN - 1);
++len += snprintf(lineend, MAXLINELEN - len - 1, " ; %s", pp->value);
++lineend = buffer + len;
+ pp = pp->next;
+ }
++ buffer[MAXLINELEN - 1] = '\0';
+ logstr(GLOG_DEBUG, "config: %s = %s%s", cp->name, cp->value, buffer);
+ cp = cp->next;
+ }
+diff --git a/src/worker.c b/src/worker.c
+index 24f104b..63c0f06 100644
+--- a/src/worker.c
b/src/worker.c
+@@ -618,7 +618,8 @@ void
+ querylogwrite(querylog_entry_t *q)
+ {
+ char line[MAXLINELEN];
+- char buffer[MAXLINELEN];
++ size_t len = 0;
++ char *lineend = line;
+ char *actionstr;
+ check_match_t *m;
+
+@@ -655,25 +656,27 @@ querylogwrite(querylog_entry_t *q)
+ if (NULL == q->recipient)
+ q->recipient = "N/A";
+
+- snprintf(line, MAXLINELEN - 1, "a=%s d=%d w=%d c=%s s=%s r=%s", actionstr, q->delay, q->totalweight,
+- q->client_ip, q->sender, q->recipient);
++ len += snprintf(line, MAXLINELEN - 1, "a=%s d=%d w=%d c=%s s=%s r=%s", actionstr, q->delay, q->totalweight, q->client_ip, q->sender, q->recipient);
++ lineend = line +len;
+
+ if (q->helo) {
+- snprintf(buffer, MAXLINELEN - 1, " h=%s", q->helo);
+- strncat(line, buffer, MAXLINELEN - 1);
++ len += snprintf(lineend, MAXLINELEN - len - 1, " h=%s", q->helo);
++ lineend = line + len;
+ }
+
+ m = q->match;
+ while (m) {
+- snprintf(buffer, MAXLINELEN - 1, " m=%s", m->name);
+- strncat(line, buffer, MAXLINELEN - 1);
++ len += snprintf(lineend, MAXLINELEN - len - 1, " m=%s", m->name);
++ lineend = line + len;
+ if (m->weight) {
+- snprintf(buffer, MAXLINELEN - 1, "%+d", m->weight);
+- strncat(line, buffer, MAXLINELEN - 1);
++ len += snprintf(lineend, MAXLINELEN - len - 1, "%+d", m->weight);
++ lineend = line + len;
+ }
+ m = m->next;
+ }
+
++ line[MAXLINELEN - 1] = '\0';
++
+ logstr(GLOG_INFO, "%s", line);
+ }
+
+--
+2.30.2
+
diff -Nru gross-1.0.2/debian/patches/series gross-1.0.2/debian/patches/series
--- gross-1.0.2/debian/patches/series 2014-10-25 11:07:44.0 +0300
+++ gross-1.0.2/debian/patches/series 2024-03-23 23:23:34.0 +0200
@@ -1,3 +1,4 @@
0001-fix-manpage-errors.patch
0003-change-default-user.patch
0002-remove-getline.patch
+0001-fix-misuse-of-strncat.patch