Bug#1067115: gross: diff for NMU version 1.0.2-4.1

2024-03-24 Thread Adrian Bunk 
On Sun, Mar 24, 2024 at 11:05:54PM +0100, Antonio Radici wrote:
> On Sat, Mar 23, 2024 at 11:45:58PM +0200, Adrian Bunk wrote:
> > Control: tags 1067115 + patch
> > Control: tags 1067115 + pending
> > 
> > Dear maintainer,
> > 
> > I've prepared an NMU for gross (versioned as 1.0.2-4.1) and uploaded
> > it to DELAYED/2. Please feel free to tell me if I should cancel it.
> > 
> 
> Thanks for working on this, no reason to cancel it.
>...

Thanks, rescheduled for immediate upload.

cu
Adrian

Bug#1067115: gross: diff for NMU version 1.0.2-4.1

2024-03-24 Thread Antonio Radici 
On Sat, Mar 23, 2024 at 11:45:58PM +0200, Adrian Bunk wrote:
> Control: tags 1067115 + patch
> Control: tags 1067115 + pending
> 
> Dear maintainer,
> 
> I've prepared an NMU for gross (versioned as 1.0.2-4.1) and uploaded
> it to DELAYED/2. Please feel free to tell me if I should cancel it.
> 

Thanks for working on this, no reason to cancel it.

Sorry I couldn't get to this faster enough

Bug#1067115: gross: diff for NMU version 1.0.2-4.1

2024-03-23 Thread Adrian Bunk 
Control: tags 1067115 + patch
Control: tags 1067115 + pending

Dear maintainer,

I've prepared an NMU for gross (versioned as 1.0.2-4.1) and uploaded
it to DELAYED/2. Please feel free to tell me if I should cancel it.

cu
Adrian
diffstat for gross-1.0.2 gross-1.0.2

 changelog|7 ++
 patches/0001-fix-misuse-of-strncat.patch |   95 +++
 patches/series   |1 
 3 files changed, 103 insertions(+)

diff -Nru gross-1.0.2/debian/changelog gross-1.0.2/debian/changelog
--- gross-1.0.2/debian/changelog	2014-10-25 11:20:12.0 +0300
+++ gross-1.0.2/debian/changelog	2024-03-23 23:23:34.0 +0200
@@ -1,3 +1,10 @@
+gross (1.0.2-4.1) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * CVE-2023-52159: Stack-based buffer overflow (Closes: #1067115)
+
+ -- Adrian Bunk   Sat, 23 Mar 2024 23:23:34 +0200
+
 gross (1.0.2-4) unstable; urgency=low
 
   * debian/README: fixed a typo (Closes: 670596)
diff -Nru gross-1.0.2/debian/patches/0001-fix-misuse-of-strncat.patch gross-1.0.2/debian/patches/0001-fix-misuse-of-strncat.patch
--- gross-1.0.2/debian/patches/0001-fix-misuse-of-strncat.patch	1970-01-01 02:00:00.0 +0200
+++ gross-1.0.2/debian/patches/0001-fix-misuse-of-strncat.patch	2024-03-23 23:23:34.0 +0200
@@ -0,0 +1,95 @@
+From ec697f4dd5b057ad5af17468dac7955f3d1c03c6 Mon Sep 17 00:00:00 2001
+From: Dmitry Mikhirev 
+Date: Wed, 27 Dec 2023 03:42:29 +0400
+Subject: fix misuse of strncat
+
+---
+ src/gross.c  | 11 ---
+ src/worker.c | 21 -
+ 2 files changed, 20 insertions(+), 12 deletions(-)
+
+diff --git a/src/gross.c b/src/gross.c
+index 6e1a277..f477845 100644
+--- a/src/gross.c
 b/src/gross.c
+@@ -111,7 +111,9 @@ configure_grossd(configlist_t *config)
+ 	configlist_t *cp;
+ 	const char *updatestr;
+ 	struct hostent *host = NULL;
+-	char buffer[MAXLINELEN] = { '\0' };
++	char buffer[MAXLINELEN];
++	char *lineend;
++	size_t len;
+ 	params_t *pp;
+ 
+ 	cp = config;
+@@ -119,11 +121,14 @@ configure_grossd(configlist_t *config)
+ 		while (cp) {
+ 			pp = cp->params;
+ 			*buffer = '\0';
++			lineend = buffer;
++			len = 0;
+ 			while (pp) {
+-strncat(buffer, " ; ", MAXLINELEN - 1);
+-strncat(buffer, pp->value, MAXLINELEN - 1);
++len += snprintf(lineend, MAXLINELEN - len - 1, " ; %s", pp->value);
++lineend = buffer + len;
+ pp = pp->next;
+ 			}
++			buffer[MAXLINELEN - 1] = '\0';
+ 			logstr(GLOG_DEBUG, "config: %s = %s%s", cp->name, cp->value, buffer);
+ 			cp = cp->next;
+ 		}
+diff --git a/src/worker.c b/src/worker.c
+index 24f104b..63c0f06 100644
+--- a/src/worker.c
 b/src/worker.c
+@@ -618,7 +618,8 @@ void
+ querylogwrite(querylog_entry_t *q)
+ {
+ 	char line[MAXLINELEN];
+-	char buffer[MAXLINELEN];
++	size_t len = 0;
++	char *lineend = line;
+ 	char *actionstr;
+ 	check_match_t *m;
+ 
+@@ -655,25 +656,27 @@ querylogwrite(querylog_entry_t *q)
+ 	if (NULL == q->recipient)
+ 		q->recipient = "N/A";
+ 
+-	snprintf(line, MAXLINELEN - 1, "a=%s d=%d w=%d c=%s s=%s r=%s", actionstr, q->delay, q->totalweight,
+-	q->client_ip, q->sender, q->recipient);
++	len += snprintf(line, MAXLINELEN - 1, "a=%s d=%d w=%d c=%s s=%s r=%s", actionstr, q->delay, q->totalweight,  q->client_ip, q->sender, q->recipient);
++	lineend = line +len;
+ 
+ 	if (q->helo) {
+-		snprintf(buffer, MAXLINELEN - 1, " h=%s", q->helo);
+-		strncat(line, buffer, MAXLINELEN - 1);
++		len += snprintf(lineend, MAXLINELEN - len - 1, " h=%s", q->helo);
++		lineend = line + len;
+ 	}
+ 
+ 	m = q->match;
+ 	while (m) {
+-		snprintf(buffer, MAXLINELEN - 1, " m=%s", m->name);
+-		strncat(line, buffer, MAXLINELEN - 1);
++		len += snprintf(lineend, MAXLINELEN - len - 1, " m=%s", m->name);
++		lineend = line + len;
+ 		if (m->weight) {
+-			snprintf(buffer, MAXLINELEN - 1, "%+d", m->weight);
+-			strncat(line, buffer, MAXLINELEN - 1);
++			len += snprintf(lineend, MAXLINELEN - len - 1, "%+d", m->weight);
++			lineend = line + len;
+ 		}
+ 		m = m->next;
+ 	}
+ 
++	line[MAXLINELEN - 1] = '\0';
++
+ 	logstr(GLOG_INFO, "%s", line);
+ }
+ 
+-- 
+2.30.2
+
diff -Nru gross-1.0.2/debian/patches/series gross-1.0.2/debian/patches/series
--- gross-1.0.2/debian/patches/series	2014-10-25 11:07:44.0 +0300
+++ gross-1.0.2/debian/patches/series	2024-03-23 23:23:34.0 +0200
@@ -1,3 +1,4 @@
 0001-fix-manpage-errors.patch
 0003-change-default-user.patch
 0002-remove-getline.patch
+0001-fix-misuse-of-strncat.patch