rpms/libcap
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Backport fix for CVE-2023-2602 and CVE-2023-2603

Browse Source
This commit is contained in:
Carlos Rodriguez-Fernandez 2023-11-22 08:13:58 -07:00
parent 3d19cbc8ff
commit 8165150b10
No known key found for this signature in database
GPG Key ID: 47EBED05C3375B1F
3 changed files with 65 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
0001-cap_alloc.c-fix-CVE-2023-2603.patch Normal file
View File

@ -0,0 +1,34 @@
From 59bae31a96003840c064573904a4041427df3890 Mon Sep 17 00:00:00 2001
From: Carlos Rodriguez-Fernandez <carlosrodrifernandez@gmail.com>
Date: Wed, 22 Nov 2023 07:53:36 -0700
Subject: [PATCH 1/2] cap_alloc.c:fix CVE-2023-2603
---
libcap/cap_alloc.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/libcap/cap_alloc.c b/libcap/cap_alloc.c
index 6dab4e6..7456d97 100644
--- a/libcap/cap_alloc.c
+++ b/libcap/cap_alloc.c
@@ -81,8 +81,15 @@ char *_libcap_strdup(const char *old)
errno = EINVAL;
return NULL;
}
-
- raw_data = malloc( sizeof(__u32) + strlen(old) + 1 );
+ size_t len;
+ len = strlen(old);
+ if ((len & 0x3fffffff) != len) {
+ _cap_debug("len is too long for libcap to manage");
+ errno = EINVAL;
+ return NULL;
+ }
+ len += sizeof(__u32) + 1;
+ raw_data = malloc(len);
if (raw_data == NULL) {
errno = ENOMEM;
return NULL;
--
2.42.0

25
0002-psx.c-fix-CVE-2023-2602.patch Normal file
View File

@ -0,0 +1,25 @@
From 5abae730d176107642d5d24cc14f27595ca88a69 Mon Sep 17 00:00:00 2001
From: Carlos Rodriguez-Fernandez <carlosrodrifernandez@gmail.com>
Date: Wed, 22 Nov 2023 07:55:04 -0700
Subject: [PATCH 2/2] psx.c:fix CVE-2023-2602
---
psx/psx.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/psx/psx.c b/psx/psx.c
index 4de3653..eec6db8 100644
--- a/psx/psx.c
+++ b/psx/psx.c
@@ -478,7 +478,7 @@ int __wrap_pthread_create(pthread_t *thread, const pthread_attr_t *attr,
pthread_sigmask(SIG_BLOCK, &sigbit, NULL);
int ret = __real_pthread_create(thread, attr, _psx_start_fn, starter);
- if (ret == -1) {
+ if (ret > 0) {
psx_new_state(_PSX_CREATE, _PSX_IDLE);
memset(starter, 0, sizeof(*starter));
free(starter);
--
2.42.0

7
libcap.spec
View File

@ -1,12 +1,14 @@
Name: libcap
Version: 2.48
Release: 7%{?dist}
Release: 8%{?dist}
Summary: Library for getting and setting POSIX.1e capabilities
URL: https://sites.google.com/site/fullycapable/
License: BSD or GPLv2
Source: https://git.kernel.org/pub/scm/libs/libcap/libcap.git/snapshot/%{name}-%{version}.tar.gz
Patch0: libcap-use-compiler-flag-options.patch
Patch1: 0001-cap_alloc.c-fix-CVE-2023-2603.patch
Patch2: 0002-psx.c-fix-CVE-2023-2602.patch
BuildRequires: libattr-devel pam-devel perl-interpreter gcc
BuildRequires: make
@ -83,6 +85,9 @@ chmod +x %{buildroot}/%{_libdir}/*.so.*
%changelog
* Wed Nov 22 2023 Carlos Rodriguez-Fernandez <carlosrodrifernandez@gmail.com> - 2.48-8
- Backport fix for CVE-2023-2602 and CVE-2023-2603
* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.48-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild