rpms
/
libcap
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
libcap/0001-cap_alloc.c-fix-CVE-20...

35 lines
931 B
Diff
Raw Permalink Blame History

From 59bae31a96003840c064573904a4041427df3890 Mon Sep 17 00:00:00 2001
From: Carlos Rodriguez-Fernandez <carlosrodrifernandez@gmail.com>
Date: Wed, 22 Nov 2023 07:53:36 -0700
Subject: [PATCH 1/2] cap_alloc.c:fix CVE-2023-2603
---
libcap/cap_alloc.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/libcap/cap_alloc.c b/libcap/cap_alloc.c
index 6dab4e6..7456d97 100644
--- a/libcap/cap_alloc.c
+++ b/libcap/cap_alloc.c
@@ -81,8 +81,15 @@ char *_libcap_strdup(const char *old)
errno = EINVAL;
return NULL;
}
-
- raw_data = malloc( sizeof(__u32) + strlen(old) + 1 );
+ size_t len;
+ len = strlen(old);
+ if ((len & 0x3fffffff) != len) {
+ _cap_debug("len is too long for libcap to manage");
+ errno = EINVAL;
+ return NULL;
+ }
+ len += sizeof(__u32) + 1;
+ raw_data = malloc(len);
if (raw_data == NULL) {
errno = ENOMEM;
return NULL;
--
2.42.0
Reference in New Issue View Git Blame Copy Permalink