35 lines
931 B
Diff
35 lines
931 B
Diff
From 59bae31a96003840c064573904a4041427df3890 Mon Sep 17 00:00:00 2001
|
|
From: Carlos Rodriguez-Fernandez <carlosrodrifernandez@gmail.com>
|
|
Date: Wed, 22 Nov 2023 07:53:36 -0700
|
|
Subject: [PATCH 1/2] cap_alloc.c:fix CVE-2023-2603
|
|
|
|
---
|
|
libcap/cap_alloc.c | 11 +++++++++--
|
|
1 file changed, 9 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/libcap/cap_alloc.c b/libcap/cap_alloc.c
|
|
index 6dab4e6..7456d97 100644
|
|
--- a/libcap/cap_alloc.c
|
|
+++ b/libcap/cap_alloc.c
|
|
@@ -81,8 +81,15 @@ char *_libcap_strdup(const char *old)
|
|
errno = EINVAL;
|
|
return NULL;
|
|
}
|
|
-
|
|
- raw_data = malloc( sizeof(__u32) + strlen(old) + 1 );
|
|
+ size_t len;
|
|
+ len = strlen(old);
|
|
+ if ((len & 0x3fffffff) != len) {
|
|
+ _cap_debug("len is too long for libcap to manage");
|
|
+ errno = EINVAL;
|
|
+ return NULL;
|
|
+ }
|
|
+ len += sizeof(__u32) + 1;
|
|
+ raw_data = malloc(len);
|
|
if (raw_data == NULL) {
|
|
errno = ENOMEM;
|
|
return NULL;
|
|
--
|
|
2.42.0
|
|
|