Fix CVE-2023-40305

2023-08-29 09:53:21 +08:00 · 2023-08-29 09:53:21 +08:00 · ecd70b66ba
commit ecd70b66ba
parent 6cdfadf98c
3 changed files with 38 additions and 1 deletions
--- a/fix-a-heap-buffer-overwrite-CVE-2023-40305.patch
+++ b/fix-a-heap-buffer-overwrite-CVE-2023-40305.patch
@ -0,0 +1,15 @@
+From: Petr Písař <ppisar@redhat.com>
+Subject: Fix a heap buffer overwrite in search_brace() (CVE-2023-40305)
+Bug-Debian: https://bugs.debian.org/1049366
+Forwarded: https://savannah.gnu.org/bugs/index.php?64503
+
+--- a/src/indent.c
+++ b/src/indent.c
+@@ -228,6 +228,7 @@
+                  * a `dump_line' call, thus ensuring that the brace
+                  * will go into the right column. */
+ 
+                need_chars (&save_com, 2);
+                 *save_com.end++ = EOL;
+                 *save_com.end++ = '{';
+                 save_com.len += 2;
--- a/fix-an-out-of-buffer-read-CVE-2023-40305.patch
+++ b/fix-an-out-of-buffer-read-CVE-2023-40305.patch
@ -0,0 +1,17 @@
+From: Petr Písař <ppisar@redhat.com>
+Subject: Fix an out-of-buffer read in search_brace()/lexi()
+Bug-Debian: https://bugs.debian.org/1049366
+Forwarded: https://savannah.gnu.org/bugs/index.php?64503
+
+--- a/src/indent.c
+++ b/src/indent.c
+@@ -145,8 +145,8 @@
+     parser_state_tos->search_brace = false;
+     bp_save = buf_ptr;
+     be_save = buf_end;
+-    buf_ptr = save_com.ptr;
+     need_chars (&save_com, 1);
+    buf_ptr = save_com.ptr;
+     buf_end = save_com.end;
+     save_com.end = save_com.ptr;        /* make save_com empty */
+ }
--- a/indent.spec
+++ b/indent.spec
@ -2,7 +2,7 @@
 Name: indent
 Summary: A tool to make code easier to read
 Version: 2.2.11
-Release: 28
+Release: 29
 License: GPLv3+
 URL: http://www.gnu.org/software/%{name}/
 Source: http://ftp.gnu.org/gnu/indent/%{name}-%{version}.tar.gz
@ -18,6 +18,8 @@ Patch13: indent-2.2.11-Support-hexadecimal-floats.patch
 Patch14: indent-2.2.11-Modernize-texi2html-arguments.patch
 Patch15: indent-2.2.11-doc-Correct-a-typo-about-enabling-control-comment.patch
 Patch16: indent-2.2.11-Fix-nbdfa-and-nbdfe-typo.patch
+Patch17: fix-an-out-of-buffer-read-CVE-2023-40305.patch
+Patch18: fix-a-heap-buffer-overwrite-CVE-2023-40305.patch

 BuildRequires:  gettext-devel automake gcc autoconf
 BuildRequires:  make coreutils gperf texinfo texi2html
@ -61,6 +63,9 @@ make -C regression
 %exclude %{_infodir}/dir

 %changelog
+* Tue Aug 29 2023 wangkai <13474090681@163.com> - 2.2.11-29
+- Fix CVE-2023-40305
+
 * Thu Sep 10 2020 baizhonggui<baizhonggui@huawei.com> - 2.2.11-28
 - fix source0