From 488ef30547b239bc04cfdba92ee142bb0f83565e Mon Sep 17 00:00:00 2001 From: lvfei Date: Thu, 25 Apr 2024 16:22:38 +0800 Subject: [PATCH] Fix CVE-2024-22857 (cherry picked from commit d00da9a71a724e5b69ee34179e6d0df32129dd04) --- CVE-2024-22857.patch | 29 +++++++++++++++++++++++++++++ zlog.spec | 6 +++++- 2 files changed, 34 insertions(+), 1 deletion(-) create mode 100644 CVE-2024-22857.patch diff --git a/CVE-2024-22857.patch b/CVE-2024-22857.patch new file mode 100644 index 0000000..a757672 --- /dev/null +++ b/CVE-2024-22857.patch @@ -0,0 +1,29 @@ +From 335d65fc5a9d73580c6663fcb754ddce4e159a61 Mon Sep 17 00:00:00 2001 +From: lvfei +Date: Thu, 25 Apr 2024 13:49:04 +0800 +Subject: [PATCH] CVE-2024-22857 + +--- + src/rule.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/src/rule.c b/src/rule.c +index 473d21f..02a9c08 100644 +--- a/src/rule.c ++++ b/src/rule.c +@@ -890,8 +890,10 @@ zlog_rule_t *zlog_rule_new(char *line, + } + break; + case '$' : +- sscanf(file_path + 1, "%s", a_rule->record_name); +- ++ // read only MAXLEN_PATH characters from the file_path + 1 ++ strncpy(a_rule->record_name, file_path + 1, MAXLEN_PATH); ++ a_rule->record_name[MAXLEN_PATH] = '\0'; ++ + if (file_limit) { /* record path exists */ + p = strchr(file_limit, '"'); + if (!p) { +-- +2.27.0 + diff --git a/zlog.spec b/zlog.spec index e54423d..b7b5ed7 100644 --- a/zlog.spec +++ b/zlog.spec @@ -1,6 +1,6 @@ Name: zlog Version: 1.2.15 -Release: 5 +Release: 6 Summary: A reliable pure C logging library License: LGPLv2.1 @@ -11,6 +11,7 @@ Patch1000: 0001-Fix-stack-buffer-overflow-at-zlog_conf_build_with_fi.patch Patch1001: 0002-feature-mkdir-If-the-output-directory-does-not-exist-5c55d7d4.patch Patch1002: 0001-fix-env-Fix-the-pointer-position-update-error-after--f0d6941b.patch Patch1003: 1012-feature-environment-Ignore-the-rule-when-the-environ-40ea87cd.patch +Patch1004: CVE-2024-22857.patch BuildRequires: gcc-c++ @@ -52,6 +53,9 @@ ln -sf libzlog.so.1.2 '%{buildroot}/%{_libdir}/libzlog.so' %changelog +* Wed Apr 24 2024 lvfei - 1.2.15-6 +- Fix CVE-2024-22857.patch + * Mon Sep 26 2022 tangjie02 - 1.2.15-5 - if the output directory does not exist, it will be created automatically. - fix the pointer position update error after enviroment variable is replaced.