From c9e64e059c999199bbb8222c58edbb6471513441 Mon Sep 17 00:00:00 2001
From: kylinsecos_admin <gitee@kylinos.com.cn>
Date: Tue, 26 Apr 2022 10:05:32 +0800
Subject: [PATCH] Fix stack-buffer-overflow at zlog_conf_build_with_file

Signed-off-by: kylinsecos_admin <gitee@kylinos.com.cn>
---
 ...-overflow-at-zlog_conf_build_with_fi.patch | 40 +++++++++++++++++++
 zlog.spec                                     |  6 ++-
 2 files changed, 45 insertions(+), 1 deletion(-)
 create mode 100644 0001-Fix-stack-buffer-overflow-at-zlog_conf_build_with_fi.patch

diff --git a/0001-Fix-stack-buffer-overflow-at-zlog_conf_build_with_fi.patch b/0001-Fix-stack-buffer-overflow-at-zlog_conf_build_with_fi.patch
new file mode 100644
index 0000000..7063f36
--- /dev/null
+++ b/0001-Fix-stack-buffer-overflow-at-zlog_conf_build_with_fi.patch
@@ -0,0 +1,40 @@
+From 6c0823454ef075fedacf0b155e088ffc447985d6 Mon Sep 17 00:00:00 2001
+From: yefeng <yefeng@kylinos.com.cn>
+Date: Wed, 20 Apr 2022 13:43:22 +0800
+Subject: [PATCH] Fix stack-buffer-overflow at zlog_conf_build_with_file
+
+    -#53811
+---
+ src/conf.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/conf.c b/src/conf.c
+index a947178..258a59a 100644
+--- a/src/conf.c
++++ b/src/conf.c
+@@ -276,6 +276,7 @@ static int zlog_conf_build_with_file(zlog_conf_t * a_conf)
+ 	 */
+ 	pline = line;
+ 	memset(&line, 0x00, sizeof(line));
++    //循环读取配置文件的一行
+ 	while (fgets((char *)pline, sizeof(line) - (pline - line), fp) != NULL) {
+ 		++line_no;
+ 		line_len = strlen(pline);
+@@ -304,12 +305,13 @@ static int zlog_conf_build_with_file(zlog_conf_t * a_conf)
+ 		for (p = pline + strlen(pline) - 1; isspace((int)*p); --p)
+ 			/*EMPTY*/;
+ 
++        //处理结束符为 '\\' 的特殊情况, 在这种情况下,当前行与下面一行并做一行处理
+ 		if (*p == '\\') {
+ 			if ((p - line) > MAXLEN_CFG_LINE - 30) {
+ 				/* Oops the buffer is full - what now? */
+ 				pline = line;
+ 			} else {
+-				for (p--; isspace((int)*p); --p)
++                for(p--; p >= line && isspace((int)*p); --p)
+ 					/*EMPTY*/;
+ 				p++;
+ 				*p = 0;
+-- 
+2.31.1
+
diff --git a/zlog.spec b/zlog.spec
index fd268c5..f75bb8e 100644
--- a/zlog.spec
+++ b/zlog.spec
@@ -1,11 +1,12 @@
 Name:           zlog
 Version:        1.2.15
-Release:        3
+Release:        4
 Summary:        A reliable pure C logging library
 
 License:        LGPLv2.1
 URL:            http://hardysimpson.github.io/zlog/
 Source0:        %{name}-%{version}.tar.gz
+Patch1000:      0001-Fix-stack-buffer-overflow-at-zlog_conf_build_with_fi.patch
 
 BuildRequires:  gcc-c++
 #Requires:       
@@ -46,6 +47,9 @@ ln -sf libzlog.so.1.2 '%{buildroot}/%{_libdir}/libzlog.so'
 
 
 %changelog
+* Mon Apr 25 2022 yefeng <yefeng@kylinos.com.cn> - 1.2.15-4
+- fix the CVE-2021-43521
+
 * Wed Dec 15 2021 liqiuyu <liqiuyu@kylinos.cn> - 1.2.15-3
 - Remove the release suffix