file: fix CVE-2022-48554

ignore changes to FILE_RCSID part. (From OE-Core rev: 20b5ead99d4904e70ea22f573bfefec8c6e862a2) Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Chee Yang Lee <chee.yang.lee@intel.com> 2023-09-04 18:18:22 +0800
committer: Steve Sakoman <steve@sakoman.com> 2023-09-08 16:09:41 -1000
commit: 4eb5af2d8a3beeb14b954118ce3d7e87987368a4 (patch)
tree: 03094fb8a6b31f9b71d706d5f9f7ee8cf2fbd438 /meta/recipes-devtools/file
parent: 91ea1ab7c609a178a63a490b60e0aade309d10bb (diff)
download: poky-4eb5af2d8a3beeb14b954118ce3d7e87987368a4.tar.gz
2 files changed, 38 insertions, 1 deletions
diff --git a/meta/recipes-devtools/file/file/CVE-2022-48554.patch b/meta/recipes-devtools/file/file/CVE-2022-48554.patch
new file mode 100644
index 0000000000..c285bd2c23
--- /dev/null
+++ b/meta/recipes-devtools/file/file/CVE-2022-48554.patch
@@ -0,0 +1,35 @@
+CVE:  CVE-2022-48554
+Upstream-Status: Backport [ https://github.com/file/file/commit/497aabb29cd08d2a5aeb63e45798d65fcbe03502 ]
+Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
+From 497aabb29cd08d2a5aeb63e45798d65fcbe03502 Mon Sep 17 00:00:00 2001
+From: Christos Zoulas <christos@zoulas.com>
+Date: Mon, 14 Feb 2022 16:26:10 +0000
+Subject: [PATCH] PR/310: p870613: Don't use strlcpy to copy the string, it
+ will try to scan the source string to find out how much space is needed the
+ source string might not be NUL terminated.
+---
+ src/funcs.c | 11 +++++++----
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+diff --git a/src/funcs.c b/src/funcs.c
+index 89e1da597..dcfd352d2 100644
+--- a/src/funcs.c
+++ b/src/funcs.c
+@@ -54,9 +54,12 @@ FILE_RCSID("@(#)$File: funcs.c,v 1.124 2022/01/10 14:15:08 christos Exp $")
+ protected char *
+ file_copystr(char *buf, size_t blen, size_t width, const char *str)
+ {
+-       if (++width > blen)
+-               width = blen;
+-       strlcpy(buf, str, width);
+       if (blen == 0)
+               return buf;
+       if (width >= blen)
+               width = blen - 1;
+       memcpy(buf, str, width);
+       buf[width] = '\0';
+        return buf;
+ }
+ 
diff --git a/meta/recipes-devtools/file/file_5.41.bb b/meta/recipes-devtools/file/file_5.41.bb
index 653887e97a..6fd4f2c746 100644
--- a/meta/recipes-devtools/file/file_5.41.bb
+++ b/meta/recipes-devtools/file/file_5.41.bb
@@ -11,7 +11,9 @@ LIC_FILES_CHKSUM = "file://COPYING;beginline=2;md5=0251eaec1188b20d9a72c502ecfdd
 DEPENDS = "file-replacement-native"
 DEPENDS:class-native = "bzip2-replacement-native"
-SRC_URI = "git://github.com/file/file.git;branch=master;protocol=https"
+SRC_URI = "git://github.com/file/file.git;branch=master;protocol=https \
+           file://CVE-2022-48554.patch \
+"
 SRCREV = "504206e53a89fd6eed71aeaf878aa3512418eab1"
 S = "${WORKDIR}/git"
author	Chee Yang Lee <chee.yang.lee@intel.com>	2023-09-04 18:18:22 +0800
committer	Steve Sakoman <steve@sakoman.com>	2023-09-08 16:09:41 -1000
commit	4eb5af2d8a3beeb14b954118ce3d7e87987368a4 (patch)
tree	03094fb8a6b31f9b71d706d5f9f7ee8cf2fbd438 /meta/recipes-devtools/file
parent	91ea1ab7c609a178a63a490b60e0aade309d10bb (diff)
download	poky-4eb5af2d8a3beeb14b954118ce3d7e87987368a4.tar.gz

diff --git a/meta/recipes-devtools/file/file/CVE-2022-48554.patch b/meta/recipes-devtools/file/file/CVE-2022-48554.patch new file mode 100644 index 0000000000..c285bd2c23 --- /dev/null +++ b/meta/recipes-devtools/file/file/CVE-2022-48554.patch
@@ -0,0 +1,35 @@
		1	CVE: CVE-2022-48554
		2	Upstream-Status: Backport [ https://github.com/file/file/commit/497aabb29cd08d2a5aeb63e45798d65fcbe03502 ]
		3	Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
		4
		5	From 497aabb29cd08d2a5aeb63e45798d65fcbe03502 Mon Sep 17 00:00:00 2001
		6	From: Christos Zoulas <christos@zoulas.com>
		7	Date: Mon, 14 Feb 2022 16:26:10 +0000
		8	Subject: [PATCH] PR/310: p870613: Don't use strlcpy to copy the string, it
		9	will try to scan the source string to find out how much space is needed the
		10	source string might not be NUL terminated.
		11
		12	---
		13	src/funcs.c \| 11 +++++++----
		14	1 file changed, 6 insertions(+), 3 deletions(-)
		15
		16	diff --git a/src/funcs.c b/src/funcs.c
		17	index 89e1da597..dcfd352d2 100644
		18	--- a/src/funcs.c
		19	+++ b/src/funcs.c
		20	@@ -54,9 +54,12 @@ FILE_RCSID("@(#)$File: funcs.c,v 1.124 2022/01/10 14:15:08 christos Exp $")
		21	protected char *
		22	file_copystr(char buf, size_t blen, size_t width, const char str)
		23	{
		24	- if (++width > blen)
		25	- width = blen;
		26	- strlcpy(buf, str, width);
		27	+ if (blen == 0)
		28	+ return buf;
		29	+ if (width >= blen)
		30	+ width = blen - 1;
		31	+ memcpy(buf, str, width);
		32	+ buf[width] = '\0';
		33	return buf;
		34	}
		35


diff --git a/meta/recipes-devtools/file/file_5.41.bb b/meta/recipes-devtools/file/file_5.41.bb index 653887e97a..6fd4f2c746 100644 --- a/meta/recipes-devtools/file/file_5.41.bb +++ b/meta/recipes-devtools/file/file_5.41.bb
@@ -11,7 +11,9 @@ LIC_FILES_CHKSUM = "file://COPYING;beginline=2;md5=0251eaec1188b20d9a72c502ecfdd
11	DEPENDS = "file-replacement-native"	11	DEPENDS = "file-replacement-native"
12	DEPENDS:class-native = "bzip2-replacement-native"	12	DEPENDS:class-native = "bzip2-replacement-native"
13		13
14	SRC_URI = "git://github.com/file/file.git;branch=master;protocol=https"	14	SRC_URI = "git://github.com/file/file.git;branch=master;protocol=https \
		15	file://CVE-2022-48554.patch \
		16	"
15		17
16	SRCREV = "504206e53a89fd6eed71aeaf878aa3512418eab1"	18	SRCREV = "504206e53a89fd6eed71aeaf878aa3512418eab1"
17	S = "${WORKDIR}/git"	19	S = "${WORKDIR}/git"