Bug#1068034: bullseye-pu: package gross/1.0.2-4.1~deb11u1

Fri, 29 Mar 2024 14:09:22 -0700 

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian....@packages.debian.org
Usertags: pu
X-Debbugs-Cc: Antonio Radici <anto...@debian.org>, t...@security.debian.org

  * CVE-2023-52159: Stack-based buffer overflow (Closes: #1067115)

This CVE is marked no-dsa.

diffstat for gross-1.0.2 gross-1.0.2

 changelog                                |   14 ++++
 patches/0001-fix-misuse-of-strncat.patch |   95 +++++++++++++++++++++++++++++++
 patches/series                           |    1 
 3 files changed, 110 insertions(+)

diff -Nru gross-1.0.2/debian/changelog gross-1.0.2/debian/changelog
--- gross-1.0.2/debian/changelog        2014-10-25 11:20:12.000000000 +0300
+++ gross-1.0.2/debian/changelog        2024-03-29 23:02:44.000000000 +0200
@@ -1,3 +1,17 @@
+gross (1.0.2-4.1~deb11u1) bullseye; urgency=medium
+
+  * Non-maintainer upload.
+  * Rebuild for bullseye.
+
+ -- Adrian Bunk <b...@debian.org>  Fri, 29 Mar 2024 23:02:44 +0200
+
+gross (1.0.2-4.1) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * CVE-2023-52159: Stack-based buffer overflow (Closes: #1067115)
+
+ -- Adrian Bunk <b...@debian.org>  Sat, 23 Mar 2024 23:23:34 +0200
+
 gross (1.0.2-4) unstable; urgency=low
 
   * debian/README: fixed a typo (Closes: 670596)
diff -Nru gross-1.0.2/debian/patches/0001-fix-misuse-of-strncat.patch 
gross-1.0.2/debian/patches/0001-fix-misuse-of-strncat.patch
--- gross-1.0.2/debian/patches/0001-fix-misuse-of-strncat.patch 1970-01-01 
02:00:00.000000000 +0200
+++ gross-1.0.2/debian/patches/0001-fix-misuse-of-strncat.patch 2024-03-23 
23:23:34.000000000 +0200
@@ -0,0 +1,95 @@
+From ec697f4dd5b057ad5af17468dac7955f3d1c03c6 Mon Sep 17 00:00:00 2001
+From: Dmitry Mikhirev <mikhi...@gmail.com>
+Date: Wed, 27 Dec 2023 03:42:29 +0400
+Subject: fix misuse of strncat
+
+---
+ src/gross.c  | 11 ++++++++---
+ src/worker.c | 21 ++++++++++++---------
+ 2 files changed, 20 insertions(+), 12 deletions(-)
+
+diff --git a/src/gross.c b/src/gross.c
+index 6e1a277..f477845 100644
+--- a/src/gross.c
++++ b/src/gross.c
+@@ -111,7 +111,9 @@ configure_grossd(configlist_t *config)
+       configlist_t *cp;
+       const char *updatestr;
+       struct hostent *host = NULL;
+-      char buffer[MAXLINELEN] = { '\0' };
++      char buffer[MAXLINELEN];
++      char *lineend;
++      size_t len;
+       params_t *pp;
+ 
+       cp = config;
+@@ -119,11 +121,14 @@ configure_grossd(configlist_t *config)
+               while (cp) {
+                       pp = cp->params;
+                       *buffer = '\0';
++                      lineend = buffer;
++                      len = 0;
+                       while (pp) {
+-                              strncat(buffer, " ; ", MAXLINELEN - 1);
+-                              strncat(buffer, pp->value, MAXLINELEN - 1);
++                              len += snprintf(lineend, MAXLINELEN - len - 1, 
" ; %s", pp->value);
++                              lineend = buffer + len;
+                               pp = pp->next;
+                       }
++                      buffer[MAXLINELEN - 1] = '\0';
+                       logstr(GLOG_DEBUG, "config: %s = %s%s", cp->name, 
cp->value, buffer);
+                       cp = cp->next;
+               }
+diff --git a/src/worker.c b/src/worker.c
+index 24f104b..63c0f06 100644
+--- a/src/worker.c
++++ b/src/worker.c
+@@ -618,7 +618,8 @@ void
+ querylogwrite(querylog_entry_t *q)
+ {
+       char line[MAXLINELEN];
+-      char buffer[MAXLINELEN];
++      size_t len = 0;
++      char *lineend = line;
+       char *actionstr;
+       check_match_t *m;
+ 
+@@ -655,25 +656,27 @@ querylogwrite(querylog_entry_t *q)
+       if (NULL == q->recipient)
+               q->recipient = "N/A";
+ 
+-      snprintf(line, MAXLINELEN - 1, "a=%s d=%d w=%d c=%s s=%s r=%s", 
actionstr, q->delay, q->totalweight,
+-          q->client_ip, q->sender, q->recipient);
++      len += snprintf(line, MAXLINELEN - 1, "a=%s d=%d w=%d c=%s s=%s r=%s", 
actionstr, q->delay, q->totalweight,  q->client_ip, q->sender, q->recipient);
++      lineend = line +len;
+ 
+       if (q->helo) {
+-              snprintf(buffer, MAXLINELEN - 1, " h=%s", q->helo);
+-              strncat(line, buffer, MAXLINELEN - 1);
++              len += snprintf(lineend, MAXLINELEN - len - 1, " h=%s", 
q->helo);
++              lineend = line + len;
+       }
+ 
+       m = q->match;
+       while (m) {
+-              snprintf(buffer, MAXLINELEN - 1, " m=%s", m->name);
+-              strncat(line, buffer, MAXLINELEN - 1);
++              len += snprintf(lineend, MAXLINELEN - len - 1, " m=%s", 
m->name);
++              lineend = line + len;
+               if (m->weight) {
+-                      snprintf(buffer, MAXLINELEN - 1, "%+d", m->weight);
+-                      strncat(line, buffer, MAXLINELEN - 1);
++                      len += snprintf(lineend, MAXLINELEN - len - 1, "%+d", 
m->weight);
++                      lineend = line + len;
+               }
+               m = m->next;
+       }
+ 
++      line[MAXLINELEN - 1] = '\0';
++
+       logstr(GLOG_INFO, "%s", line);
+ }
+ 
+-- 
+2.30.2
+
diff -Nru gross-1.0.2/debian/patches/series gross-1.0.2/debian/patches/series
--- gross-1.0.2/debian/patches/series   2014-10-25 11:07:44.000000000 +0300
+++ gross-1.0.2/debian/patches/series   2024-03-23 23:23:34.000000000 +0200
@@ -1,3 +1,4 @@
 0001-fix-manpage-errors.patch
 0003-change-default-user.patch
 0002-remove-getline.patch
+0001-fix-misuse-of-strncat.patch

Reply via email to