Bug#1068033: bookworm-pu: package gross/1.0.2-4.1~deb12u1

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1068033: bookworm-pu: package gross/1.0.2-4.1~deb12u1
From: Adrian Bunk <bunk@debian.org>
Date: Fri, 29 Mar 2024 23:07:17 +0200
Message-id: <[🔎] 171174643778.16462.12085483614495482141.reportbug@localhost>
Reply-to: Adrian Bunk <bunk@debian.org>, 1068033@bugs.debian.org

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: Antonio Radici <antonio@debian.org>, team@security.debian.org

  * CVE-2023-52159: Stack-based buffer overflow (Closes: #1067115)

This CVE is marked no-dsa.

Building with the bookworm debhelper adds a preinst due to #1021027.

diffstat for gross-1.0.2 gross-1.0.2

 changelog                                |   14 ++++
 patches/0001-fix-misuse-of-strncat.patch |   95 +++++++++++++++++++++++++++++++
 patches/series                           |    1 
 3 files changed, 110 insertions(+)

diff -Nru gross-1.0.2/debian/changelog gross-1.0.2/debian/changelog
--- gross-1.0.2/debian/changelog	2014-10-25 11:20:12.000000000 +0300
+++ gross-1.0.2/debian/changelog	2024-03-29 22:52:55.000000000 +0200
@@ -1,3 +1,17 @@
+gross (1.0.2-4.1~deb12u1) bookworm; urgency=medium
+
+  * Non-maintainer upload.
+  * Rebuild for bookworm.
+
+ -- Adrian Bunk <bunk@debian.org>  Fri, 29 Mar 2024 22:52:55 +0200
+
+gross (1.0.2-4.1) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * CVE-2023-52159: Stack-based buffer overflow (Closes: #1067115)
+
+ -- Adrian Bunk <bunk@debian.org>  Sat, 23 Mar 2024 23:23:34 +0200
+
 gross (1.0.2-4) unstable; urgency=low
 
   * debian/README: fixed a typo (Closes: 670596)
diff -Nru gross-1.0.2/debian/patches/0001-fix-misuse-of-strncat.patch gross-1.0.2/debian/patches/0001-fix-misuse-of-strncat.patch
--- gross-1.0.2/debian/patches/0001-fix-misuse-of-strncat.patch	1970-01-01 02:00:00.000000000 +0200
+++ gross-1.0.2/debian/patches/0001-fix-misuse-of-strncat.patch	2024-03-23 23:23:34.000000000 +0200
@@ -0,0 +1,95 @@
+From ec697f4dd5b057ad5af17468dac7955f3d1c03c6 Mon Sep 17 00:00:00 2001
+From: Dmitry Mikhirev <mikhirev@gmail.com>
+Date: Wed, 27 Dec 2023 03:42:29 +0400
+Subject: fix misuse of strncat
+
+---
+ src/gross.c  | 11 ++++++++---
+ src/worker.c | 21 ++++++++++++---------
+ 2 files changed, 20 insertions(+), 12 deletions(-)
+
+diff --git a/src/gross.c b/src/gross.c
+index 6e1a277..f477845 100644
+--- a/src/gross.c
++++ b/src/gross.c
+@@ -111,7 +111,9 @@ configure_grossd(configlist_t *config)
+ 	configlist_t *cp;
+ 	const char *updatestr;
+ 	struct hostent *host = NULL;
+-	char buffer[MAXLINELEN] = { '\0' };
++	char buffer[MAXLINELEN];
++	char *lineend;
++	size_t len;
+ 	params_t *pp;
+ 
+ 	cp = config;
+@@ -119,11 +121,14 @@ configure_grossd(configlist_t *config)
+ 		while (cp) {
+ 			pp = cp->params;
+ 			*buffer = '\0';
++			lineend = buffer;
++			len = 0;
+ 			while (pp) {
+-				strncat(buffer, " ; ", MAXLINELEN - 1);
+-				strncat(buffer, pp->value, MAXLINELEN - 1);
++				len += snprintf(lineend, MAXLINELEN - len - 1, " ; %s", pp->value);
++				lineend = buffer + len;
+ 				pp = pp->next;
+ 			}
++			buffer[MAXLINELEN - 1] = '\0';
+ 			logstr(GLOG_DEBUG, "config: %s = %s%s", cp->name, cp->value, buffer);
+ 			cp = cp->next;
+ 		}
+diff --git a/src/worker.c b/src/worker.c
+index 24f104b..63c0f06 100644
+--- a/src/worker.c
++++ b/src/worker.c
+@@ -618,7 +618,8 @@ void
+ querylogwrite(querylog_entry_t *q)
+ {
+ 	char line[MAXLINELEN];
+-	char buffer[MAXLINELEN];
++	size_t len = 0;
++	char *lineend = line;
+ 	char *actionstr;
+ 	check_match_t *m;
+ 
+@@ -655,25 +656,27 @@ querylogwrite(querylog_entry_t *q)
+ 	if (NULL == q->recipient)
+ 		q->recipient = "N/A";
+ 
+-	snprintf(line, MAXLINELEN - 1, "a=%s d=%d w=%d c=%s s=%s r=%s", actionstr, q->delay, q->totalweight,
+-	    q->client_ip, q->sender, q->recipient);
++	len += snprintf(line, MAXLINELEN - 1, "a=%s d=%d w=%d c=%s s=%s r=%s", actionstr, q->delay, q->totalweight,  q->client_ip, q->sender, q->recipient);
++	lineend = line +len;
+ 
+ 	if (q->helo) {
+-		snprintf(buffer, MAXLINELEN - 1, " h=%s", q->helo);
+-		strncat(line, buffer, MAXLINELEN - 1);
++		len += snprintf(lineend, MAXLINELEN - len - 1, " h=%s", q->helo);
++		lineend = line + len;
+ 	}
+ 
+ 	m = q->match;
+ 	while (m) {
+-		snprintf(buffer, MAXLINELEN - 1, " m=%s", m->name);
+-		strncat(line, buffer, MAXLINELEN - 1);
++		len += snprintf(lineend, MAXLINELEN - len - 1, " m=%s", m->name);
++		lineend = line + len;
+ 		if (m->weight) {
+-			snprintf(buffer, MAXLINELEN - 1, "%+d", m->weight);
+-			strncat(line, buffer, MAXLINELEN - 1);
++			len += snprintf(lineend, MAXLINELEN - len - 1, "%+d", m->weight);
++			lineend = line + len;
+ 		}
+ 		m = m->next;
+ 	}
+ 
++	line[MAXLINELEN - 1] = '\0';
++
+ 	logstr(GLOG_INFO, "%s", line);
+ }
+ 
+-- 
+2.30.2
+
diff -Nru gross-1.0.2/debian/patches/series gross-1.0.2/debian/patches/series
--- gross-1.0.2/debian/patches/series	2014-10-25 11:07:44.000000000 +0300
+++ gross-1.0.2/debian/patches/series	2024-03-23 23:23:34.000000000 +0200
@@ -1,3 +1,4 @@
 0001-fix-manpage-errors.patch
 0003-change-default-user.patch
 0002-remove-getline.patch
+0001-fix-misuse-of-strncat.patch

Reply to:

Prev by Date: Bug#1068034: bullseye-pu: package gross/1.0.2-4.1~deb11u1
Next by Date: Bug#1059535: transition: abseil
Previous by thread: Bug#1068034: bullseye-pu: package gross/1.0.2-4.1~deb11u1
Next by thread: Re: Upcoming stable point release (12.6)
Index(es):
- Date
- Thread