fix possible buffer overflow in get_path

Signed-off-by: weiyaping <weiyaping@xfusion.com>

0001-fix-possible-buffer-overflow-in-get_path.patch

@@ -0,0 +1,27 @@
+From 6382711e9b0060bbd0408df512e48b2ce9cdb3be Mon Sep 17 00:00:00 2001
+From: William Hubbs <w.d.hubbs@gmail.com>
+Date: Tue, 22 Jun 2010 14:16:45 -0500
+Subject: [PATCH] fix possible buffer overflow in get_path
+
+If a pathname is longer than CFG_MAX_FILENAME, there was a possible
+buffer overflow when copying the path name.
+---
+ src/dotconf.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/dotconf.c b/src/dotconf.c
+index af553b3..7ba2001 100644
+--- a/src/dotconf.c
++++ b/src/dotconf.c
+@@ -1440,7 +1440,7 @@ char *get_path(char *name)
+ 	} else {
+ 		len = tmp - name + 1;
+ 		if (len > CFG_MAX_FILENAME)
+-			len -= 1;
++			len = CFG_MAX_FILENAME;
+ 	}
+ 		snprintf(buf, len, "%s", name);
+ 	return buf;
+-- 
+2.42.0.windows.2
+

dotconf.spec

@@ -1,12 +1,14 @@
 Name:           dotconf
 Version:        1.3
-Release:        23
+Release:        24
 Summary:        A configuration file parser
 License:        LGPLv2
 URL:            https://github.com/williamh/dotconf
 Source:         https://github.com/williamh/dotconf/archive/v%{version}.tar.gz
 BuildRequires:  findutils glibc-common make autoconf automake libtool
 
+Patch0001:      0001-fix-possible-buffer-overflow-in-get_path.patch
+
 %description
 The dotconf package contains a library used to handle configuration
 files.
@@ -62,6 +64,9 @@ mv %{buildroot}/%{_docdir}/%{name} __doc_dir
 %doc __doc_dir/*
 
 %changelog
+* Tue Dec 19 2023 liubo <liubo1@xfusion.com> - 1.3-24
+- fix possible buffer overflow in get_path
+
 * Thu Sep 17 2020 liuweibo <liuweibo10@huawei.com> - 1.3-23
 - Fix Source0