From e6b234df37db987a8b3e17a91dd4084dc811d894 Mon Sep 17 00:00:00 2001 From: lvfei Date: Thu, 23 May 2024 17:19:31 +0800 Subject: [PATCH] Fix CVE-2024-22857 --- CVE-2024-22857.patch | 28 ++++++++++++++++++++++++++++ zlog.spec | 6 +++++- 2 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 CVE-2024-22857.patch diff --git a/CVE-2024-22857.patch b/CVE-2024-22857.patch new file mode 100644 index 0000000..648eb2c --- /dev/null +++ b/CVE-2024-22857.patch @@ -0,0 +1,28 @@ +From 335d65fc5a9d73580c6663fcb754ddce4e159a61 Mon Sep 17 00:00:00 2001 +From: alirazamumtaz Malwarer Researcher at Ebryx (Pvt.) Ltd +Date: Thu, 25 Apr 2024 13:49:04 +0800 +Subject: [PATCH] CVE-2024-22857 + +--- + src/rule.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/src/rule.c b/src/rule.c +index 473d21f..02a9c08 100644 +--- a/src/rule.c ++++ b/src/rule.c +@@ -890,8 +890,10 @@ zlog_rule_t *zlog_rule_new(char *line, + } + break; + case '$' : +- sscanf(file_path + 1, "%s", a_rule->record_name); +- ++ // read only MAXLEN_PATH characters from the file_path + 1 ++ strncpy(a_rule->record_name, file_path + 1, MAXLEN_PATH); ++ a_rule->record_name[MAXLEN_PATH] = '\0'; ++ + if (file_limit) { /* record path exists */ + p = strchr(file_limit, '"'); + if (!p) { +-- +2.27.0 diff --git a/zlog.spec b/zlog.spec index 9324ac7..2d2dbc4 100644 --- a/zlog.spec +++ b/zlog.spec @@ -1,12 +1,13 @@ Name: zlog Version: 1.2.15 -Release: 3%{?dist} +Release: 4 Summary: A reliable pure C logging library License: LGPLv2.1 URL: http://hardysimpson.github.io/zlog/ Source0: %{name}-%{version}.tar.gz Patch1000: 0001-Fix-stack-buffer-overflow-at-zlog_conf_build_with_fi.patch +Patch1001: CVE-2024-22857.patch BuildRequires: gcc-c++ #Requires: @@ -47,6 +48,9 @@ ln -sf libzlog.so.1.2 '%{buildroot}/%{_libdir}/libzlog.so' %changelog +* Wed Apr 24 2024 lvfei - 1.2.15-4 +- Fix CVE-2024-22857 + * Mon Apr 25 2022 yefeng - 1.2.15-3 - fix the CVE-2021-43521