From 81ebea5ddc1b2fc8b875c6a2ca42c267195ce312 Mon Sep 17 00:00:00 2001 From: yixiangzhike Date: Tue, 8 Feb 2022 16:49:14 +0800 Subject: [PATCH 1/2] Fix CVE-2021-45417 --- aide.spec | 9 +- ...late-buffer-size-in-base64-functions.patch | 123 ++++++++++++++++++ 2 files changed, 131 insertions(+), 1 deletion(-) create mode 100644 backport-CVE-2021-45417-Precalculate-buffer-size-in-base64-functions.patch diff --git a/aide.spec b/aide.spec index 7a9f199..d97444d 100644 --- a/aide.spec +++ b/aide.spec @@ -1,6 +1,6 @@ Name: aide Version: 0.16.2 -Release: 1 +Release: 2 Summary: Advanced Intrusion Detection Environment License: GPLv2+ URL: http://sourceforge.net/projects/aide @@ -12,6 +12,7 @@ BuildRequires: gcc make bison flex pcre-devel libgpg-error-devel libgcrypt-deve BuildRequires: libacl-devel libselinux-devel libattr-devel e2fsprogs-devel audit-libs-devel git Patch0: aide-define_hash_use_gcrypt.patch +Patch1: backport-CVE-2021-45417-Precalculate-buffer-size-in-base64-functions.patch %description AIDE (Advanced Intrusion Detection Environment, [eyd]) is a file and directory integrity checker. @@ -59,6 +60,12 @@ mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide %{_mandir}/*/* %changelog +* Tue Feb 8 2022 yixiangzhike - 0.16.2-2 +- Type:CVE +- ID:CVE-2021-45417 +- SUG:NA +- DESC: fix CVE-2021-45417 + * Thu Aug 6 2020 wangchen - 0.16.2-1 - Type:enhancement - ID:NA diff --git a/backport-CVE-2021-45417-Precalculate-buffer-size-in-base64-functions.patch b/backport-CVE-2021-45417-Precalculate-buffer-size-in-base64-functions.patch new file mode 100644 index 0000000..1752df3 --- /dev/null +++ b/backport-CVE-2021-45417-Precalculate-buffer-size-in-base64-functions.patch @@ -0,0 +1,123 @@ +diff --git a/include/base64.h b/include/base64.h +index 0ff7116..381ef5d 100644 +--- a/include/base64.h ++++ b/include/base64.h +@@ -36,7 +36,6 @@ + #include + #include "types.h" + +-#define B64_BUF 16384 + #define FAIL -1 + #define SKIP -2 + +diff --git a/src/base64.c b/src/base64.c +index fd01bac..1b0f301 100644 +--- a/src/base64.c ++++ b/src/base64.c +@@ -85,11 +85,9 @@ FAIL, FAIL, FAIL, FAIL, FAIL, FAIL, FAIL, FAIL + }; + + /* Returns NULL on error */ +-/* FIXME Possible buffer overflow on outputs larger than B64_BUF */ + char* encode_base64(byte* src,size_t ssize) + { + char* outbuf; +- char* retbuf; + int pos; + int i, l, left; + unsigned long triple; +@@ -101,7 +99,10 @@ char* encode_base64(byte* src,size_t ssize) + error(240,"\n"); + return NULL; + } +- outbuf = (char *)malloc(sizeof(char)*B64_BUF); ++ ++ /* length of encoded base64 string (padded) */ ++ size_t length = sizeof(char)* ((ssize + 2) / 3) * 4; ++ outbuf = (char *)malloc(length + 1); + + /* Initialize working pointers */ + inb = src; +@@ -162,20 +163,14 @@ char* encode_base64(byte* src,size_t ssize) + inb++; + } + +- /* outbuf is not completely used so we use retbuf */ +- retbuf=(char*)malloc(sizeof(char)*(pos+1)); +- memcpy(retbuf,outbuf,pos); +- retbuf[pos]='\0'; +- free(outbuf); ++ outbuf[pos]='\0'; + +- return retbuf; ++ return outbuf; + } + +-/* FIXME Possible buffer overflow on outputs larger than B64_BUF */ + byte* decode_base64(char* src,size_t ssize, size_t *ret_len) + { + byte* outbuf; +- byte* retbuf; + char* inb; + int i; + int l; +@@ -188,10 +183,18 @@ byte* decode_base64(char* src,size_t ssize, size_t *ret_len) + if (!ssize||src==NULL) + return NULL; + ++ /* exit on unpadded input */ ++ if (ssize % 4) { ++ error(3, "decode_base64: '%s' has invalid length (missing padding characters?)", src); ++ return NULL; ++ } ++ ++ /* calculate length of decoded string, substract padding chars if any (ssize is >= 4) */ ++ size_t length = sizeof(byte) * ((ssize / 4) * 3)- (src[ssize-1] == '=') - (src[ssize-2] == '='); + + /* Initialize working pointers */ + inb = src; +- outbuf = (byte *)malloc(sizeof(byte)*B64_BUF); ++ outbuf = (byte *)malloc(length + 1); + + l = 0; + triple = 0; +@@ -243,15 +246,11 @@ byte* decode_base64(char* src,size_t ssize, size_t *ret_len) + inb++; + } + +- retbuf=(byte*)malloc(sizeof(byte)*(pos+1)); +- memcpy(retbuf,outbuf,pos); +- retbuf[pos]='\0'; +- +- free(outbuf); ++ outbuf[pos]='\0'; + + if (ret_len) *ret_len = pos; + +- return retbuf; ++ return outbuf; + } + + size_t length_base64(char* src,size_t ssize) +diff --git a/src/db.c b/src/db.c +index 858240d..62c4faa 100644 +--- a/src/db.c ++++ b/src/db.c +@@ -664,13 +664,15 @@ db_line* db_char2line(char** ss,int db){ + + time_t base64totime_t(char* s){ + ++ if(strcmp(s,"0")==0){ ++ return 0; ++ } + byte* b=decode_base64(s,strlen(s),NULL); + char* endp; + +- if (b==NULL||strcmp(s,"0")==0) { ++ if (b==NULL) { + + /* Should we print error here? */ +- free(b); + + return 0; + } else { -- Gitee From 10d5e237878a632019feedac78bb0314208e116b Mon Sep 17 00:00:00 2001 From: yixiangzhike Date: Mon, 27 Jun 2022 18:05:41 +0800 Subject: [PATCH 2/2] fix display issue and reporting to http/https/ftp Signed-off-by: yixiangzhike --- aide-fix-display-issue.patch | 26 +++++++++++++++++++ aide-fix-reporting-to-http-https-ftp.patch | 30 ++++++++++++++++++++++ aide.spec | 11 +++++++- 3 files changed, 66 insertions(+), 1 deletion(-) create mode 100644 aide-fix-display-issue.patch create mode 100644 aide-fix-reporting-to-http-https-ftp.patch diff --git a/aide-fix-display-issue.patch b/aide-fix-display-issue.patch new file mode 100644 index 0000000..fb24158 --- /dev/null +++ b/aide-fix-display-issue.patch @@ -0,0 +1,26 @@ +From c10bb049afc4d02bd9bf99bca9f1cdd38af4cc8b Mon Sep 17 00:00:00 2001 +From: guiyao +Date: Mon, 27 Jun 2022 17:39:58 +0800 +Subject: [PATCH] fix display issue + +--- + src/compare_db.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/compare_db.c b/src/compare_db.c +index 39b52ed..de7c682 100644 +--- a/src/compare_db.c ++++ b/src/compare_db.c +@@ -687,6 +687,9 @@ static void print_report_header() { + } else { + error(0,_("\nNumber of entries:\t%li"), ntotal); + } ++ if(conf->verbose_level<2){ ++ error(0,_("\n")); ++ } + } + + static void print_report_databases() { +-- +1.8.3.1 + diff --git a/aide-fix-reporting-to-http-https-ftp.patch b/aide-fix-reporting-to-http-https-ftp.patch new file mode 100644 index 0000000..029f25b --- /dev/null +++ b/aide-fix-reporting-to-http-https-ftp.patch @@ -0,0 +1,30 @@ +From 8e2c349b3921b47b9e1163a583cfd24141cb5532 Mon Sep 17 00:00:00 2001 +From: guiyao +Date: Mon, 27 Jun 2022 17:45:34 +0800 +Subject: [PATCH] disable reporting to http https ftp + +--- + src/error.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/src/error.c b/src/error.c +index 21533d2..eaac426 100644 +--- a/src/error.c ++++ b/src/error.c +@@ -49,7 +49,12 @@ int error_init(url_t* url,int initial) + list* r=NULL; + FILE* fh=NULL; + int sfac; +- ++ ++ if (url->type == url_http || url->type==url_https || url->type==url_ftp){ ++ error(0,_("This binary has no http/https/ftp support\n")); ++ exit(INVALID_ARGUMENT_ERROR); ++ } ++ + if (url->type==url_database) { + conf->report_db++; + return RETOK; +-- +1.8.3.1 + diff --git a/aide.spec b/aide.spec index d97444d..88679a7 100644 --- a/aide.spec +++ b/aide.spec @@ -1,6 +1,6 @@ Name: aide Version: 0.16.2 -Release: 2 +Release: 3 Summary: Advanced Intrusion Detection Environment License: GPLv2+ URL: http://sourceforge.net/projects/aide @@ -13,6 +13,8 @@ BuildRequires: libacl-devel libselinux-devel libattr-devel e2fsprogs-devel audi Patch0: aide-define_hash_use_gcrypt.patch Patch1: backport-CVE-2021-45417-Precalculate-buffer-size-in-base64-functions.patch +Patch2: aide-fix-display-issue.patch +Patch3: aide-fix-reporting-to-http-https-ftp.patch %description AIDE (Advanced Intrusion Detection Environment, [eyd]) is a file and directory integrity checker. @@ -60,6 +62,13 @@ mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide %{_mandir}/*/* %changelog +* Mon Jun 27 2022 yixiangzhike - 0.16.2-3 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC: fix display issue + fix reporting to http/https/ftp + * Tue Feb 8 2022 yixiangzhike - 0.16.2-2 - Type:CVE - ID:CVE-2021-45417 -- Gitee