From cfec3acb354ad32fd28f7cad8c547fe20f935f4f Mon Sep 17 00:00:00 2001
From: liningjie <liningjie@xfusion.com>
Date: Tue, 15 Aug 2023 01:10:01 +0800
Subject: [PATCH] fix CVE-2022-48554

(cherry picked from commit 68b338132d450e63e5b39390a46efda5603bb8e0)
---
 CVE-2022-48554.patch | 34 ++++++++++++++++++++++++++++++++++
 file.spec            |  6 +++++-
 2 files changed, 39 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2022-48554.patch

diff --git a/CVE-2022-48554.patch b/CVE-2022-48554.patch
new file mode 100644
index 0000000..c3dcec8
--- /dev/null
+++ b/CVE-2022-48554.patch
@@ -0,0 +1,34 @@
+From c4d10f78b3946fc32624d78c038e9731ca2ce454 Mon Sep 17 00:00:00 2001
+From: liningjie <liningjie@xfusion.com>
+Date: Tue, 15 Aug 2023 00:54:28 +0800
+Subject: [PATCH] PR/310: p870613: Don't use strlcpy to copy the string, it
+ will try to scan the source string to find out how much space is needed the
+ source string might not be NUL terminated.
+
+---
+ src/funcs.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/src/funcs.c b/src/funcs.c
+index 33c3f85..295fb75 100644
+--- a/src/funcs.c
++++ b/src/funcs.c
+@@ -54,9 +54,12 @@ FILE_RCSID("@(#)$File: funcs.c,v 1.122 2021/06/30 10:08:48 christos Exp $")
+ protected char *
+ file_copystr(char *buf, size_t blen, size_t width, const char *str)
+ {
+-	if (++width > blen)
+-		width = blen;
+-	strlcpy(buf, str, width);
++	if (blen == 0)
++		return buf;
++	if (width >= blen)
++		width = blen - 1;
++	memcpy(buf, str, width);
++	buf[width] = '\0';
+ 	return buf;
+ }
+ 
+-- 
+2.33.0
+
diff --git a/file.spec b/file.spec
index dad3718..cbde5d5 100644
--- a/file.spec
+++ b/file.spec
@@ -1,6 +1,6 @@
 Name:          file
 Version:       5.39
-Release:       6
+Release:       7
 Summary:       A tool to identify the type of a particular file type
 License:       BSD
 URL:           http://www.darwinsys.com/file/
@@ -8,6 +8,7 @@ Source0:       ftp://ftp.astron.com/pub/file/file-%{version}.tar.gz
 
 Patch1: 0001-file-localmagic.patch
 Patch2: 0002-improve-detection-of-static-pie-binaries.patch 
+Patch3: CVE-2022-48554.patch
 
 Requires: %{name}-libs = %{version}-%{release}
 BuildRequires: autoconf automake libtool zlib-devel
@@ -153,6 +154,9 @@ make check
 %{python3_sitelib}/__pycache__/*
 
 %changelog
+* Wed Aug 23 2023 liningjie <liningjie@xfusion.com> - 5.39-7
+- fix CVE-2022-48554
+
 * Fri Jul 30 2021 chenyanpanHW <chenyanpan@huawei.com> - 5.39-6
 - DESC: delete -S git from %autosetup, and delete BuildRequires git
 
-- 
Gitee