From 3a04b5a3383c1c58b0b6e7b8a71f90dd9bdd346f Mon Sep 17 00:00:00 2001
From: liningjie <liningjie@xfusion.com>
Date: Tue, 15 Aug 2023 01:01:24 +0800
Subject: [PATCH] fix CVE-2022-48554

(cherry picked from commit 11a644c04924eb5c6c997e123535b8649ab53a7c)
---
 CVE-2022-48554.patch | 34 ++++++++++++++++++++++++++++++++++
 file.spec            |  6 +++++-
 2 files changed, 39 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2022-48554.patch

diff --git a/CVE-2022-48554.patch b/CVE-2022-48554.patch
new file mode 100644
index 0000000..c3dcec8
--- /dev/null
+++ b/CVE-2022-48554.patch
@@ -0,0 +1,34 @@
+From c4d10f78b3946fc32624d78c038e9731ca2ce454 Mon Sep 17 00:00:00 2001
+From: liningjie <liningjie@xfusion.com>
+Date: Tue, 15 Aug 2023 00:54:28 +0800
+Subject: [PATCH] PR/310: p870613: Don't use strlcpy to copy the string, it
+ will try to scan the source string to find out how much space is needed the
+ source string might not be NUL terminated.
+
+---
+ src/funcs.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/src/funcs.c b/src/funcs.c
+index 33c3f85..295fb75 100644
+--- a/src/funcs.c
++++ b/src/funcs.c
+@@ -54,9 +54,12 @@ FILE_RCSID("@(#)$File: funcs.c,v 1.122 2021/06/30 10:08:48 christos Exp $")
+ protected char *
+ file_copystr(char *buf, size_t blen, size_t width, const char *str)
+ {
+-	if (++width > blen)
+-		width = blen;
+-	strlcpy(buf, str, width);
++	if (blen == 0)
++		return buf;
++	if (width >= blen)
++		width = blen - 1;
++	memcpy(buf, str, width);
++	buf[width] = '\0';
+ 	return buf;
+ }
+ 
+-- 
+2.33.0
+
diff --git a/file.spec b/file.spec
index fe6e87f..23e69e5 100644
--- a/file.spec
+++ b/file.spec
@@ -1,6 +1,6 @@
 Name:          file
 Version:       5.41
-Release:       2
+Release:       3
 Summary:       A tool to identify the type of a particular file type
 License:       BSD
 URL:           http://www.darwinsys.com/file/
@@ -8,6 +8,7 @@ Source0:       ftp://ftp.astron.com/pub/file/file-%{version}.tar.gz
 
 Patch1: 0001-file-localmagic.patch
 Patch2: 0002-fix-typos-fxlb.patch
+Patch3: CVE-2022-48554.patch
 
 Requires: %{name}-libs = %{version}-%{release}
 BuildRequires: autoconf automake libtool zlib-devel make
@@ -131,6 +132,9 @@ make -C tests check
 %{python3_sitelib}/__pycache__/*
 
 %changelog
+* Wed Aug 23 2023 liningjie <liningjie@xfusion.com> - 5.41-3
+- fix CVE-2022-48554
+
 * Wed Oct 19 2022 lihaoxiang <lihaoxiang9@huawei.com> - 5.41-2
 - fix typos fxlb
 
-- 
Gitee