From 7bf75d58ae7ce085ef40209e6edd7221b807583e Mon Sep 17 00:00:00 2001 From: yixiangzhike Date: Thu, 22 May 2025 15:05:28 +0800 Subject: [PATCH] Fix potential buffer overflow via fscanf --- ...potential-buffer-overflow-via-fscanf.patch | 53 +++++++++++++++++++ libtasn1.spec | 6 ++- 2 files changed, 58 insertions(+), 1 deletion(-) create mode 100644 backport-Fix-potential-buffer-overflow-via-fscanf.patch diff --git a/backport-Fix-potential-buffer-overflow-via-fscanf.patch b/backport-Fix-potential-buffer-overflow-via-fscanf.patch new file mode 100644 index 0000000..6829ff1 --- /dev/null +++ b/backport-Fix-potential-buffer-overflow-via-fscanf.patch @@ -0,0 +1,53 @@ +From c1a4b3f179e6e8bf42ba5fe8d8a49fc4c042699f Mon Sep 17 00:00:00 2001 +From: Simo Sorce +Date: Tue, 11 May 2021 14:24:15 -0400 +Subject: [PATCH] Fix potential buffer overflow via fscanf + +Scanner Output +-------------- +Error: DC.STREAM_BUFFER (CWE-120): [#def4] +libtasn1-4.16.0/src/asn1Coding.c:75: dont_call: "fscanf" assumes an arbitrarily long string, so callers must use correct precision specifiers or never use "fscanf". +libtasn1-4.16.0/src/asn1Coding.c:75: remediation: Use correct precision specifiers or implement your own parsing. + # 73| int ret; + # 74| + # 75|-> ret = fscanf (file, "%s", varName); + # 76| if (ret == EOF) + # 77| return ASSIGNMENT_EOF; + +Error: DC.STREAM_BUFFER (CWE-120): [#def5] +libtasn1-4.16.0/src/asn1Coding.c:81: dont_call: "fscanf" assumes an arbitrarily long string, so callers must use correct precision specifiers or never use "fscanf". +libtasn1-4.16.0/src/asn1Coding.c:81: remediation: Use correct precision specifiers or implement your own parsing. + # 79| varName[0] = 0; + # 80| + # 81|-> ret = fscanf (file, "%s", value); + # 82| if (ret == EOF) + # 83| return ASSIGNMENT_ERROR; + +Signed-off-by: Simo Sorce +--- + src/asn1Coding.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/asn1Coding.c b/src/asn1Coding.c +index 381a1c3..9b54a75 100644 +--- a/src/asn1Coding.c ++++ b/src/asn1Coding.c +@@ -72,13 +72,13 @@ readAssignment (FILE * file, char *varName, char *value) + + int ret; + +- ret = fscanf (file, "%s", varName); ++ ret = fscanf (file, "%1023s", varName); + if (ret == EOF) + return ASSIGNMENT_EOF; + if (!strcmp (varName, "''")) + varName[0] = 0; + +- ret = fscanf (file, "%s", value); ++ ret = fscanf (file, "%1023s", value); + if (ret == EOF) + return ASSIGNMENT_ERROR; + +-- +2.43.0 + diff --git a/libtasn1.spec b/libtasn1.spec index dac10e4..61c9dff 100644 --- a/libtasn1.spec +++ b/libtasn1.spec @@ -1,7 +1,7 @@ Summary: Libtasn1 is a ASN.1 parsing library Name: libtasn1 Version: 4.16.0 -Release: 3 +Release: 4 # The libtasn1 library is LGPLv2+, utilities are GPLv3+ License: GPLv3+ and LGPLv2+ @@ -13,6 +13,7 @@ Patch0: fix-memleaks-in-asn1-arrat2tree.patch Patch1: backport-CVE-2021-46848-Fix-ETYPE_OK-off-by-one-array-size-check-Closes-32.patch Patch2: backport-CVE-2024-12133-part1.patch Patch3: backport-CVE-2024-12133-part2.patch +Patch4: backport-Fix-potential-buffer-overflow-via-fscanf.patch BuildRequires: gcc, autoconf, automake, libtool, gnupg2, bison, pkgconfig, help2man, valgrind-devel Provides: bundled(gnulib) = 20130324 @@ -83,6 +84,9 @@ test "$1" = 0 -a -f %_infodir/%name.info.gz && \ %{_infodir}/*.info.* %changelog +* Thu May 22 2025 yixiangzhike - 4.16.0-4 +- backport upstream patch to fix potential buffer overflow via fscanf + * Fri Feb 07 2025 Funda Wang - 4.16.0-3 - fix CVE-2024-12133 -- Gitee