From b27d66c26e6bbc133b62daf1b4778800e5caf254 Mon Sep 17 00:00:00 2001
From: wangshuo <wangshuo@kylinos.cn>
Date: Mon, 6 May 2024 14:52:05 +0800
Subject: [PATCH] fix CVE-2024-25678

(cherry picked from commit a8db88860cd4bbf51252357ea7f325abf8d8c4c8)
---
 fix-CVE-2024-25768.patch | 40 ++++++++++++++++++++++++++++++++++++++++
 opendmarc.spec           |  9 ++++++++-
 2 files changed, 48 insertions(+), 1 deletion(-)
 create mode 100644 fix-CVE-2024-25768.patch

diff --git a/fix-CVE-2024-25768.patch b/fix-CVE-2024-25768.patch
new file mode 100644
index 0000000..ab6a4f7
--- /dev/null
+++ b/fix-CVE-2024-25768.patch
@@ -0,0 +1,40 @@
+From e6e0ceae014f9c8519ed52b9871ca0111b6ec468 Mon Sep 17 00:00:00 2001
+From: wangshuo <wangshuo@kylinos.cn>
+Date: Mon, 6 May 2024 14:32:49 +0800
+Subject: [PATCH] fix CVE-2024-25768
+
+Instead of:
+if (list_buf != NULL || size_of_buf > 0)
+the code at libopendmarc/opendmarc_policy.c#L1478 should be:
+if (list_buf != NULL && size_of_buf > 0)
+
+In the OpenDMARC project, this bug is out of reach,
+as opendmarc_policy_fetch_ruf() is always called with both list_buf = NULL and size_of_buf = 0
+
+opendmarc/opendmarc.c#L3289
+ruv = opendmarc_policy_fetch_ruf(cc->cctx_dmarc, NULL, 0, TRUE);
+
+opendmarc/opendmarc-check.c#L224
+ruf = opendmarc_policy_fetch_ruf(dmarc, NULL, 0, 1);
+
+However, this is a library function and may be used outside of this project in a way that could trigger the bug.
+---
+ libopendmarc/opendmarc_policy.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libopendmarc/opendmarc_policy.c b/libopendmarc/opendmarc_policy.c
+index 32053db..43daedc 100644
+--- a/libopendmarc/opendmarc_policy.c
++++ b/libopendmarc/opendmarc_policy.c
+@@ -1475,7 +1475,7 @@ opendmarc_policy_fetch_ruf(DMARC_POLICY_T *pctx, u_char *list_buf, size_t size_o
+ 	{
+ 		return NULL;
+ 	}
+-	if (list_buf != NULL || size_of_buf > 0)
++	if (list_buf != NULL && size_of_buf > 0)
+ 	{
+ 		(void) memset(list_buf, '\0', size_of_buf);
+ 		sp = list_buf;
+-- 
+2.27.0
+
diff --git a/opendmarc.spec b/opendmarc.spec
index 431bfb1..f9c6cf7 100644
--- a/opendmarc.spec
+++ b/opendmarc.spec
@@ -4,11 +4,12 @@
 Summary: A Domain-based Message Authentication, Reporting & Conformance (DMARC) milter and library
 Name: opendmarc
 Version: 1.4.2
-Release: 2
+Release: 3
 License: BSD and Sendmail
 URL: http://www.trusteddomain.org/%{name}.html
 Source0: https://github.com/trusteddomainproject/OpenDMARC/archive/refs/tags/rel-opendmarc-1-4-2.tar.gz
 Patch01:   opendmarc-1.4.0-ticket159-179.patch
+Patch02:   fix-CVE-2024-25768.patch
 
 
 Requires: lib%{name}%{?_isa} = %{version}-%{release}
@@ -176,6 +177,12 @@ exit 0
 %{_libdir}/*.so
 
 %changelog
+* Mon May 06 2024 wangshuo <wangshuo@kylinos.cn> - 1.4.2-3
+- Type:CVE
+- ID:CVE-2024-25678
+- SUG:NA
+- DESC:fix CVE-2024-25678
+
 * Wed Mar 1 2023 licihua <licihua@huawei.com> - 1.4.2-2
 - DESC:https://gitee.com/src-openeuler/opendmarc/issues/I6IQJM
 
-- 
Gitee