[rpms/sblim-sfcc] main: Fix buffer overflows

public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed

From: Vitezslav Crhonek <vcrhonek@redhat.com>
To: git-commits@fedoraproject.org
Subject: [rpms/sblim-sfcc] main: Fix buffer overflows
Date: Tue, 23 Jun 2026 08:05:32 GMT	[thread overview]
Message-ID: <178220193213.1.16777277720679301085.rpms-sblim-sfcc-05794bfb7158@fedoraproject.org> (raw)

A new commit has been pushed.

Repo   : rpms/sblim-sfcc
Branch : main
Commit : 05794bfb71580f7c95223467518c49b87c079aa9
Author : Vitezslav Crhonek <vcrhonek@redhat.com>
Date   : 2026-06-23T10:04:55+02:00
Stats  : +56/-1 in 3 file(s)
URL    : https://src.fedoraproject.org/rpms/sblim-sfcc/c/05794bfb71580f7c95223467518c49b87c079aa9?branch=main

Log:
Fix buffer overflows

---
diff --git a/sblim-sfcc-2.2.8-fix-method-buffer-overflow.patch b/sblim-sfcc-2.2.8-fix-method-buffer-overflow.patch
new file mode 100644
index 0000000..e2c9aaf
--- /dev/null
+++ b/sblim-sfcc-2.2.8-fix-method-buffer-overflow.patch
@@ -0,0 +1,12 @@
+diff -up sblim-sfcc-2.2.8/backend/cimxml/client.c.orig sblim-sfcc-2.2.8/backend/cimxml/client.c
+--- sblim-sfcc-2.2.8/backend/cimxml/client.c.orig	2026-06-22 10:50:59.143792493 +0200
++++ sblim-sfcc-2.2.8/backend/cimxml/client.c	2026-06-22 10:51:08.671738764 +0200
+@@ -412,7 +412,7 @@ static char* genRequest(ClientEnc *cle,
+    con->ft->initializeHeaders(con);
+ 
+    // Add CIMMethod header
+-   strcat(method, op);
++   strncat(method, op, sizeof(method) - strlen(method) - 1);
+    con->mHeaders = curl_slist_append(con->mHeaders, method);
+ 
+    // Add CIMObject header with cop's namespace, class, keys

diff --git a/sblim-sfcc-2.2.8-fix-namespace-buffer-overflow.patch b/sblim-sfcc-2.2.8-fix-namespace-buffer-overflow.patch
new file mode 100644
index 0000000..22a1bee
--- /dev/null
+++ b/sblim-sfcc-2.2.8-fix-namespace-buffer-overflow.patch
@@ -0,0 +1,35 @@
+diff -up sblim-sfcc-2.2.8/backend/cimxml/client.c.orig sblim-sfcc-2.2.8/backend/cimxml/client.c
+--- sblim-sfcc-2.2.8/backend/cimxml/client.c.orig	2026-06-22 09:46:27.984332147 +0200
++++ sblim-sfcc-2.2.8/backend/cimxml/client.c	2026-06-22 09:47:25.770012912 +0200
+@@ -419,13 +419,27 @@ static char* genRequest(ClientEnc *cle,
+    if (classWithKeys)
+        pathToChars(cop, NULL, &CimObject[11], 1);
+    else {
++       size_t remaining = sizeof(CimObject) - strlen(CimObject);
++       char *ptr = CimObject + strlen(CimObject);
++
+        nsc = getNameSpaceComponents(cop);
+        nsp = nsc->ft->getFirst(nsc);
+-       while (nsp != NULL) {
+-	   strcat(CimObject, nsp);
++       while (nsp != NULL && remaining > 0) {
++	   size_t len = snprintf(ptr, remaining, "%s", nsp);
++	   if (len >= remaining) {
++	       /* Would overflow - truncate and break */
++	       free(nsp);
++	       break;
++	   }
++	   ptr += len;
++	   remaining -= len;
+ 	   free(nsp); /* VM: freeing strdup'ed memory - should be part of release */
+-           if ((nsp = nsc->ft->getNext(nsc)) != NULL)
+-	       strcat(CimObject, "%2F");
++           if ((nsp = nsc->ft->getNext(nsc)) != NULL && remaining > 3) {
++	       len = snprintf(ptr, remaining, "%%2F");
++	       if (len >= remaining) break;
++	       ptr += len;
++	       remaining -= len;
++	   }
+        }
+        CMRelease(nsc);
+    }

diff --git a/sblim-sfcc.spec b/sblim-sfcc.spec
index ec7c5b7..6581a9c 100644
--- a/sblim-sfcc.spec
+++ b/sblim-sfcc.spec
@@ -7,7 +7,7 @@
 Summary: Small Footprint CIM Client Library
 Name: sblim-sfcc
 Version: 2.2.8
-Release: 31%{?dist}
+Release: 32%{?dist}
 License: EPL-1.0
 URL: http://www.sblim.org
 Source0: http://downloads.sourceforge.net/project/sblim/%{name}/%{name}-%{version}.tar.bz2
@@ -17,6 +17,10 @@ Patch0: sblim-sfcc-2.2.8-docdir-license.patch
 Patch1: c99.patch
 Patch2: c89.patch
 Patch3: sblim-sfcc-2.2.8-fix-clone-stack-exhaust.patch
+# Patch4: fixes buffer overflow in CIMMethod header handling
+Patch4: sblim-sfcc-2.2.8-fix-method-buffer-overflow.patch
+# Patch5: fixes buffer overflow in CIMObject namespace handling
+Patch5: sblim-sfcc-2.2.8-fix-namespace-buffer-overflow.patch
 BuildRequires: make
 BuildRequires: curl-devel chrpath
 BuildRequires: gcc gcc-c++
@@ -67,6 +71,10 @@ chrpath --delete $RPM_BUILD_ROOT%{_libdir}/libcmpisfcc.so.1.0.0
 %{_libdir}/libcmpisfcc.so
 
 %changelog
+* Tue Jun 23 2026 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.2.8-32
+- Fix buffer overflow in CIMMethod header handling
+- Fix buffer overflow in CIMObject namespace handling
+
 * Wed May 27 2026 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.2.8-31
 - Fix possible __clone() stack exhaustion

                 reply	other threads:[~2026-06-23  8:05 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=178220193213.1.16777277720679301085.rpms-sblim-sfcc-05794bfb7158@fedoraproject.org \
    --to=vcrhonek@redhat.com \
    --cc=git-commits@fedoraproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox