[rpms/sblim-sfcc] main: Fix buffer overflows

public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed

* [rpms/sblim-sfcc] main: Fix buffer overflows
@ 2026-06-23  8:05 Vitezslav Crhonek
  0 siblings, 0 replies; only message in thread
From: Vitezslav Crhonek @ 2026-06-23  8:05 UTC (permalink / raw)
  To: git-commits

A new commit has been pushed.

Repo   : rpms/sblim-sfcc
Branch : main
Commit : 05794bfb71580f7c95223467518c49b87c079aa9
Author : Vitezslav Crhonek <vcrhonek@redhat.com>
Date   : 2026-06-23T10:04:55+02:00
Stats  : +56/-1 in 3 file(s)
URL    : https://src.fedoraproject.org/rpms/sblim-sfcc/c/05794bfb71580f7c95223467518c49b87c079aa9?branch=main

Log:
Fix buffer overflows

---
diff --git a/sblim-sfcc-2.2.8-fix-method-buffer-overflow.patch b/sblim-sfcc-2.2.8-fix-method-buffer-overflow.patch
new file mode 100644
index 0000000..e2c9aaf
--- /dev/null
+++ b/sblim-sfcc-2.2.8-fix-method-buffer-overflow.patch
@@ -0,0 +1,12 @@
+diff -up sblim-sfcc-2.2.8/backend/cimxml/client.c.orig sblim-sfcc-2.2.8/backend/cimxml/client.c
+--- sblim-sfcc-2.2.8/backend/cimxml/client.c.orig	2026-06-22 10:50:59.143792493 +0200
++++ sblim-sfcc-2.2.8/backend/cimxml/client.c	2026-06-22 10:51:08.671738764 +0200
+@@ -412,7 +412,7 @@ static char* genRequest(ClientEnc *cle,
+    con->ft->initializeHeaders(con);
+ 
+    // Add CIMMethod header
+-   strcat(method, op);
++   strncat(method, op, sizeof(method) - strlen(method) - 1);
+    con->mHeaders = curl_slist_append(con->mHeaders, method);
+ 
+    // Add CIMObject header with cop's namespace, class, keys

diff --git a/sblim-sfcc-2.2.8-fix-namespace-buffer-overflow.patch b/sblim-sfcc-2.2.8-fix-namespace-buffer-overflow.patch
new file mode 100644
index 0000000..22a1bee
--- /dev/null
+++ b/sblim-sfcc-2.2.8-fix-namespace-buffer-overflow.patch
@@ -0,0 +1,35 @@
+diff -up sblim-sfcc-2.2.8/backend/cimxml/client.c.orig sblim-sfcc-2.2.8/backend/cimxml/client.c
+--- sblim-sfcc-2.2.8/backend/cimxml/client.c.orig	2026-06-22 09:46:27.984332147 +0200
++++ sblim-sfcc-2.2.8/backend/cimxml/client.c	2026-06-22 09:47:25.770012912 +0200
+@@ -419,13 +419,27 @@ static char* genRequest(ClientEnc *cle,
+    if (classWithKeys)
+        pathToChars(cop, NULL, &CimObject[11], 1);
+    else {
++       size_t remaining = sizeof(CimObject) - strlen(CimObject);
++       char *ptr = CimObject + strlen(CimObject);
++
+        nsc = getNameSpaceComponents(cop);
+        nsp = nsc->ft->getFirst(nsc);
+-       while (nsp != NULL) {
+-	   strcat(CimObject, nsp);
++       while (nsp != NULL && remaining > 0) {
++	   size_t len = snprintf(ptr, remaining, "%s", nsp);
++	   if (len >= remaining) {
++	       /* Would overflow - truncate and break */
++	       free(nsp);
++	       break;
++	   }
++	   ptr += len;
++	   remaining -= len;
+ 	   free(nsp); /* VM: freeing strdup'ed memory - should be part of release */
+-           if ((nsp = nsc->ft->getNext(nsc)) != NULL)
+-	       strcat(CimObject, "%2F");
++           if ((nsp = nsc->ft->getNext(nsc)) != NULL && remaining > 3) {
++	       len = snprintf(ptr, remaining, "%%2F");
++	       if (len >= remaining) break;
++	       ptr += len;
++	       remaining -= len;
++	   }
+        }
+        CMRelease(nsc);
+    }

diff --git a/sblim-sfcc.spec b/sblim-sfcc.spec
index ec7c5b7..6581a9c 100644
--- a/sblim-sfcc.spec
+++ b/sblim-sfcc.spec
@@ -7,7 +7,7 @@
 Summary: Small Footprint CIM Client Library
 Name: sblim-sfcc
 Version: 2.2.8
-Release: 31%{?dist}
+Release: 32%{?dist}
 License: EPL-1.0
 URL: http://www.sblim.org
 Source0: http://downloads.sourceforge.net/project/sblim/%{name}/%{name}-%{version}.tar.bz2
@@ -17,6 +17,10 @@ Patch0: sblim-sfcc-2.2.8-docdir-license.patch
 Patch1: c99.patch
 Patch2: c89.patch
 Patch3: sblim-sfcc-2.2.8-fix-clone-stack-exhaust.patch
+# Patch4: fixes buffer overflow in CIMMethod header handling
+Patch4: sblim-sfcc-2.2.8-fix-method-buffer-overflow.patch
+# Patch5: fixes buffer overflow in CIMObject namespace handling
+Patch5: sblim-sfcc-2.2.8-fix-namespace-buffer-overflow.patch
 BuildRequires: make
 BuildRequires: curl-devel chrpath
 BuildRequires: gcc gcc-c++
@@ -67,6 +71,10 @@ chrpath --delete $RPM_BUILD_ROOT%{_libdir}/libcmpisfcc.so.1.0.0
 %{_libdir}/libcmpisfcc.so
 
 %changelog
+* Tue Jun 23 2026 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.2.8-32
+- Fix buffer overflow in CIMMethod header handling
+- Fix buffer overflow in CIMObject namespace handling
+
 * Wed May 27 2026 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.2.8-31
 - Fix possible __clone() stack exhaustion
 

^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2026-06-23  8:05 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-06-23  8:05 [rpms/sblim-sfcc] main: Fix buffer overflows Vitezslav Crhonek

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox