From 93ef6a0a3e35b395569f55459b39234a1f3881cb Mon Sep 17 00:00:00 2001 From: Paul Howarth Date: Jul 27 2023 13:25:30 +0000 Subject: Fix FTBFS for Fedora 39 (rhbz#2226148) Fix for buffer overflow detected in response.c API test on s390x. https://bugzilla.redhat.com/show_bug.cgi?id=2226148 https://github.com/proftpd/proftpd/pull/1692 --- diff --git a/proftpd-1.3.8-api-test-buffer-overflow.patch b/proftpd-1.3.8-api-test-buffer-overflow.patch new file mode 100644 index 0000000..e13ce04 --- /dev/null +++ b/proftpd-1.3.8-api-test-buffer-overflow.patch @@ -0,0 +1,38 @@ +commit 205569215215f29f3ebee4d09f23110ebcd2d30b +Author: Paul Howarth +Date: Thu Jul 27 13:13:50 2023 +0100 + + Fix write size limits in pr_response_send_async + + Some of the byte count limits for string buffer writes in + pr_response_send_async were overly large, not taking into account + some optimizations that had been made in the code. + + This manifested in buffer overflows being detected in the + "response" API test on some architectures (e.g. s390x) with + FORTIFY_SOURCE=3; the buffer was not actually overflowing, but + the size limit given could have allowed a buffer overflow to + occur. + +diff --git a/src/response.c b/src/response.c +index 9d36917bd..2913c22f7 100644 +--- a/src/response.c ++++ b/src/response.c +@@ -357,7 +357,7 @@ void pr_response_send_async(const char * + len = strlen(resp_numeric); + sstrcat(buf + len, " ", sizeof(buf) - len); + +- max_len = sizeof(buf) - len; ++ max_len = sizeof(buf) - (len + 1); + + va_start(msg, fmt); + res = pr_vsnprintf(buf + len + 1, max_len, fmt, msg); +@@ -368,7 +368,7 @@ void pr_response_send_async(const char * + resp_last_response_code = pstrdup(resp_pool, resp_numeric); + resp_last_response_msg = pstrdup(resp_pool, buf + len + 1); + +- sstrcat(buf + res, "\r\n", sizeof(buf)); ++ sstrcat(buf + res, "\r\n", max_len - res); + RESPONSE_WRITE_STR_ASYNC(session.c->outstrm, "%s", buf) + } + diff --git a/proftpd.spec b/proftpd.spec index b1520b6..cbcc902 100644 --- a/proftpd.spec +++ b/proftpd.spec @@ -40,7 +40,7 @@ %undefine _strict_symbol_defs_build #global prever rc4 -%global baserelease 6 +%global baserelease 7 %global mod_vroot_version 0.9.11 Summary: Flexible, stable and highly-configurable FTP server @@ -67,6 +67,7 @@ Patch4: proftpd-1.3.6-no-mod-wrap.patch Patch5: proftpd-1.3.6-no-mod-geoip.patch Patch6: https://patch-diff.githubusercontent.com/raw/proftpd/proftpd/pull/1592.patch Patch7: proftpd-1.3.8-configure-c99.patch +Patch8: proftpd-1.3.8-api-test-buffer-overflow.patch BuildRequires: coreutils BuildRequires: gcc @@ -271,6 +272,12 @@ mv contrib/README contrib/README.contrib # Port configure script to C99: https://github.com/proftpd/proftpd/pull/1665 %patch -P 7 -p1 -b .c99 +# Fix for buffer overflow detected in response.c API test on s390x +# causing FTBFS in Fedora 39 +# https://bugzilla.redhat.com/show_bug.cgi?id=2226148 +# https://github.com/proftpd/proftpd/pull/1692 +%patch -P 8 -p1 -b .api-test-buf-ovfl + # OpenSSL Cipher Profiles introduced in Fedora 21 # Elsewhere, we use the default of DEFAULT:!ADH:!EXPORT:!DES %if (0%{?rhel} && 0%{?rhel} <= 7) || (0%{?fedora} && 0%{?fedora} <= 20) @@ -508,6 +515,11 @@ fi %{_mandir}/man1/ftpwho.1* %changelog +* Thu Jul 27 2023 Paul Howarth - 1.3.8-7 +- Fix for buffer overflow detected in response.c API test on s390x + causing FTBFS in Fedora 39 (rhbz#2226148) + (https://github.com/proftpd/proftpd/pull/1692) + * Fri Jul 21 2023 Fedora Release Engineering - 1.3.8-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild