File CVE-2023-2603.patch of Package libcap.29615
diff -Nurp libcap-2.26-orig/libcap/cap_alloc.c libcap-2.26/libcap/cap_alloc.c
--- libcap-2.26-orig/libcap/cap_alloc.c 2018-09-09 21:39:20.000000000 +0200
+++ libcap-2.26/libcap/cap_alloc.c 2023-05-16 17:46:53.054100203 +0200
@@ -59,12 +59,20 @@ cap_t cap_init(void)
char *_libcap_strdup(const char *old)
{
__u32 *raw_data;
+ size_t len;
if (old == NULL) {
errno = EINVAL;
return NULL;
}
+ len = strlen(old);
+ if ((len & 0x3fffffff) != len) {
+ _cap_debug("len is too long for libcap to manage");
+ errno = EINVAL;
+ return NULL;
+ }
+
raw_data = malloc( sizeof(__u32) + strlen(old) + 1 );
if (raw_data == NULL) {
errno = ENOMEM;