diff --git a/debian/changelog b/debian/changelog index 347b757..3d8ed88 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +libfcgi (2.4.2-2deepin1) unstable; urgency=medium + + * fix(CVE-2025-23016): integer overflow in ReadParams function + + -- hudeng Wed, 29 Apr 2026 14:00:46 +0800 + libfcgi (2.4.2-2deepin0) unstable; urgency=medium * No source change upload against GCC 12. diff --git a/debian/patches/CVE-2025-23016.patch b/debian/patches/CVE-2025-23016.patch new file mode 100644 index 0000000..d36ea10 --- /dev/null +++ b/debian/patches/CVE-2025-23016.patch @@ -0,0 +1,36 @@ +From b0eabcaf4d4f371514891a52115c746815c2ff15 Mon Sep 17 00:00:00 2001 +From: Pycatchown <39068868+Pycatchown@users.noreply.github.com> +Date: Tue, 8 Apr 2025 17:39:30 +0200 +Subject: [PATCH] Update fcgiapp.c + +Fixing an integer overflow (CVE-2025-23016) +--- + libfcgi/fcgiapp.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/libfcgi/fcgiapp.c b/libfcgi/fcgiapp.c +index 4ffe318..99c3630 100644 +--- a/libfcgi/fcgiapp.c ++++ b/libfcgi/fcgiapp.c +@@ -1175,6 +1175,10 @@ static int ReadParams(Params *paramsPtr, FCGX_Stream *stream) + } + nameLen = ((nameLen & 0x7f) << 24) + (lenBuff[0] << 16) + + (lenBuff[1] << 8) + lenBuff[2]; ++ if (nameLen >= INT_MAX) { ++ SetError(stream, FCGX_PARAMS_ERROR); ++ return -1; ++ } + } + if((valueLen = FCGX_GetChar(stream)) == EOF) { + SetError(stream, FCGX_PARAMS_ERROR); +@@ -1187,6 +1191,10 @@ static int ReadParams(Params *paramsPtr, FCGX_Stream *stream) + } + valueLen = ((valueLen & 0x7f) << 24) + (lenBuff[0] << 16) + + (lenBuff[1] << 8) + lenBuff[2]; ++ if (valueLen >= INT_MAX) { ++ SetError(stream, FCGX_PARAMS_ERROR); ++ return -1; ++ } + } + /* + * nameLen and valueLen are now valid; read the name and value diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..b42c1c0 --- /dev/null +++ b/debian/patches/series @@ -0,0 +1 @@ +CVE-2025-23016.patch