[Medium] Patch ceph for CVE-2024-25629

SPECS/ceph/CVE-2024-25629.patch

@@ -0,0 +1,32 @@
+From b830dccb0d42c3fcf65d208ce3b71eec98b980c1 Mon Sep 17 00:00:00 2001
+From: Kevin Lockwood <[email protected]>
+Date: Tue, 4 Feb 2025 15:42:51 -0800
+Subject: [PATCH] [Medium] Patch ceph for CVE-2024-25629
+
+Link: https://github.com/c-ares/c-ares/commit/a804c04ddc8245fc8adf0e92368709639125e183.patch
+---
+ src/c-ares/ares__read_line.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/src/c-ares/ares__read_line.c b/src/c-ares/ares__read_line.c
+index c62ad2a2b..d6625a381 100644
+--- a/src/c-ares/ares__read_line.c
++++ b/src/c-ares/ares__read_line.c
+@@ -49,6 +49,14 @@ int ares__read_line(FILE *fp, char **buf, size_t *bufsize)
+       if (!fgets(*buf + offset, bytestoread, fp))
+         return (offset != 0) ? 0 : (ferror(fp)) ? ARES_EFILE : ARES_EOF;
+       len = offset + strlen(*buf + offset);
++
++      /* Probably means there was an embedded NULL as the first character in
++       * the line, throw away line */
++      if (len == 0) {
++        offset = 0;
++        continue;
++      }
++
+       if ((*buf)[len - 1] == '\n')
+         {
+           (*buf)[len - 1] = 0;
+-- 
+2.34.1
+

SPECS/ceph/ceph.spec

@@ -22,6 +22,7 @@ Patch7:         CVE-2012-2677.patch
 Patch8:         CVE-2020-10723.patch
 Patch9:         CVE-2021-3672.patch
 Patch10:        CVE-2020-10722.patch
+Patch11:        CVE-2024-25629.patch
 #
 # Copyright (C) 2004-2019 The Ceph Project Developers. See COPYING file
 # at the top-level directory of this distribution and at
@@ -2015,6 +2016,7 @@ exit 0
 - Fix for CVE-2020-10723
 - Fix for CVE-2021-3672
 - Fix for CVE-2020-10722
+- Fix for CVE-2024-25629
 
 * Tue Jan 28 2025 Kevin Lockwood <[email protected]> - 18.2.2-4
 - Fix for CVE-2014-5461