!22 Fix CVE-2025-0633

From: @wk333 
Reviewed-by: @wang--ge 
Signed-off-by: @wang--ge

CVE-2025-0633.patch

@@ -0,0 +1,34 @@
+From 072a39a772a38c475e35a1be311304ca99e9de7f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Lars=20M=C3=B6llendorf?= <lars@moellendorf.eu>
+Date: Sun, 26 Jan 2025 08:48:23 +0100
+Subject: [PATCH] Fix heap overflow in `iniparser_dumpsection_ini()`
+
+Origin: https://gitlab.com/iniparser/iniparser/-/commit/072a39a772a38c475e35a1be311304ca99e9de7f
+
+...reported in #177
+
+As suggested by the issue reporter this is fixed by returning from
+`iniparser_dumpsection_ini()` in case the length of the passed section name
+of dictionary to dump was bigger than the size of the internal buffer used
+to copy this string to.
+
+Changelog: changed
+---
+ src/iniparser.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/iniparser.c b/src/iniparser.c
+index abc8b52..1086b46 100644
+--- a/src/iniparser.c
++++ b/src/iniparser.c
+@@ -327,6 +327,7 @@ void iniparser_dumpsection_ini(const dictionary * d, const char * s, FILE * f)
+ 
+     if (d==NULL || f==NULL) return ;
+     if (! iniparser_find_entry(d, s)) return ;
++    if (strlen(s) > sizeof(keym)) return;
+ 
+     seclen  = (int)strlen(s);
+     fprintf(f, "\n[%s]\n", s);
+-- 
+GitLab
+

iniparser.spec

@@ -2,12 +2,13 @@
 
 Name:    iniparser
 Version: 4.1
-Release: 4
+Release: 5
 Summary: ini file parser 
 License: MIT and Zlib
 URL:	 https://github.com/ndevilla/iniparser
 Source0: https://github.com/ndevilla/iniparser/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
 Patch0:  CVE-2023-33461.patch
+Patch1:  CVE-2025-0633.patch
 
 BuildRequires: 	gcc doxygen
 
@@ -49,6 +50,9 @@ cp -r html %{buildroot}/%{_docdir}/%{name}
 %{_docdir}/*
 
 %changelog
+* Fri Mar 07 2025 wangkai <13474090681@163.com> - 4.1-5
+- Fix CVE-2025-0633
+
 * Sun Jun 25 2023 wangkai <13474090681@163.com> - 4.1-4
 - Fix CVE-2023-33461