factory-packages-mirror

Clone
Source Code
GIT

Blame packages/p/pkgconf/pkgconf-CVE-2023-24056.patch

master
  1.   4db38724d0aa7d2d4f35d78c7c80f848ea2e965e
  2.   packages
  3.   p
  4.   pkgconf
  5.   pkgconf-CVE-2023-24056.patch
Blob History Raw
Bernhard M. Wiedemann 4db387 
diff -Nura pkgconf-1.8.0/libpkgconf/tuple.c pkgconf-1.8.0_new/libpkgconf/tuple.c
Bernhard M. Wiedemann 4db387 
--- pkgconf-1.8.0/libpkgconf/tuple.c	2021-03-18 20:15:16.000000000 +0800
Bernhard M. Wiedemann 4db387 
+++ pkgconf-1.8.0_new/libpkgconf/tuple.c	2023-01-30 16:07:40.750297141 +0800
Bernhard M. Wiedemann 4db387 
@@ -293,12 +293,23 @@
Bernhard M. Wiedemann 4db387 
 				}
Bernhard M. Wiedemann 4db387 
 			}
Bernhard M. Wiedemann 4db387
Bernhard M. Wiedemann 4db387 
+                        PKGCONF_TRACE(client, "lookup tuple %s", varname);
Bernhard M. Wiedemann 4db387 
+
Bernhard M. Wiedemann 4db387 
+                        size_t remain = PKGCONF_BUFSIZE - (bptr - buf);
Bernhard M. Wiedemann 4db387 
 			ptr += (pptr - ptr);
Bernhard M. Wiedemann 4db387 
 			kv = pkgconf_tuple_find_global(client, varname);
Bernhard M. Wiedemann 4db387 
 			if (kv != NULL)
Bernhard M. Wiedemann 4db387 
 			{
Bernhard M. Wiedemann 4db387 
-				strncpy(bptr, kv, PKGCONF_BUFSIZE - (bptr - buf));
Bernhard M. Wiedemann 4db387 
-				bptr += strlen(kv);
Bernhard M. Wiedemann 4db387 
+                       	        size_t nlen = pkgconf_strlcpy(bptr, kv, remain);
Bernhard M. Wiedemann 4db387 
+				if (nlen > remain)
Bernhard M. Wiedemann 4db387 
+				{
Bernhard M. Wiedemann 4db387 
+					pkgconf_warn(client, "warning: truncating very long variable to 64KB\n");
Bernhard M. Wiedemann 4db387 
+
Bernhard M. Wiedemann 4db387 
+					bptr = buf + (PKGCONF_BUFSIZE - 1);
Bernhard M. Wiedemann 4db387 
+					break;
Bernhard M. Wiedemann 4db387 
+				}
Bernhard M. Wiedemann 4db387 
+
Bernhard M. Wiedemann 4db387 
+				bptr += nlen;
Bernhard M. Wiedemann 4db387 
 			}
Bernhard M. Wiedemann 4db387 
 			else
Bernhard M. Wiedemann 4db387 
 			{
Bernhard M. Wiedemann 4db387 
@@ -306,12 +317,20 @@
Bernhard M. Wiedemann 4db387
Bernhard M. Wiedemann 4db387 
 				if (kv != NULL)
Bernhard M. Wiedemann 4db387 
 				{
Bernhard M. Wiedemann 4db387 
+                                        size_t nlen;
Bernhard M. Wiedemann 4db387 
+
Bernhard M. Wiedemann 4db387 
 					parsekv = pkgconf_tuple_parse(client, vars, kv);
Bernhard M. Wiedemann 4db387 
+                                        nlen = pkgconf_strlcpy(bptr, parsekv, remain);
Bernhard M. Wiedemann 4db387 
+					free(parsekv);
Bernhard M. Wiedemann 4db387
Bernhard M. Wiedemann 4db387 
-					strncpy(bptr, parsekv, PKGCONF_BUFSIZE - (bptr - buf));
Bernhard M. Wiedemann 4db387 
-					bptr += strlen(parsekv);
Bernhard M. Wiedemann 4db387 
+                                        if (nlen > remain)
Bernhard M. Wiedemann 4db387 
+                                        {
Bernhard M. Wiedemann 4db387 
+                                                pkgconf_warn(client, "warning: truncating very long variable to 64KB\n");
Bernhard M. Wiedemann 4db387 
+                                                bptr = buf + (PKGCONF_BUFSIZE - 1);
Bernhard M. Wiedemann 4db387 
+                                                break;
Bernhard M. Wiedemann 4db387 
+                                        }
Bernhard M. Wiedemann 4db387
Bernhard M. Wiedemann 4db387 
-					free(parsekv);
Bernhard M. Wiedemann 4db387 
+                                        bptr += nlen;
Bernhard M. Wiedemann 4db387 
 				}
Bernhard M. Wiedemann 4db387 
 			}
Bernhard M. Wiedemann 4db387 
 		}
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.