Blame packages/p/pkgconf/pkgconf-CVE-2023-24056.patch
|
Bernhard M. Wiedemann |
4db387 |
diff -Nura pkgconf-1.8.0/libpkgconf/tuple.c pkgconf-1.8.0_new/libpkgconf/tuple.c
|
|
Bernhard M. Wiedemann |
4db387 |
--- pkgconf-1.8.0/libpkgconf/tuple.c 2021-03-18 20:15:16.000000000 +0800
|
|
Bernhard M. Wiedemann |
4db387 |
+++ pkgconf-1.8.0_new/libpkgconf/tuple.c 2023-01-30 16:07:40.750297141 +0800
|
|
Bernhard M. Wiedemann |
4db387 |
@@ -293,12 +293,23 @@
|
|
Bernhard M. Wiedemann |
4db387 |
}
|
|
Bernhard M. Wiedemann |
4db387 |
}
|
|
Bernhard M. Wiedemann |
4db387 |
|
|
Bernhard M. Wiedemann |
4db387 |
+ PKGCONF_TRACE(client, "lookup tuple %s", varname);
|
|
Bernhard M. Wiedemann |
4db387 |
+
|
|
Bernhard M. Wiedemann |
4db387 |
+ size_t remain = PKGCONF_BUFSIZE - (bptr - buf);
|
|
Bernhard M. Wiedemann |
4db387 |
ptr += (pptr - ptr);
|
|
Bernhard M. Wiedemann |
4db387 |
kv = pkgconf_tuple_find_global(client, varname);
|
|
Bernhard M. Wiedemann |
4db387 |
if (kv != NULL)
|
|
Bernhard M. Wiedemann |
4db387 |
{
|
|
Bernhard M. Wiedemann |
4db387 |
- strncpy(bptr, kv, PKGCONF_BUFSIZE - (bptr - buf));
|
|
Bernhard M. Wiedemann |
4db387 |
- bptr += strlen(kv);
|
|
Bernhard M. Wiedemann |
4db387 |
+ size_t nlen = pkgconf_strlcpy(bptr, kv, remain);
|
|
Bernhard M. Wiedemann |
4db387 |
+ if (nlen > remain)
|
|
Bernhard M. Wiedemann |
4db387 |
+ {
|
|
Bernhard M. Wiedemann |
4db387 |
+ pkgconf_warn(client, "warning: truncating very long variable to 64KB\n");
|
|
Bernhard M. Wiedemann |
4db387 |
+
|
|
Bernhard M. Wiedemann |
4db387 |
+ bptr = buf + (PKGCONF_BUFSIZE - 1);
|
|
Bernhard M. Wiedemann |
4db387 |
+ break;
|
|
Bernhard M. Wiedemann |
4db387 |
+ }
|
|
Bernhard M. Wiedemann |
4db387 |
+
|
|
Bernhard M. Wiedemann |
4db387 |
+ bptr += nlen;
|
|
Bernhard M. Wiedemann |
4db387 |
}
|
|
Bernhard M. Wiedemann |
4db387 |
else
|
|
Bernhard M. Wiedemann |
4db387 |
{
|
|
Bernhard M. Wiedemann |
4db387 |
@@ -306,12 +317,20 @@
|
|
Bernhard M. Wiedemann |
4db387 |
|
|
Bernhard M. Wiedemann |
4db387 |
if (kv != NULL)
|
|
Bernhard M. Wiedemann |
4db387 |
{
|
|
Bernhard M. Wiedemann |
4db387 |
+ size_t nlen;
|
|
Bernhard M. Wiedemann |
4db387 |
+
|
|
Bernhard M. Wiedemann |
4db387 |
parsekv = pkgconf_tuple_parse(client, vars, kv);
|
|
Bernhard M. Wiedemann |
4db387 |
+ nlen = pkgconf_strlcpy(bptr, parsekv, remain);
|
|
Bernhard M. Wiedemann |
4db387 |
+ free(parsekv);
|
|
Bernhard M. Wiedemann |
4db387 |
|
|
Bernhard M. Wiedemann |
4db387 |
- strncpy(bptr, parsekv, PKGCONF_BUFSIZE - (bptr - buf));
|
|
Bernhard M. Wiedemann |
4db387 |
- bptr += strlen(parsekv);
|
|
Bernhard M. Wiedemann |
4db387 |
+ if (nlen > remain)
|
|
Bernhard M. Wiedemann |
4db387 |
+ {
|
|
Bernhard M. Wiedemann |
4db387 |
+ pkgconf_warn(client, "warning: truncating very long variable to 64KB\n");
|
|
Bernhard M. Wiedemann |
4db387 |
+ bptr = buf + (PKGCONF_BUFSIZE - 1);
|
|
Bernhard M. Wiedemann |
4db387 |
+ break;
|
|
Bernhard M. Wiedemann |
4db387 |
+ }
|
|
Bernhard M. Wiedemann |
4db387 |
|
|
Bernhard M. Wiedemann |
4db387 |
- free(parsekv);
|
|
Bernhard M. Wiedemann |
4db387 |
+ bptr += nlen;
|
|
Bernhard M. Wiedemann |
4db387 |
}
|
|
Bernhard M. Wiedemann |
4db387 |
}
|
|
Bernhard M. Wiedemann |
4db387 |
}
|