pool/pkgconf
SHA256
2
0
Fork 2
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2ad8946bb4
pkgconf/pkgconf-CVE-2023-24056.patch
Neal Gompa 10f0d517c1 Accepting request 1062028 from home:qzhao:branches:devel:tools 
Add pkgconf-CVE-2023-24056.patch: Backport commit 628b2b2baf from upstream, test for, and stop string processing, on truncation (bsc#1207394 CVE-2023-24056).

OBS-URL: https://build.opensuse.org/request/show/1062028
OBS-URL: https://build.opensuse.org/package/show/devel:tools/pkgconf?expand=0&rev=26
2023-01-30 12:44:21 +00:00

54 lines
1.7 KiB
Diff
Raw Blame History

diff -Nura pkgconf-1.8.0/libpkgconf/tuple.c pkgconf-1.8.0_new/libpkgconf/tuple.c
--- pkgconf-1.8.0/libpkgconf/tuple.c 2021-03-18 20:15:16.000000000 +0800
+++ pkgconf-1.8.0_new/libpkgconf/tuple.c 2023-01-30 16:07:40.750297141 +0800
@@ -293,12 +293,23 @@
}
}
+ PKGCONF_TRACE(client, "lookup tuple %s", varname);
+
+ size_t remain = PKGCONF_BUFSIZE - (bptr - buf);
ptr += (pptr - ptr);
kv = pkgconf_tuple_find_global(client, varname);
if (kv != NULL)
{
- strncpy(bptr, kv, PKGCONF_BUFSIZE - (bptr - buf));
- bptr += strlen(kv);
+ size_t nlen = pkgconf_strlcpy(bptr, kv, remain);
+ if (nlen > remain)
+ {
+ pkgconf_warn(client, "warning: truncating very long variable to 64KB\n");
+
+ bptr = buf + (PKGCONF_BUFSIZE - 1);
+ break;
+ }
+
+ bptr += nlen;
}
else
{
@@ -306,12 +317,20 @@
if (kv != NULL)
{
+ size_t nlen;
+
parsekv = pkgconf_tuple_parse(client, vars, kv);
+ nlen = pkgconf_strlcpy(bptr, parsekv, remain);
+ free(parsekv);
- strncpy(bptr, parsekv, PKGCONF_BUFSIZE - (bptr - buf));
- bptr += strlen(parsekv);
+ if (nlen > remain)
+ {
+ pkgconf_warn(client, "warning: truncating very long variable to 64KB\n");
+ bptr = buf + (PKGCONF_BUFSIZE - 1);
+ break;
+ }
- free(parsekv);
+ bptr += nlen;
}
}
}
Reference in New Issue View Git Blame Copy Permalink