forked from pool/systemd
0e288fc9c5
- Add upstream patch 0001-machine-don-t-return-uninitialized-variable.patch - Port and add upstream patch 0002-vconsole-setup-run-setfont-before-loadkeys.patch - Rename 0001-udev-net_setup_link-add-a-bit-more-logging.patch to 1048-udev-net_setup_link-add-a-bit-more-logging.patch - Port and add upstream patches 0001-udev-net_setup_link-add-a-bit-more-logging.patch 0003-namespace-make-sure-tmp-var-tmp-and-dev-are-writable.patch 0002-namespace-fix-uninitialized-memory-access.patch - Add upstream patches 0001-architecture-Add-tilegx.patch 0002-architecture-Add-cris.patch 0003-arch-add-crisv32-to-uname-check.patch 0004-architecture-remove-cris-from-uname-list.patch - Add upstream patches 0006-hwdb-update.patch 0007-hwdb-Update-database-of-Bluetooth-company-identifier.patch - Add upstream patches 0001-parse_uid-return-ENXIO-for-1-uids.patch 0002-util-when-unescaping-strings-don-t-allow-smuggling-i.patch 0003-localed-consider-an-unset-model-as-a-wildcard.patch 0004-sd-bus-when-an-event-loop-terminates-explicitly-clos.patch OBS-URL: https://build.opensuse.org/request/show/239780 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/systemd?expand=0&rev=191
75 lines
2.6 KiB
Diff
75 lines
2.6 KiB
Diff
Based on e0a33e7ba619eb44f732aaf23cb249fa43d0ce8d Mon Sep 17 00:00:00 2001
|
|
From: Lennart Poettering <lennart@poettering.net>
|
|
Date: Wed, 2 Jul 2014 13:42:25 +0200
|
|
Subject: [PATCH] util: when unescaping strings, don't allow smuggling in of
|
|
additional NUL bytes
|
|
|
|
Better safe than sorry.
|
|
---
|
|
src/shared/util.c | 12 ++++++------
|
|
1 file changed, 6 insertions(+), 6 deletions(-)
|
|
|
|
diff --git src/shared/util.c src/shared/util.c
|
|
index ceafa01..4ad3f20 100644
|
|
--- src/shared/util.c
|
|
+++ src/shared/util.c
|
|
@@ -1256,7 +1256,7 @@ char *cunescape_length_with_prefix(const char *s, size_t length, const char *pre
|
|
a = unhexchar(f[1]);
|
|
b = unhexchar(f[2]);
|
|
|
|
- if (a < 0 || b < 0) {
|
|
+ if (a < 0 || b < 0 || (a == 0 && b == 0)) {
|
|
/* Invalid escape code, let's take it literal then */
|
|
*(t++) = '\\';
|
|
*(t++) = 'x';
|
|
@@ -1283,7 +1283,7 @@ char *cunescape_length_with_prefix(const char *s, size_t length, const char *pre
|
|
b = unoctchar(f[1]);
|
|
c = unoctchar(f[2]);
|
|
|
|
- if (a < 0 || b < 0 || c < 0) {
|
|
+ if (a < 0 || b < 0 || c < 0 || (a == 0 && b == 0 && c == 0)) {
|
|
/* Invalid escape code, let's take it literal then */
|
|
*(t++) = '\\';
|
|
*(t++) = f[0];
|
|
@@ -1566,8 +1566,7 @@ int chvt(int vt) {
|
|
|
|
int read_one_char(FILE *f, char *ret, usec_t t, bool *need_nl) {
|
|
struct termios old_termios, new_termios;
|
|
- char c;
|
|
- char line[LINE_MAX];
|
|
+ char c, line[LINE_MAX];
|
|
|
|
assert(f);
|
|
assert(ret);
|
|
@@ -1604,9 +1603,10 @@ int read_one_char(FILE *f, char *ret, usec_t t, bool *need_nl) {
|
|
}
|
|
}
|
|
|
|
- if (t != (usec_t) -1)
|
|
+ if (t != (usec_t) -1) {
|
|
if (fd_wait_for_event(fileno(f), POLLIN, t) <= 0)
|
|
return -ETIMEDOUT;
|
|
+ }
|
|
|
|
if (!fgets(line, sizeof(line), f))
|
|
return -EIO;
|
|
@@ -1624,6 +1624,7 @@ int read_one_char(FILE *f, char *ret, usec_t t, bool *need_nl) {
|
|
}
|
|
|
|
int ask(char *ret, const char *replies, const char *text, ...) {
|
|
+ int r;
|
|
|
|
assert(ret);
|
|
assert(replies);
|
|
@@ -1632,7 +1633,6 @@ int ask(char *ret, const char *replies, const char *text, ...) {
|
|
for (;;) {
|
|
va_list ap;
|
|
char c;
|
|
- int r;
|
|
bool need_nl = true;
|
|
|
|
if (on_tty())
|
|
--
|
|
1.7.9.2
|
|
|