[PATCH 2/2] Fix read buffer overflow

poke-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 2/2] Fix read buffer overflow

From:	Tim Rühsen
Subject:	[PATCH 2/2] Fix read buffer overflow
Date:	Sun, 29 Mar 2020 20:47:23 +0200

* bootstrap.conf: Add gnulib module xstrndup.
* src/pk-cmd.c (pk_cmd_exec_1): Fix code to use xstrndup.

Use xstrndup instead of xmalloc + strncpy.
The old code did not terminate the strncpy'd string but used
strlen on it.
Leading spaces where not really skipped, which is fixed now.
---
 ChangeLog      |  5 +++++
 bootstrap.conf |  1 +
 src/pk-cmd.c   | 26 +++++++++++++-------------
 3 files changed, 19 insertions(+), 13 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 96db545d..7ab01b29 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2020-03-29  Tim Rühsen  <address@hidden>
+
+       * bootstrap.conf: Add gnulib module xstrndup.
+       * src/pk-cmd.c (pk_cmd_exec_1): Fix code to use xstrndup.
+
 2020-03-29  Tim Rühsen  <address@hidden>

        * src/pk-cmd.c (skip_blanks): Remove superfluous check.
diff --git a/bootstrap.conf b/bootstrap.conf
index 6d5affca..e2cb7483 100644
--- a/bootstrap.conf
+++ b/bootstrap.conf
@@ -50,6 +50,7 @@ gnulib_modules="
   fstat
   pmccabe2html
   strtoull
+  xstrndup
   "

 # TODO: Remove this after the 1.0 release. Until then, this helps developers
diff --git a/src/pk-cmd.c b/src/pk-cmd.c
index ae7abff3..e46cd7de 100644
--- a/src/pk-cmd.c
+++ b/src/pk-cmd.c
@@ -28,6 +28,7 @@
 #include <assert.h>
 #include <wordexp.h> /* For tilde-expansion.  */
 #include <xalloc.h>
+#include <xstrndup.h>
 #include <ctype.h>
 #include <gettext.h>
 #define _(str) dgettext (PACKAGE, str)
@@ -454,25 +455,24 @@ pk_cmd_exec_1 (char *str, struct pk_trie *cmds_trie, char 
*prefix)
                     char *end, *str;
                     size_t size;

-                    end = skip_blanks (p);
-                    while (*end != '\0' && *end != ',')
-                      end++;
+                    p = skip_blanks (p);
+                    for (end = p; *end != '\0' && *end != ','; end++)
+                      ;

-                    size = end - p + 1;
-                    assert (size > 0);
-                    str = xmalloc (size);
-                    strncpy (str, p, size);
+                    size = end - p;
+                    str = xstrndup (p, size);
+                    p = end;

                     /* Trim trailing space.  */
-                    end = str + strlen (str) - 1;
-                    while (end > str && isspace ((unsigned char) *end))
-                      end--;
-                    end++;
-                    *end = '\0';
+                    if (size)
+                      {
+                        end = str + size - 1;
+                        while (end > str && isspace ((unsigned char) *end))
+                          *end-- = '\0';
+                      }

                     argv[argc].type = PK_CMD_ARG_STR;
                     argv[argc].val.str = str;
-                    p = end;
                     match = 1;
                     break;
                   }
--
2.26.0

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH 0/2] Please review, Tim Rühsen, 2020/03/29
- [PATCH 1/2] * src/pk-cmd.c (skip_blanks): Remove superfluous check., Tim Rühsen, 2020/03/29
- [PATCH 2/2] Fix read buffer overflow, Tim Rühsen <=
- Re: [PATCH 0/2] Please review, Jose E. Marchesi, 2020/03/30

Prev by Date: [PATCH 1/2] * src/pk-cmd.c (skip_blanks): Remove superfluous check.
Next by Date: Re: [PATCH 0/2] Please review
Previous by thread: [PATCH 1/2] * src/pk-cmd.c (skip_blanks): Remove superfluous check.
Next by thread: Re: [PATCH 0/2] Please review
Index(es):
- Date
- Thread