[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 2/2] Fix read buffer overflow
|
From: |
Tim Rühsen |
|
Subject: |
[PATCH 2/2] Fix read buffer overflow |
|
Date: |
Sun, 29 Mar 2020 20:47:23 +0200 |
* bootstrap.conf: Add gnulib module xstrndup.
* src/pk-cmd.c (pk_cmd_exec_1): Fix code to use xstrndup.
Use xstrndup instead of xmalloc + strncpy.
The old code did not terminate the strncpy'd string but used
strlen on it.
Leading spaces where not really skipped, which is fixed now.
---
ChangeLog | 5 +++++
bootstrap.conf | 1 +
src/pk-cmd.c | 26 +++++++++++++-------------
3 files changed, 19 insertions(+), 13 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 96db545d..7ab01b29 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2020-03-29 Tim Rühsen <address@hidden>
+
+ * bootstrap.conf: Add gnulib module xstrndup.
+ * src/pk-cmd.c (pk_cmd_exec_1): Fix code to use xstrndup.
+
2020-03-29 Tim Rühsen <address@hidden>
* src/pk-cmd.c (skip_blanks): Remove superfluous check.
diff --git a/bootstrap.conf b/bootstrap.conf
index 6d5affca..e2cb7483 100644
--- a/bootstrap.conf
+++ b/bootstrap.conf
@@ -50,6 +50,7 @@ gnulib_modules="
fstat
pmccabe2html
strtoull
+ xstrndup
"
# TODO: Remove this after the 1.0 release. Until then, this helps developers
diff --git a/src/pk-cmd.c b/src/pk-cmd.c
index ae7abff3..e46cd7de 100644
--- a/src/pk-cmd.c
+++ b/src/pk-cmd.c
@@ -28,6 +28,7 @@
#include <assert.h>
#include <wordexp.h> /* For tilde-expansion. */
#include <xalloc.h>
+#include <xstrndup.h>
#include <ctype.h>
#include <gettext.h>
#define _(str) dgettext (PACKAGE, str)
@@ -454,25 +455,24 @@ pk_cmd_exec_1 (char *str, struct pk_trie *cmds_trie, char
*prefix)
char *end, *str;
size_t size;
- end = skip_blanks (p);
- while (*end != '\0' && *end != ',')
- end++;
+ p = skip_blanks (p);
+ for (end = p; *end != '\0' && *end != ','; end++)
+ ;
- size = end - p + 1;
- assert (size > 0);
- str = xmalloc (size);
- strncpy (str, p, size);
+ size = end - p;
+ str = xstrndup (p, size);
+ p = end;
/* Trim trailing space. */
- end = str + strlen (str) - 1;
- while (end > str && isspace ((unsigned char) *end))
- end--;
- end++;
- *end = '\0';
+ if (size)
+ {
+ end = str + size - 1;
+ while (end > str && isspace ((unsigned char) *end))
+ *end-- = '\0';
+ }
argv[argc].type = PK_CMD_ARG_STR;
argv[argc].val.str = str;
- p = end;
match = 1;
break;
}
--
2.26.0