ariadne
/
pkgconf
3
6
Fork 4
Code Issues 6 Pull Requests 2 Projects Releases 2 Wiki Activity

libpkgconf: fragment: fix out of boundary read 

Parsing a fragment which consists only of a single dash leads to
an out of boundary read. It duplicates the following entry which
is not expected behaviour if another fragment follows.

Proof of concept:

$ cat > poc.pc << "EOF"
Name: poc
Description: poc
Version: 1
Cflags: - -I/somewhere
EOF
$ PKG_CONFIG_PATH=. pkgconf --cflags poc
-I/somewhere -I/somewhere

If - is the last entry, it leads to an out of boundary read, which is
easy to see if pkgconf is compiled with address sanitizer.
pull/199/head
Tobias Stoeckmann 2020-05-29 19:35:42 +02:00 committed by Ariadne Conill
parent 42b355310f
commit dc04193c48
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libpkgconf/fragment.c
View File

@ -137,7 +137,7 @@ pkgconf_fragment_add(const pkgconf_client_t *client, pkgconf_list_t *list, const
if (*string == '\0') if (*string == '\0')
return; return;
if (!pkgconf_fragment_is_special(string)) if (strlen(string) > 1 && !pkgconf_fragment_is_special(string))
{ {
frag = calloc(sizeof(pkgconf_fragment_t), 1); frag = calloc(sizeof(pkgconf_fragment_t), 1);