Commit Graph

24 Commits (78a77dd497c4ba057613e6e93aebe89824fa71f8)

Author SHA1 Message Date
Tobias Stoeckmann fb9acedcad libpkgconf: dependency: fix out of boundary write
It is possible to trigger an out of boundary write in function
pkgconf_dependency_parse_str if a dependency line contains a very
long comparator. The comparator is stored in a temporary buffer which
has a size of PKGCONF_ITEM_SIZE.

The line which is parsed can be up to PKGCONF_BUFSIZE characters long,
which is larger than PKGCONF_ITEM_SIZE (although it depends on PATH_MAX).

Having a comparator which is longer than PKGCONF_ITEM_SIZE therefore
leads to an out of boundary write. Although it is undefined behaviour,
this can lead to an overridden compare variable, which in turn can lead
to an invalid instruction pointer, i.e. most likely a crash or code
execution (very unlikely).

Proof of concept:

$ echo "Requires: x " > poc.pc
$ dd if=/dev/zero bs=1 count=65535 | tr '\0' '<' >> poc.pc
$ pkgconf poc.pc

Eiter compile pkgconf with address sanitizer or run pkgconf multiple
times, eventually it might crash (assuming that ASLR is in place).

In order to fix this, I decided to use an end pointer to avoid OOB write.
Alternative would be to increase the buffer size, but I try to avoid that
since this would be additional ~60 KB stack space for a very unlikely
situation.
2020-05-26 14:03:55 -06:00
William Pitcock 3f753fa3dd libpkgconf: dependency: preference uncoloured nodes in event of a dependency collision 2018-03-18 19:03:18 -05:00
William Pitcock ad65bc4a71 libpkgconf: dependency: allow dependency nodes to be colored with traits 2018-03-18 18:03:33 -05:00
William Pitcock 74d58d1b63 libpkgconf: pkg: cache solutions for already solved dependency graph nodes
in almost all cases, we partially solve the dependency graph multiple times, which
just wastes resources.  if we record the solution to a given dependency node, further
iterations can make use of the previous solution without having to solve it again.

this is safe because all provides entries (including virtuals) are knowable prior to
solving the dependency graph the first time.

a nice side effect of this is that all packages are preloaded when querying
information about them (--cflags and related commands).
2017-12-05 17:34:01 -06:00
William Pitcock 4589274c43 libpkgconf: start to remove PKGCONF_BUFSIZE allocations from the stack. (closes #149)
Patch by Karen Arutyunov.
2017-10-16 12:56:19 -05:00
William Pitcock e9fd43caa7 libpkgconf: clean up header includes (closes #137) 2017-09-17 23:38:25 -05:00
William Pitcock 1252d7ae6a libpkgconf: dependency: make dependency_to_str() private, use a caller-supplied buffer for reentrancy 2017-09-08 19:53:52 -05:00
William Pitcock 794443a92a dependency: break API to add tracepoints to dependency list building 2017-02-25 16:04:55 -06:00
Igor Gnatenko 5db87c9685 remove dead assignments (#109)
* remove dead assignments

None of them are used.

Signed-off-by: Igor Gnatenko <ignatenko@redhat.com>

* The address of an object "&pkgconf_pkg_provides_vermatch_rules[pkgdep->compare]" is never null

Signed-off-by: Igor Gnatenko <ignatenko@redhat.com>

* Overrunning array pkgconf_pkg_comparator_names at element index 7

Signed-off-by: Igor Gnatenko <ignatenko@redhat.com>
2017-01-22 11:31:34 -08:00
William Pitcock af503f210a libpkgconf: document dependency module 2016-12-10 19:57:26 -06:00
William Pitcock 8213d91038 libpkgconf: migrate to using the pkgconf_ namespaced strlcat/strlcpy symbols 2016-12-10 16:19:40 -06:00
William Pitcock 8740c5cd55 libpkgconf: begin removing global state from libpkgconf library by introducing a "client" object which holds the state 2016-12-01 15:05:03 -06:00
William Pitcock d72ece6a5f dependency: add pkgconf_dependency_add for programmatically adding a dependency object 2016-08-26 23:40:15 -05:00
Baptiste Daroussin cb83dab4ad More casting for ctype 2015-12-02 14:59:51 +01:00
William Pitcock 2f4f68fb62 libpkgconf: dependency: remove some dead debug code 2015-09-06 11:50:29 -05:00
William Pitcock 50cf8db086 libpkgconf: clean up PKG_MODULE_SEPARATOR() and PKG_OPERATOR_CHAR() macros 2015-09-06 11:39:55 -05:00
William Pitcock dd86ba43dd libpkgconf: PKG_ comparators become PKGCONF_CMP_ namespace 2015-09-06 11:34:09 -05:00
William Pitcock 571d9c756c libpkgconf: PKG_BUFSIZE becomes PKGCONF_BUFSIZE, remove unused PKG_MIN/PKG_MAX. 2015-09-06 11:29:56 -05:00
William Pitcock ca1b02659a libpkgconf: untangle remaining pkg_ functions related to pkgconf_pkg_t 2015-09-06 11:20:48 -05:00
William Pitcock 66247fae5f libpkgconf: pkg_comparator_t becomes pkgconf_pkg_comparator_t (and so on) 2015-09-06 10:57:26 -05:00
William Pitcock 4c71b25d5d libpkgconf: move pkg_tuple to pkgconf_tuple namespace 2015-09-06 10:41:40 -05:00
William Pitcock 1ee18d0e69 libpkgconf: move pkg_dependency to pkgconf_dependency namespace 2015-09-06 10:38:30 -05:00
William Pitcock cc2dcc1f5d libpkgconf: move pkg_node and pkg_list to pkgconf_node and pkgconf_list namespaces 2015-09-06 10:31:21 -05:00
William Pitcock a706b3dccc initial libtoolization for libpkgconf 2015-09-06 09:35:08 -05:00