Commit Graph

3 Commits (a61193c7236f5b240585c4f8eef6f452f1d9a7ee)

Author SHA1 Message Date
Tobias Stoeckmann 92745ad9cb libpkgconf: parser: fix out of boundary access
It is possible to trigger an out of boundary access with specially
crafted files. If a line consist of only a key and spaces, then
op will point to '\0'-ending of the buffer. Since p is iterated by
one byte right past this ending '\0', the next read access to p is
effectively out of bounds.

Theoretically this can also lead to out of boundary writes if spaces
are encountered.

Proof of concept (I recommend to compile with address sanitizer):

$ echo -n a > poc.pc
$ dd if=/dev/zero bs=1 count=65533 | tr '\0' ' ' >> poc.pc
$ pkgconf poc.pc
2020-05-24 14:10:18 -06:00
Alexander Tsoy db9c1e96a1
fix the order of header includes
config.h should be included before stdinc.h, otherwise large file
support is not enabled.

Downstream bug: https://bugs.gentoo.org/687548
2019-06-08 04:55:52 +03:00
William Pitcock 1244f8f8e7 libpkgconf: refactor out the rfc822 message parser so that the cross-personality code can share it 2018-05-09 21:21:39 -05:00