pkgconf/libpkgconf
Tobias Stoeckmann 5eb9cae009 libpkgconf: tuple: fix out of boundary write
This is the same issue which has been fixed in dependency code.

If a line contains a variable which is longer than PKGCONF_ITEM_SIZE,
then the varname buffer overflows.

The code itself still does not check if a closing } exists and
truncates variable names which are too long. Since these would
be functional changes and this commit is about a protection against
undefined behaviour on a language level, these changes are not
included.

Proof of concept:
$ echo "Description: poc" > poc.pc
$ echo "Version: 1" >> poc.pc
$ echo -n 'Name: ${'
$ dd if=/dev/zero bs=1 count=66535 | tr '\0' 'x' >> poc.pc
$ echo >> poc.pc
$ pkgconf poc.pc

On my Linux system, when compiled with gcc, the varname buffer overflows
directly into buf, which means that no crash can be notified.

It's easiest to figure out when adding strlen() and sizeof() output
as debug lines.
2020-05-30 19:09:24 -06:00
..
argvsplit.c fix missing backslashes in paths on Windows 2020-05-30 12:39:43 -06:00
audit.c libpkgconf: document audit module 2016-12-10 19:28:34 -06:00
bsdstubs.c Minimal tweaks to compile with Visual C 2015 2017-06-04 19:19:55 -07:00
bsdstubs.h normalize include guards. closes #33 2019-05-25 16:00:09 -05:00
cache.c libpkgconf: cache: fix refcount issue exposed by recent depgraph solver changes 2017-12-08 13:39:40 -06:00
client.c fix the order of header includes 2019-06-08 04:55:52 +03:00
config.h.meson Fix build on windows with meson 2018-09-17 15:41:27 +02:00
dependency.c libpkgconf: dependency: fix out of boundary write 2020-05-26 14:03:55 -06:00
fileio.c libpkgconf: fileio: prevent buffer overflow. 2020-05-24 14:09:44 -06:00
fragment.c libpkgconf: fragment: fix out of boundary write 2020-05-30 19:05:53 -06:00
iter.h normalize include guards. closes #33 2019-05-25 16:00:09 -05:00
libpkgconf-api.h normalize include guards. closes #33 2019-05-25 16:00:09 -05:00
libpkgconf.h pkgconf 1.7.0. 2020-05-24 14:55:02 -06:00
meson.build Experiment to build with Meson (#119) 2017-06-19 19:03:00 -05:00
parser.c libpkgconf: parser: fix out of boundary access 2020-05-24 14:10:18 -06:00
path.c libpkgconf: path: fix memory leak when deduping paths (closes #39) 2019-07-11 03:43:18 -05:00
personality.c libpkgconf: personality: fix out of boundary access 2020-05-25 05:55:39 -06:00
pkg.c libpkgconf: pkg: use a second pointer for demunging windows paths 2020-05-26 13:42:39 -06:00
queue.c libpkgconf: dependency: allow dependency nodes to be colored with traits 2018-03-18 18:03:33 -05:00
stdinc.h normalize include guards. closes #33 2019-05-25 16:00:09 -05:00
tuple.c libpkgconf: tuple: fix out of boundary write 2020-05-30 19:09:24 -06:00
win-dirent.h normalize include guards. closes #33 2019-05-25 16:00:09 -05:00