pkgconf/libpkgconf
Tobias Stoeckmann 92745ad9cb libpkgconf: parser: fix out of boundary access
It is possible to trigger an out of boundary access with specially
crafted files. If a line consist of only a key and spaces, then
op will point to '\0'-ending of the buffer. Since p is iterated by
one byte right past this ending '\0', the next read access to p is
effectively out of bounds.

Theoretically this can also lead to out of boundary writes if spaces
are encountered.

Proof of concept (I recommend to compile with address sanitizer):

$ echo -n a > poc.pc
$ dd if=/dev/zero bs=1 count=65533 | tr '\0' ' ' >> poc.pc
$ pkgconf poc.pc
2020-05-24 14:10:18 -06:00
..
argvsplit.c libpkgconf: argvsplit: fix escape handling in tokenizer (closes #163) 2017-12-14 22:41:14 -06:00
audit.c libpkgconf: document audit module 2016-12-10 19:28:34 -06:00
bsdstubs.c Minimal tweaks to compile with Visual C 2015 2017-06-04 19:19:55 -07:00
bsdstubs.h normalize include guards. closes #33 2019-05-25 16:00:09 -05:00
cache.c libpkgconf: cache: fix refcount issue exposed by recent depgraph solver changes 2017-12-08 13:39:40 -06:00
client.c fix the order of header includes 2019-06-08 04:55:52 +03:00
config.h.meson Fix build on windows with meson 2018-09-17 15:41:27 +02:00
dependency.c libpkgconf: dependency: preference uncoloured nodes in event of a dependency collision 2018-03-18 19:03:18 -05:00
fileio.c libpkgconf: fileio: prevent buffer overflow. 2020-05-24 14:09:44 -06:00
fragment.c libpkgconf: fragment: add pkgconf_fragment_copy_list() 2019-01-14 13:48:02 -06:00
iter.h normalize include guards. closes #33 2019-05-25 16:00:09 -05:00
libpkgconf-api.h normalize include guards. closes #33 2019-05-25 16:00:09 -05:00
libpkgconf.h personality: add support for WantDefaultStatic setting 2019-10-19 00:56:17 -05:00
meson.build Experiment to build with Meson (#119) 2017-06-19 19:03:00 -05:00
parser.c libpkgconf: parser: fix out of boundary access 2020-05-24 14:10:18 -06:00
path.c libpkgconf: path: fix memory leak when deduping paths (closes #39) 2019-07-11 03:43:18 -05:00
personality.c personality: add support for WantDefaultStatic setting 2019-10-19 00:56:17 -05:00
pkg.c libpkgconf: pkg: generate diagnostic for and trim malformed versions 2019-07-12 06:35:48 -05:00
queue.c libpkgconf: dependency: allow dependency nodes to be colored with traits 2018-03-18 18:03:33 -05:00
stdinc.h normalize include guards. closes #33 2019-05-25 16:00:09 -05:00
tuple.c libpkgconf: tuple: tighten quoting logic a bit 2019-03-23 22:34:11 -05:00
win-dirent.h normalize include guards. closes #33 2019-05-25 16:00:09 -05:00