Commit Graph

6 Commits (662668d082a2e2f1b576a8f1e0b6e9edff3e70a9)

Author SHA1 Message Date
Ariadne Conill 52d19e1b9e libpkgconf: fileio: pkgconf_fgetline(): handle quoted=true when a comment introduction is encountered
Fixes #215.
2021-03-18 05:45:41 -06:00
Tobias Stoeckmann bd4ed1ca02 libpkgconf: fileio: prevent buffer overflow.
pkgconf_fgetline is called with a user-defined buffer, its size, and
a FILE stream to read input from.

If the buffer is almost completely filled and the file stream contains
an escaped character, then it is possible to trigger an off-by-one
buffer overflow with a '\0' character.

Easiest example to trigger this:

char buf[2];
pkgconf_fgetline(buf, sizeof(buf), stdin);

Enter "\\" (two backslashes) and press enter. If the library and the
program are compiled with address sanitizer, you will see the program
crashing. Otherwise it depends on your architecture what happens.

Since nobody should be using a buffer of only size 1 or 2, keep enough
space for a possibly escaped character in while loop by subtracting one
more byte for this situation, not just for '\0'.
2020-05-24 14:09:44 -06:00
William Pitcock abe0f5c821 libpkgconf: fileio: fix quoting logic for double backslash case (ref #140) 2017-09-23 00:19:16 -05:00
William Pitcock e9fd43caa7 libpkgconf: clean up header includes (closes #137) 2017-09-17 23:38:25 -05:00
William Pitcock b17f264032 libpkgconf: move some utility funcs into pkgconf_ namespace 2015-09-06 10:48:24 -05:00
William Pitcock a706b3dccc initial libtoolization for libpkgconf 2015-09-06 09:35:08 -05:00