diff options
| author |   virendra thakur <thakur.virendra1810@gmail.com> | 2024-01-23 10:58:20 +0530 |
|---|---|---|
| committer |   Steve Sakoman <steve@sakoman.com> | 2024-01-25 03:58:24 -1000 |
| commit | 32e3618891295cec1ee5d4195998aa97f93b2207 (patch) | |
| tree | 544e1acb3cb80710da3de7c56515dd0559d6c9c5 | |
| parent | 14ffb41e7a49a4c0076db9ec4449a97c0f143b67 (diff) | |
| download | openembedded-core-contrib-32e3618891295cec1ee5d4195998aa97f93b2207.tar.gz | |
opkg: Fix bad memory access error observe in file_read_line_alloc
In the case of a zero length string being returned by fgets(), the condition
checking for a trailing new line would perform a bad memory access outside
of `buf`. This might happen when line with a leading null byte is read.
Avoid this case by checking that the string has a length of at least one
byte.
Link: https://github.com/ndmsystems/opkg/commit/8b45a3c4cab95382beea1ecdddeb2e4a9ed14aba
Signed-off-by: virendra thakur <virendrak@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
| -rw-r--r-- | meta/recipes-devtools/opkg/opkg/0001-file_util.c-fix-possible-bad-memory-access-in-file_r.patch | 50 | ||||
| -rw-r--r-- | meta/recipes-devtools/opkg/opkg_0.4.2.bb | 1 |
2 files changed, 51 insertions, 0 deletions
diff --git a/meta/recipes-devtools/opkg/opkg/0001-file_util.c-fix-possible-bad-memory-access-in-file_r.patch b/meta/recipes-devtools/opkg/opkg/0001-file_util.c-fix-possible-bad-memory-access-in-file_r.patch new file mode 100644 index 0000000000..bec21e67f4 --- /dev/null +++ b/meta/recipes-devtools/opkg/opkg/0001-file_util.c-fix-possible-bad-memory-access-in-file_r.patch @@ -0,0 +1,50 @@ +From 8b45a3c4cab95382beea1ecdddeb2e4a9ed14aba Mon Sep 17 00:00:00 2001 +From: Jo-Philipp Wich <jo@mein.io> +Date: Wed, 1 Apr 2020 21:47:40 +0200 +Subject: [PATCH 001/104] file_util.c: fix possible bad memory access in + file_read_line_alloc() + +In the case of a zero length string being returned by fgets(), the condition +checking for a trailing new line would perform a bad memory access outside +of `buf`. This might happen when line with a leading null byte is read. + +Avoid this case by checking that the string has a length of at least one +byte. Also change the unsigned int types to size_t to store length values +while we're at it. + +Upstream-Status: Backport [https://github.com/ndmsystems/opkg/commit/8b45a3c4cab95382beea1ecdddeb2e4a9ed14aba] + +Signed-off-by: Jo-Philipp Wich <jo@mein.io> +Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com> +Signed-off-by: virendra thakur <virendrak@kpit.com> +--- + libopkg/file_util.c | 7 ++----- + 1 file changed, 2 insertions(+), 5 deletions(-) + +diff --git a/libopkg/file_util.c b/libopkg/file_util.c +index fbed7b4..ee9f59d 100644 +--- a/libopkg/file_util.c ++++ b/libopkg/file_util.c +@@ -127,17 +127,14 @@ char *file_readlink_alloc(const char *file_name) + */ + char *file_read_line_alloc(FILE * fp) + { ++ size_t buf_len, line_size; + char buf[BUFSIZ]; +- unsigned int buf_len; + char *line = NULL; +- unsigned int line_size = 0; + int got_nl = 0; + +- buf[0] = '\0'; +- + while (fgets(buf, BUFSIZ, fp)) { + buf_len = strlen(buf); +- if (buf[buf_len - 1] == '\n') { ++ if (buf_len > 0 && buf[buf_len - 1] == '\n') { + buf_len--; + buf[buf_len] = '\0'; + got_nl = 1; +-- +2.25.1 + diff --git a/meta/recipes-devtools/opkg/opkg_0.4.2.bb b/meta/recipes-devtools/opkg/opkg_0.4.2.bb index 55be6547c0..3ebc27c8ee 100644 --- a/meta/recipes-devtools/opkg/opkg_0.4.2.bb +++ b/meta/recipes-devtools/opkg/opkg_0.4.2.bb @@ -16,6 +16,7 @@ SRC_URI = "http://downloads.yoctoproject.org/releases/${BPN}/${BPN}-${PV}.tar.gz file://opkg.conf \ file://0001-opkg_conf-create-opkg.lock-in-run-instead-of-var-run.patch \ file://sourcedateepoch.patch \ + file://0001-file_util.c-fix-possible-bad-memory-access-in-file_r.patch \ file://run-ptest \ " |