From 46375ad6e0b74fbb6d785872e28804d92decc8c1 Mon Sep 17 00:00:00 2001 From: ticktock35 Date: Mon, 19 Jan 2009 18:21:08 +0000 Subject: [PATCH] fix a buffer overflow bug that cause http://code.google.com/p/opkg/issues/detail?id=3 git-svn-id: http://opkg.googlecode.com/svn/trunk@197 e8e0d7a0-c8d9-11dd-a880-a1081c7ac358 --- libopkg/opkg_cmd.c | 3 ++- libopkg/pkg.c | 33 ++++++++++++++++++++++++++++++--- 2 files changed, 32 insertions(+), 4 deletions(-) diff --git a/libopkg/opkg_cmd.c b/libopkg/opkg_cmd.c index 043536c..f0ac3f7 100644 --- a/libopkg/opkg_cmd.c +++ b/libopkg/opkg_cmd.c @@ -815,7 +815,7 @@ static int opkg_info_status_cmd(opkg_conf_t *conf, int argc, char **argv, int in char *pkg_name = NULL; char **pkg_fields = NULL; int n_fields = 0; - char *buff ; + char *buff = NULL; if (argc > 0) { pkg_name = argv[0]; @@ -847,6 +847,7 @@ static int opkg_info_status_cmd(opkg_conf_t *conf, int argc, char **argv, int in We need to free it :) ( Thanks florian for seeing the error ) */ free(buff); + buff = NULL; } if (conf->verbosity > 1) { conffile_list_elt_t *iter; diff --git a/libopkg/pkg.c b/libopkg/pkg.c index cc33e70..5096ba0 100644 --- a/libopkg/pkg.c +++ b/libopkg/pkg.c @@ -492,100 +492,127 @@ void set_flags_from_control(opkg_conf_t *conf, pkg_t *pkg){ } +#define CHECK_BUFF_SIZE(buff, line, buf_size, page_size) do { \ + if (strlen(buff) + strlen(line) >= (buf_size)) { \ + buf_size += page_size; \ + buff = realloc(buff, buf_size); \ + } \ + } while(0) char * pkg_formatted_info(pkg_t *pkg ) { char *line; char * buff; + const size_t page_size = 8192; + size_t buff_size = page_size; - buff = calloc(1, 8192); + buff = calloc(1, buff_size); if (buff == NULL) { fprintf(stderr, "%s: out of memory\n", __FUNCTION__); return NULL; } - buff[0] = '\0'; - line = pkg_formatted_field(pkg, "Package"); + CHECK_BUFF_SIZE(buff, line, buff_size, page_size); strncat(buff ,line, strlen(line)); free(line); line = pkg_formatted_field(pkg, "Version"); + CHECK_BUFF_SIZE(buff, line, buff_size, page_size); strncat(buff ,line, strlen(line)); free(line); line = pkg_formatted_field(pkg, "Depends"); + CHECK_BUFF_SIZE(buff, line, buff_size, page_size); strncat(buff ,line, strlen(line)); free(line); line = pkg_formatted_field(pkg, "Recommends"); + CHECK_BUFF_SIZE(buff, line, buff_size, page_size); strncat(buff ,line, strlen(line)); free(line); line = pkg_formatted_field(pkg, "Suggests"); + CHECK_BUFF_SIZE(buff, line, buff_size, page_size); strncat(buff ,line, strlen(line)); free(line); line = pkg_formatted_field(pkg, "Provides"); + CHECK_BUFF_SIZE(buff, line, buff_size, page_size); strncat(buff ,line, strlen(line)); free(line); line = pkg_formatted_field(pkg, "Replaces"); + CHECK_BUFF_SIZE(buff, line, buff_size, page_size); strncat(buff ,line, strlen(line)); free(line); line = pkg_formatted_field(pkg, "Conflicts"); + CHECK_BUFF_SIZE(buff, line, buff_size, page_size); strncat(buff ,line, strlen(line)); free(line); line = pkg_formatted_field(pkg, "Status"); + CHECK_BUFF_SIZE(buff, line, buff_size, page_size); strncat(buff ,line, strlen(line)); free(line); line = pkg_formatted_field(pkg, "Section"); + CHECK_BUFF_SIZE(buff, line, buff_size, page_size); strncat(buff ,line, strlen(line)); free(line); line = pkg_formatted_field(pkg, "Essential"); /* @@@@ should be removed in future release. *//* I do not agree with this Pigi*/ + CHECK_BUFF_SIZE(buff, line, buff_size, page_size); strncat(buff ,line, strlen(line)); free(line); line = pkg_formatted_field(pkg, "Architecture"); + CHECK_BUFF_SIZE(buff, line, buff_size, page_size); strncat(buff ,line, strlen(line)); free(line); line = pkg_formatted_field(pkg, "Maintainer"); + CHECK_BUFF_SIZE(buff, line, buff_size, page_size); strncat(buff ,line, strlen(line)); free(line); line = pkg_formatted_field(pkg, "MD5sum"); + CHECK_BUFF_SIZE(buff, line, buff_size, page_size); strncat(buff ,line, strlen(line)); free(line); line = pkg_formatted_field(pkg, "Size"); + CHECK_BUFF_SIZE(buff, line, buff_size, page_size); strncat(buff ,line, strlen(line)); free(line); line = pkg_formatted_field(pkg, "Filename"); + CHECK_BUFF_SIZE(buff, line, buff_size, page_size); strncat(buff ,line, strlen(line)); free(line); line = pkg_formatted_field(pkg, "Conffiles"); + CHECK_BUFF_SIZE(buff, line, buff_size, page_size); strncat(buff ,line, strlen(line)); free(line); line = pkg_formatted_field(pkg, "Source"); + CHECK_BUFF_SIZE(buff, line, buff_size, page_size); strncat(buff ,line, strlen(line)); free(line); line = pkg_formatted_field(pkg, "Description"); + CHECK_BUFF_SIZE(buff, line, buff_size, page_size); strncat(buff ,line, strlen(line)); free(line); line = pkg_formatted_field(pkg, "Installed-Time"); + CHECK_BUFF_SIZE(buff, line, buff_size, page_size); strncat(buff ,line, strlen(line)); free(line); line = pkg_formatted_field(pkg, "Tags"); + CHECK_BUFF_SIZE(buff, line, buff_size, page_size); strncat(buff ,line, strlen(line)); free(line); -- 2.30.2