kmx git

Commit	Date	Message
92745ad9	2020-05-24T21:51:14	libpkgconf: parser: fix out of boundary access It is possible to trigger an out of boundary access with specially crafted files. If a line consist of only a key and spaces, then op will point to '\0'-ending of the buffer. Since p is iterated by one byte right past this ending '\0', the next read access to p is effectively out of bounds. Theoretically this can also lead to out of boundary writes if spaces are encountered. Proof of concept (I recommend to compile with address sanitizer): $ echo -n a > poc.pc $ dd if=/dev/zero bs=1 count=65533 \| tr '\0' ' ' >> poc.pc $ pkgconf poc.pc
db9c1e96	2019-06-07T19:19:28	fix the order of header includes config.h should be included before stdinc.h, otherwise large file support is not enabled. Downstream bug: https://bugs.gentoo.org/687548
1244f8f8	2018-05-09T21:21:39	libpkgconf: refactor out the rfc822 message parser so that the cross-personality code can share it

92745ad9

2020-05-24T21:51:14

libpkgconf: parser: fix out of boundary access It is possible to trigger an out of boundary access with specially crafted files. If a line consist of only a key and spaces, then op will point to '\0'-ending of the buffer. Since p is iterated by one byte right past this ending '\0', the next read access to p is effectively out of bounds. Theoretically this can also lead to out of boundary writes if spaces are encountered. Proof of concept (I recommend to compile with address sanitizer): $ echo -n a > poc.pc $ dd if=/dev/zero bs=1 count=65533 | tr '\0' ' ' >> poc.pc $ pkgconf poc.pc

db9c1e96

2019-06-07T19:19:28

fix the order of header includes config.h should be included before stdinc.h, otherwise large file support is not enabled. Downstream bug: https://bugs.gentoo.org/687548

1244f8f8

2018-05-09T21:21:39

libpkgconf: refactor out the rfc822 message parser so that the cross-personality code can share it

kc3-lang/pkgconf/libpkgconf/parser.c

libpkgconf/parser.c

Log