kc3-lang/pkgconf/libpkgconf/parser.c

Tag - branch -master- tag -pkgconf-2.5.1pkgconf-2.5.0pkgconf-2.4.3pkgconf-2.4.2pkgconf-2.4.1pkgconf-2.4.0pkgconf-2.3.0pkgconf-2.2.0pkgconf-2.1.1pkgconf-2.1.0pkgconf-2.0.3pkgconf-2.0.2pkgconf-2.0.1pkgconf-2.0.0pkgconf-1.9.5pkgconf-1.9.4pkgconf-1.9.3pkgconf-1.9.2pkgconf-1.9.1pkgconf-1.9.0pkgconf-1.8.0pkgconf-1.7.4pkgconf-1.7.3pkgconf-1.7.2pkgconf-1.7.1pkgconf-1.7.0pkgconf-1.6.3pkgconf-1.6.2pkgconf-1.6.1pkgconf-1.6.0pkgconf-1.5.4pkgconf-1.5.3pkgconf-1.5.2pkgconf-1.5.1pkgconf-1.4.2pkgconf-1.4.1pkgconf-1.4.0pkgconf-1.3.90pkgconf-1.3.7pkgconf-1.3.6pkgconf-1.3.5pkgconf-1.3.4pkgconf-1.3.3pkgconf-1.3.2pkgconf-1.3.1pkgconf-1.3.0pkgconf-1.2.0pkgconf-1.1.0pkgconf-1.0.1pkgconf-1pkgconf-0.9.9pkgconf-0.9.8pkgconf-0.9.7pkgconf-0.9.6pkgconf-0.9.5pkgconf-0.9.4pkgconf-0.9.3pkgconf-0.9.2pkgconf-0.9.12pkgconf-0.9.11pkgconf-0.9.10pkgconf-0.9.1pkgconf-0.9.0pkgconf-0.8.9pkgconf-0.8.8pkgconf-0.8.7pkgconf-0.8.4pkgconf-0.8.3pkgconf-0.8.2pkgconf-0.8.12pkgconf-0.8.11pkgconf-0.8.10pkgconf-0.8.1pkgconf-0.8pkgconf-0.7pkgconf-0.6pkgconf-0.5.3pkgconf-0.5.2pkgconf-0.5.1pkgconf-0.5pkgconf-0.4pkgconf-0.3pkgconf-0.2pkgconf-0.1.1pkgconf-0.1

• Show log

  Commit

• Hash : 92745ad9
  Author :
  Date : 2020-05-24T21:51:14
  

  libpkgconf: parser: fix out of boundary access
  
  It is possible to trigger an out of boundary access with specially
  crafted files. If a line consist of only a key and spaces, then
  op will point to '\0'-ending of the buffer. Since p is iterated by
  one byte right past this ending '\0', the next read access to p is
  effectively out of bounds.
  
  Theoretically this can also lead to out of boundary writes if spaces
  are encountered.
  
  Proof of concept (I recommend to compile with address sanitizer):
  
  $ echo -n a > poc.pc
  $ dd if=/dev/zero bs=1 count=65533 | tr '\0' ' ' >> poc.pc
  $ pkgconf poc.pc
  

Download

• libpkgconf/parser.c

• /*
   * parser.c
   * rfc822 message parser
   *
   * Copyright (c) 2018 pkgconf authors (see AUTHORS).
   *
   * Permission to use, copy, modify, and/or distribute this software for any
   * purpose with or without fee is hereby granted, provided that the above
   * copyright notice and this permission notice appear in all copies.
   *
   * This software is provided 'as is' and without any warranty, express or
   * implied.  In no event shall the authors be liable for any damages arising
   * from the use of this software.
   */
  
  #include <libpkgconf/config.h>
  #include <libpkgconf/stdinc.h>
  #include <libpkgconf/libpkgconf.h>
  
  /*
   * !doc
   *
   * .. c:function:: pkgconf_pkg_t *pkgconf_pkg_new_from_file(const pkgconf_client_t *client, const char *filename, FILE *f)
   *
   *    Parse a .pc file into a pkgconf_pkg_t object structure.
   *
   *    :param pkgconf_client_t* client: The pkgconf client object to use for dependency resolution.
   *    :param char* filename: The filename of the package file (including full path).
   *    :param FILE* f: The file object to read from.
   *    :returns: A ``pkgconf_pkg_t`` object which contains the package data.
   *    :rtype: pkgconf_pkg_t *
   */
  void
  pkgconf_parser_parse(FILE *f, void *data, const pkgconf_parser_operand_func_t *ops, const pkgconf_parser_warn_func_t warnfunc, const char *filename)
  {
  	char readbuf[PKGCONF_BUFSIZE];
  	size_t lineno = 0;
  
  	while (pkgconf_fgetline(readbuf, PKGCONF_BUFSIZE, f) != NULL)
  	{
  		char op, *p, *key, *value;
  		bool warned_key_whitespace = false, warned_value_whitespace = false;
  
  		lineno++;
  
  		p = readbuf;
  		while (*p && (isalpha((unsigned int)*p) || isdigit((unsigned int)*p) || *p == '_' || *p == '.'))
  			p++;
  
  		key = readbuf;
  		if (!isalpha((unsigned int)*key) && !isdigit((unsigned int)*p))
  			continue;
  
  		while (*p && isspace((unsigned int)*p))
  		{
  			if (!warned_key_whitespace)
  			{
  				warnfunc(data, "%s:" SIZE_FMT_SPECIFIER ": warning: whitespace encountered while parsing key section\n",
  					filename, lineno);
  				warned_key_whitespace = true;
  			}
  
  			/* set to null to avoid trailing spaces in key */
  			*p = '\0';
  			p++;
  		}
  
  		op = *p;
  		if (*p != '\0')
  		{
  			*p = '\0';
  			p++;
  		}
  
  		while (*p && isspace((unsigned int)*p))
  			p++;
  
  		value = p;
  		p = value + (strlen(value) - 1);
  		while (*p && isspace((unsigned int) *p) && p > value)
  		{
  			if (!warned_value_whitespace && op == '=')
  			{
  				warnfunc(data, "%s:" SIZE_FMT_SPECIFIER ": warning: trailing whitespace encountered while parsing value section\n",
  					filename, lineno);
  				warned_value_whitespace = true;
  			}
  
  			*p = '\0';
  			p--;
  		}
  
  		if (ops[(unsigned char) op])
  			ops[(unsigned char) op](data, lineno, key, value);
  	}
  
  	fclose(f);
  }
  

Download