[gentoo-commits] gentoo-projects commit in portage-utils: main.c - gentoo-commits

From:	"Mike Frysinger (vapier)" <vapier@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo-projects commit in portage-utils: main.c
Date:	Wed, 02 Mar 2011 05:31:58
Message-Id:	`20110302053146.848E720054@flycatcher.gentoo.org`

1

vapier      11/03/02 05:31:46

2

3

  Modified:             main.c

4

  Log:

5

  fix up extended line reading to avoid buffer overflows

6

7

Revision  Changes    Path

8

1.188                portage-utils/main.c

9

10

file : http://sources.gentoo.org/viewvc.cgi/gentoo-projects/portage-utils/main.c?rev=1.188&view=markup

11

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-projects/portage-utils/main.c?rev=1.188&content-type=text/plain

12

diff : http://sources.gentoo.org/viewvc.cgi/gentoo-projects/portage-utils/main.c?r1=1.187&r2=1.188

13

14

Index: main.c

15

===================================================================

16

RCS file: /var/cvsroot/gentoo-projects/portage-utils/main.c,v

17

retrieving revision 1.187

18

retrieving revision 1.188

19

diff -u -r1.187 -r1.188

20

--- main.c	2 Mar 2011 02:40:19 -0000	1.187

21

+++ main.c	2 Mar 2011 05:31:46 -0000	1.188

22

@@ -1,7 +1,7 @@

23

/*

24

  * Copyright 2005-2008 Gentoo Foundation

25

  * Distributed under the terms of the GNU General Public License v2

26

- * $Header: /var/cvsroot/gentoo-projects/portage-utils/main.c,v 1.187 2011/03/02 02:40:19 vapier Exp $

27

+ * $Header: /var/cvsroot/gentoo-projects/portage-utils/main.c,v 1.188 2011/03/02 05:31:46 vapier Exp $

28

*

29

  * Copyright 2005-2008 Ned Ludd        - <solar@g.o>

30

  * Copyright 2005-2008 Mike Frysinger  - <vapier@g.o>

31

@@ -11,6 +11,9 @@

32

 #ifdef _AIX

33

 #define _LINUX_SOURCE_COMPAT

34

 #endif

35

+#ifndef _q_static

36

+# define _q_static static

37

+#endif

38

39

 #include <stdarg.h>

40

 #include <stdio.h>

41

@@ -529,7 +532,7 @@

42

 	const char *default_value;

43

 } env_vars;

44

45

-static void set_portage_env_var(env_vars *var, const char *value)

46

+_q_static void set_portage_env_var(env_vars *var, const char *value)

47

{

48

 	switch (var->type) {

49

 	case _Q_BOOL:

50

@@ -546,7 +549,7 @@

51

}

52

53

 /* Helper to read a portage env file (e.g. make.conf) */

54

-static void read_portage_env_file(const char *file, env_vars vars[])

55

+_q_static void read_portage_env_file(const char *file, env_vars vars[])

56

{

57

 	size_t i, buflen, line;

58

 	FILE *fp;

59

@@ -586,22 +589,32 @@

60

 			while (isspace(*s))

61

 				++s;

62

 			if (*s == '"' || *s == '\'') {

63

+				char q = *s;

64

 				size_t l = strlen(s);

65

-				if (*s != s[l - 1]) {

66

+

67

+				if (q != s[l - 1]) {

68

 					/* If the last char is not a quote, then we span lines */

69

-					char *q = s + l + 1, *qq = NULL;

70

-					q[-1] = ' ';

71

-					while (fgets(q, buflen - (s - buf), fp) != NULL) {

72

-						l = strlen(q);

73

-						qq = strchr(q, *s);

74

+					size_t abuflen;

75

+					char *abuf, *qq;

76

+

77

+					qq = abuf = NULL;

78

+					while (getline(&abuf, &abuflen, fp) != -1) {

79

+						buf = xrealloc(buf, buflen + abuflen);

80

+						strcat(buf, abuf);

81

+						buflen += abuflen;

82

+

83

+						qq = strchr(abuf, q);

84

 						if (qq) {

85

 							*qq = '\0';

86

 							break;

87

}

88

}

89

+					free(abuf);

90

+

91

 					if (!qq)

92

 						warn("%s:%zu: %s: quote mismatch", file, line, vars[i].name);

93

-					++s;

94

+

95

+					s = buf + vars[i].name_len + 1;

96

 				} else {

97

 					s[l - 1] = '\0';

98

 					++s;

99

@@ -702,10 +715,6 @@

100

 		if (vars_to_read[i].type != _Q_BOOL)

101

 			*vars_to_read[i].value.s = xstrdup(vars_to_read[i].default_value);

102

103

-	if ((s = strchr(portroot, '/')) != NULL)

104

-		if (strlen(s) != 1)

105

-			strncat(portroot, "/", sizeof(portroot));

106

-

107

 	/* walk all the stacked profiles */

108

 	read_portage_profile(EPREFIX "/etc/make.profile", vars_to_read);

109

 	read_portage_profile(EPREFIX "/etc/portage/make.profile", vars_to_read);

110

@@ -729,10 +738,6 @@

111

}

112

}

113

114

-	if ((s = strchr(portroot, '/')) != NULL)

115

-		if (strlen(s) != 1)

116

-			strncat(portroot, "/", sizeof(portroot));

117

-

118

 	if (getenv("PORTAGE_QUIET") != NULL)

119

 		quiet = 1;

1	vapier 11/03/02 05:31:46
2
3	Modified: main.c
4	Log:
5	fix up extended line reading to avoid buffer overflows
6
7	Revision Changes Path
8	1.188 portage-utils/main.c
9
10	file : http://sources.gentoo.org/viewvc.cgi/gentoo-projects/portage-utils/main.c?rev=1.188&view=markup
11	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-projects/portage-utils/main.c?rev=1.188&content-type=text/plain
12	diff : http://sources.gentoo.org/viewvc.cgi/gentoo-projects/portage-utils/main.c?r1=1.187&r2=1.188
13
14	Index: main.c
15	===================================================================
16	RCS file: /var/cvsroot/gentoo-projects/portage-utils/main.c,v
17	retrieving revision 1.187
18	retrieving revision 1.188
19	diff -u -r1.187 -r1.188
20	--- main.c 2 Mar 2011 02:40:19 -0000 1.187
21	+++ main.c 2 Mar 2011 05:31:46 -0000 1.188
22	@@ -1,7 +1,7 @@
23	/*
24	* Copyright 2005-2008 Gentoo Foundation
25	* Distributed under the terms of the GNU General Public License v2
26	- * $Header: /var/cvsroot/gentoo-projects/portage-utils/main.c,v 1.187 2011/03/02 02:40:19 vapier Exp $
27	+ * $Header: /var/cvsroot/gentoo-projects/portage-utils/main.c,v 1.188 2011/03/02 05:31:46 vapier Exp $
28	*
29	* Copyright 2005-2008 Ned Ludd - <solar@g.o>
30	* Copyright 2005-2008 Mike Frysinger - <vapier@g.o>
31	@@ -11,6 +11,9 @@
32	#ifdef _AIX
33	#define _LINUX_SOURCE_COMPAT
34	#endif
35	+#ifndef _q_static
36	+# define _q_static static
37	+#endif
38
39	#include <stdarg.h>
40	#include <stdio.h>
41	@@ -529,7 +532,7 @@
42	const char *default_value;
43	} env_vars;
44
45	-static void set_portage_env_var(env_vars var, const char value)
46	+_q_static void set_portage_env_var(env_vars var, const char value)
47	{
48	switch (var->type) {
49	case _Q_BOOL:
50	@@ -546,7 +549,7 @@
51	}
52
53	/* Helper to read a portage env file (e.g. make.conf) */
54	-static void read_portage_env_file(const char *file, env_vars vars[])
55	+_q_static void read_portage_env_file(const char *file, env_vars vars[])
56	{
57	size_t i, buflen, line;
58	FILE *fp;
59	@@ -586,22 +589,32 @@
60	while (isspace(*s))
61	++s;
62	if (s == '"' \|\| s == '\'') {
63	+ char q = *s;
64	size_t l = strlen(s);
65	- if (*s != s[l - 1]) {
66	+
67	+ if (q != s[l - 1]) {
68	/* If the last char is not a quote, then we span lines */
69	- char q = s + l + 1, qq = NULL;
70	- q[-1] = ' ';
71	- while (fgets(q, buflen - (s - buf), fp) != NULL) {
72	- l = strlen(q);
73	- qq = strchr(q, *s);
74	+ size_t abuflen;
75	+ char abuf, qq;
76	+
77	+ qq = abuf = NULL;
78	+ while (getline(&abuf, &abuflen, fp) != -1) {
79	+ buf = xrealloc(buf, buflen + abuflen);
80	+ strcat(buf, abuf);
81	+ buflen += abuflen;
82	+
83	+ qq = strchr(abuf, q);
84	if (qq) {
85	*qq = '\0';
86	break;
87	}
88	}
89	+ free(abuf);
90	+
91	if (!qq)
92	warn("%s:%zu: %s: quote mismatch", file, line, vars[i].name);
93	- ++s;
94	+
95	+ s = buf + vars[i].name_len + 1;
96	} else {
97	s[l - 1] = '\0';
98	++s;
99	@@ -702,10 +715,6 @@
100	if (vars_to_read[i].type != _Q_BOOL)
101	*vars_to_read[i].value.s = xstrdup(vars_to_read[i].default_value);
102
103	- if ((s = strchr(portroot, '/')) != NULL)
104	- if (strlen(s) != 1)
105	- strncat(portroot, "/", sizeof(portroot));
106	-
107	/* walk all the stacked profiles */
108	read_portage_profile(EPREFIX "/etc/make.profile", vars_to_read);
109	read_portage_profile(EPREFIX "/etc/portage/make.profile", vars_to_read);
110	@@ -729,10 +738,6 @@
111	}
112	}
113
114	- if ((s = strchr(portroot, '/')) != NULL)
115	- if (strlen(s) != 1)
116	- strncat(portroot, "/", sizeof(portroot));
117	-
118	if (getenv("PORTAGE_QUIET") != NULL)
119	quiet = 1;

Gentoo Archives: gentoo-commits