xbps{,-static}: patch from master to fix a heap overflow.

This commit is contained in:
Juan RP 2014-09-16 09:22:46 +02:00
parent 3dec47818c
commit 61414bab42
4 changed files with 28 additions and 2 deletions

1
srcpkgs/xbps-static/patches Symbolic link
View File

@ -0,0 +1 @@
../xbps/patches

View File

@ -3,7 +3,7 @@
# NOTE: keep this package synchronized with "srcpkgs/xbps". # NOTE: keep this package synchronized with "srcpkgs/xbps".
pkgname=xbps-static pkgname=xbps-static
version=0.39 version=0.39
revision=1 revision=2
bootstrap=yes bootstrap=yes
short_desc="The XBPS package system utilities - static binaries" short_desc="The XBPS package system utilities - static binaries"
maintainer="Juan RP <xtraeme@gmail.com>" maintainer="Juan RP <xtraeme@gmail.com>"

View File

@ -0,0 +1,25 @@
From 68949809836220d76ecd00bf5ee7f3e57d4032bf Mon Sep 17 00:00:00 2001
From: Juan RP <xtraeme@gmail.com>
Date: Tue, 16 Sep 2014 09:13:32 +0200
Subject: [PATCH] lib/package_msg.c: fix a heap overflow (noticed by @Gottox).
---
lib/package_msg.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/package_msg.c b/lib/package_msg.c
index f71dba0..f7d7ee2 100644
--- lib/package_msg.c
+++ lib/package_msg.c
@@ -59,7 +59,7 @@ xbps_cb_message(struct xbps_handle *xhp, xbps_dictionary_t pkgd, const char *key
xbps_dbg_printf(xhp, "[%s] %s: fmemopen %s\n", __func__, pkgver, strerror(rv));
goto out;
};
- buf = malloc(len);
+ buf = malloc(len+1);
assert(buf);
if (fread(buf, len, 1, f) != len) {
if (ferror(f)) {
--
2.1.0

View File

@ -1,7 +1,7 @@
# Template file for 'xbps' # Template file for 'xbps'
pkgname=xbps pkgname=xbps
version=0.39 version=0.39
revision=1 revision=2
bootstrap=yes bootstrap=yes
short_desc="The XBPS package system utilities" short_desc="The XBPS package system utilities"
maintainer="Juan RP <xtraeme@gmail.com>" maintainer="Juan RP <xtraeme@gmail.com>"