diff options
| author | Andrej Shadura <andrewsh@debian.org> | 2018-08-06 16:42:21 +0200 |
|---|---|---|
| committer | Andrej Shadura <andrewsh@debian.org> | 2018-08-06 16:42:21 +0200 |
| commit | 62fd13cfc3666091d77d69f70183cdd98f6da704 (patch) | |
| tree | 06076828a3f11a57d257c625a28981efaf562352 | |
| parent | 7f5c1c86c6ce279132f605d52f5072614430ef13 (diff) | |
Verify snprintf doesn’t truncate the output
Closes: #897832
| -rw-r--r-- | debian/patches/series | 1 | ||||
| -rw-r--r-- | debian/patches/snprintf-truncation-check.patch | 49 |
2 files changed, 50 insertions, 0 deletions
diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..c2a58ef --- /dev/null +++ b/debian/patches/series @@ -0,0 +1 @@ +snprintf-truncation-check.patch diff --git a/debian/patches/snprintf-truncation-check.patch b/debian/patches/snprintf-truncation-check.patch new file mode 100644 index 0000000..e11eb8f --- /dev/null +++ b/debian/patches/snprintf-truncation-check.patch @@ -0,0 +1,49 @@ +From: Andrej Shadura <andrewsh@debian.org> +Subject: Verify snprintf didn’t truncate the output + +--- +Bug: https://github.com/cheusov/paexec/issues/1 +Bug-Debian: https://bugs.debian.org/897832 +Forwarded: yes +Last-Update: 2018-08-05 + +--- a/paexec/paexec.c ++++ b/paexec/paexec.c +@@ -391,16 +391,14 @@ + msg_success, msg_failure); + } + +- snprintf (cmd, sizeof (cmd), ++ if (snprintf (cmd, sizeof (cmd), + "%s\n while read f; do" + " res=`run \"$f\"`;" + " ex=$?;" + " %s" /* printing result */ + " %s" /* condition. success/failure */ + " echo '%s';" /* EOT */ +- "done", generate_run_command(), tmp, cond_cmd, magic_eot); +- +- if (strlen(cmd) + 1 == sizeof(cmd)){ ++ "done", generate_run_command(), tmp, cond_cmd, magic_eot) >= sizeof (cmd)){ + err_fatal ("paexec: Internal error7! (buffer size)"); + } + +@@ -415,12 +413,16 @@ + + SLIST_FOREACH (p, &envvars, entries){ + xshquote ((p->value ? p->value : ""), tmp, sizeof (tmp)); +- snprintf (tmp2, sizeof (tmp2), "%s=%s ", p->name, tmp); ++ if (snprintf (tmp2, sizeof (tmp2), "%s=%s ", p->name, tmp) >= sizeof (tmp2)){ ++ err_fatal ("paexec: Internal error! (buffer size)"); ++ } + strlcat (env_str, tmp2, sizeof (env_str)); + } + + /**/ +- snprintf (cmd, sizeof (cmd), "env %s /bin/sh -c %s", env_str, shq_cmd); ++ if (snprintf (cmd, sizeof (cmd), "env %s /bin/sh -c %s", env_str, shq_cmd) >= sizeof (cmd)){ ++ err_fatal ("paexec: Internal error! (buffer size)"); ++ } + xfree (arg_cmd); + arg_cmd = xstrdup (cmd); + |