ACK. This is a valid bug fix backport from just after opkg_0.4.2's release.
On 1/23/24 00:28, virendra thakur wrote:
[You don't often get email from thakur.virendra1...@gmail.com. Learn why this
is important at https://aka.ms/LearnAboutSenderIdentification ]
In the case of a zero length string being returned by fgets(), the condition
checking for a trailing new line would perform a bad memory access outside
of `buf`. This might happen when line with a leading null byte is read.
Avoid this case by checking that the string has a length of at least one
byte.
Link:
https://github.com/ndmsystems/opkg/commit/8b45a3c4cab95382beea1ecdddeb2e4a9ed14aba
Signed-off-by: virendra thakur
---
...possible-bad-memory-access-in-file_r.patch | 50 +++
meta/recipes-devtools/opkg/opkg_0.4.2.bb | 1 +
2 files changed, 51 insertions(+)
create mode 100644
meta/recipes-devtools/opkg/opkg/0001-file_util.c-fix-possible-bad-memory-access-in-file_r.patch
diff --git
a/meta/recipes-devtools/opkg/opkg/0001-file_util.c-fix-possible-bad-memory-access-in-file_r.patch
b/meta/recipes-devtools/opkg/opkg/0001-file_util.c-fix-possible-bad-memory-access-in-file_r.patch
new file mode 100644
index 00..bec21e67f4
--- /dev/null
+++
b/meta/recipes-devtools/opkg/opkg/0001-file_util.c-fix-possible-bad-memory-access-in-file_r.patch
@@ -0,0 +1,50 @@
+From 8b45a3c4cab95382beea1ecdddeb2e4a9ed14aba Mon Sep 17 00:00:00 2001
+From: Jo-Philipp Wich
+Date: Wed, 1 Apr 2020 21:47:40 +0200
+Subject: [PATCH 001/104] file_util.c: fix possible bad memory access in
+ file_read_line_alloc()
+
+In the case of a zero length string being returned by fgets(), the condition
+checking for a trailing new line would perform a bad memory access outside
+of `buf`. This might happen when line with a leading null byte is read.
+
+Avoid this case by checking that the string has a length of at least one
+byte. Also change the unsigned int types to size_t to store length values
+while we're at it.
+
+Upstream-Status: Backport
[https://github.com/ndmsystems/opkg/commit/8b45a3c4cab95382beea1ecdddeb2e4a9ed14aba]
+
+Signed-off-by: Jo-Philipp Wich
+Signed-off-by: Alejandro del Castillo
+Signed-off-by: virendra thakur
+---
+ libopkg/file_util.c | 7 ++-
+ 1 file changed, 2 insertions(+), 5 deletions(-)
+
+diff --git a/libopkg/file_util.c b/libopkg/file_util.c
+index fbed7b4..ee9f59d 100644
+--- a/libopkg/file_util.c
b/libopkg/file_util.c
+@@ -127,17 +127,14 @@ char *file_readlink_alloc(const char *file_name)
+ */
+ char *file_read_line_alloc(FILE * fp)
+ {
++size_t buf_len, line_size;
+ char buf[BUFSIZ];
+-unsigned int buf_len;
+ char *line = NULL;
+-unsigned int line_size = 0;
+ int got_nl = 0;
+
+-buf[0] = '\0';
+-
+ while (fgets(buf, BUFSIZ, fp)) {
+ buf_len = strlen(buf);
+-if (buf[buf_len - 1] == '\n') {
++if (buf_len > 0 && buf[buf_len - 1] == '\n') {
+ buf_len--;
+ buf[buf_len] = '\0';
+ got_nl = 1;
+--
+2.25.1
+
diff --git a/meta/recipes-devtools/opkg/opkg_0.4.2.bb
b/meta/recipes-devtools/opkg/opkg_0.4.2.bb
index 55be6547c0..3ebc27c8ee 100644
--- a/meta/recipes-devtools/opkg/opkg_0.4.2.bb
+++ b/meta/recipes-devtools/opkg/opkg_0.4.2.bb
@@ -16,6 +16,7 @@ SRC_URI =
"http://downloads.yoctoproject.org/releases/${BPN}/${BPN}-${PV}.tar.gz
file://opkg.conf \
file://0001-opkg_conf-create-opkg.lock-in-run-instead-of-var-run.patch \
file://sourcedateepoch.patch \
+
file://0001-file_util.c-fix-possible-bad-memory-access-in-file_r.patch \
file://run-ptest \
"
--
2.25.1
--
Alex Stewart
Software Engineer - NI Real-Time OS
NI (National Instruments)
alex.stew...@ni.com
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#194299):
https://lists.openembedded.org/g/openembedded-core/message/194299
Mute This Topic: https://lists.openembedded.org/mt/103904427/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
