[pacman-dev] [PATCH v2] pacman: fix possible buffer overflow

in the function query_fileowner, if the user enters a string longer than PATH_MAX then rpath will buffer overflow when lrealpath tries to strcat everything together. So make sure to bail early if the generated path is going to be bigger than PATH_MAX. This also fixes the compiler warning:

Re: [pacman-dev] [PATCH 1/2] pacman: fix possible buffer overflow

On Sat, 22 Sep 2018 at 22:57, Andrew Gregory wrote: > Set errno to ENAMETOOLONG and return NULL, just like realpath. The problem still remains. You can input a filename that's < PATH_MAX and have it resolve to something > PATH_MAX. You have no way to print what that resolved path was. You can

Re: [pacman-dev] [PATCH 1/2] pacman: fix possible buffer overflow

On 09/22/18 at 10:46pm, Morgan Adamiec wrote: > On Sat, 22 Sep 2018 at 22:20, Andrew Gregory > wrote: > > Good catch, but this approach allows lrealpath to allocate a buffer > > larger than PATH_MAX only to error if it actually does. lrealpath is > > intended to be the same as realpath (aside

Re: [pacman-dev] [PATCH 1/2] pacman: fix possible buffer overflow

On 09/22/18 at 09:16pm, morganamilo wrote: > in the function query_fileowner, if the user enters a string longer > than PATH_MAX then rpath will buffer overflow when lrealpath tries to > strcat everything together. > > Even if we made sure filename was never longer than PATH_MAX this would > not

Re: [pacman-dev] [PATCH 2/2] pacman: give path too long error after strcat

On Sat, 22 Sep 2018 at 21:54, Andrew Gregory wrote: > > On 09/22/18 at 09:16pm, morganamilo wrote: > > The string only becomes longer than PATH_MAX once adding "/" to the end. > > The error message should give this version of the path. > > > > Signed-off-by: morganamilo > > NACK. The trailing

Re: [pacman-dev] [PATCH 2/2] pacman: give path too long error after strcat

On 09/22/18 at 09:16pm, morganamilo wrote: > The string only becomes longer than PATH_MAX once adding "/" to the end. > The error message should give this version of the path. > > Signed-off-by: morganamilo NACK. The trailing slash is in the format string; your version now has two trailing

[pacman-dev] [PATCH 2/2] pacman: give path too long error after strcat

The string only becomes longer than PATH_MAX once adding "/" to the end. The error message should give this version of the path. Signed-off-by: morganamilo diff --git a/src/pacman/query.c b/src/pacman/query.c index a1197cea..ecf8d148 100644 --- a/src/pacman/query.c +++ b/src/pacman/query.c @@

[pacman-dev] [PATCH 1/2] pacman: fix possible buffer overflow

in the function query_fileowner, if the user enters a string longer than PATH_MAX then rpath will buffer overflow when lrealpath tries to strcat everything together. Even if we made sure filename was never longer than PATH_MAX this would not help because lrealpath may concatenate filename with

[pacman-dev] [PATCH] libalpm: process needed before group selection

When --needed is used, up to date packages are now filtered out before showing the group select. Signed-off-by: morganamilo --- This patch set is currently incomplete. There is a problem where if every package in the group is already installed you end up with the eror. "error: target not found: