apk's installed database contains description lines that can be
up to 512 characters in content. Adding the line prefix, "T:"
for descriptions, the newline and null terminator, we get a max
input of 516 characters.
If a description just happens to have more than 256 characters,
it will be read in two parts. If that second part also happens
to have a valid prefix, like "g:", as its first two characters,
this would masquerade as valid tag and cause all sorts of mayhem.
We increase input line buffer to 516 to avoid this issue.
(This was originally left at 256 based upon the linked commit's
title, and a lack of consideration of the prefix and newline,
but examination of the code shows it should actually be 512.)
Link: https://gitlab.alpinelinux.org/alpine/apk-tools/-/commit/417a93ceae540444fdbd3f76d1dadf0e15621fdc
Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com>
Link: https://github.com/openwrt/rpcd/pull/25
Signed-off-by: Robert Marko <robimarko@gmail.com>
struct blob_attr *tb[__RPC_PACKAGELIST_MAX];
bool all = false;
struct blob_buf buf = { 0 };
- char line[256], abi[128], pkg[128], ver[128];
+ /* line len = prefix(2) + content(512) + newline + null = 516 */
+ char line[516], abi[128], pkg[128], ver[128];
void *tbl;
struct stat statbuf;
const char **world = NULL;
if (world_mmap == MAP_FAILED) {
return rpc_errno_status();
}
-
+
if (world_mmap[world_mmap_size-2] != '\n') {
/* 'world' file is malformed: missing final newline */
munmap(world_mmap, world_mmap_size);
projects / project / rpcd.git / commitdiff