From 69b62b1990bc0257bd01342ea1710375fa0cce6d Mon Sep 17 00:00:00 2001 From: Eric Fahlgren Date: Tue, 27 Jan 2026 08:56:37 -0800 Subject: [PATCH] rpc-sys: packagelist: increase input buffer size apk's installed database contains description lines that can be up to 512 characters in content. Adding the line prefix, "T:" for descriptions, the newline and null terminator, we get a max input of 516 characters. If a description just happens to have more than 256 characters, it will be read in two parts. If that second part also happens to have a valid prefix, like "g:", as its first two characters, this would masquerade as valid tag and cause all sorts of mayhem. We increase input line buffer to 516 to avoid this issue. (This was originally left at 256 based upon the linked commit's title, and a lack of consideration of the prefix and newline, but examination of the code shows it should actually be 512.) Link: https://gitlab.alpinelinux.org/alpine/apk-tools/-/commit/417a93ceae540444fdbd3f76d1dadf0e15621fdc Signed-off-by: Eric Fahlgren Link: https://github.com/openwrt/rpcd/pull/25 Signed-off-by: Robert Marko --- sys.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/sys.c b/sys.c index fd7ad3b..7676ba6 100644 --- a/sys.c +++ b/sys.c @@ -205,7 +205,8 @@ rpc_sys_packagelist(struct ubus_context *ctx, struct ubus_object *obj, struct blob_attr *tb[__RPC_PACKAGELIST_MAX]; bool all = false; struct blob_buf buf = { 0 }; - char line[256], abi[128], pkg[128], ver[128]; + /* line len = prefix(2) + content(512) + newline + null = 516 */ + char line[516], abi[128], pkg[128], ver[128]; void *tbl; struct stat statbuf; const char **world = NULL; @@ -256,7 +257,7 @@ rpc_sys_packagelist(struct ubus_context *ctx, struct ubus_object *obj, if (world_mmap == MAP_FAILED) { return rpc_errno_status(); } - + if (world_mmap[world_mmap_size-2] != '\n') { /* 'world' file is malformed: missing final newline */ munmap(world_mmap, world_mmap_size); -- 2.30.2