reports: fix a buffer overflow in obsoletebuf

2013-01-02 00:10:44 +01:00 · 2013-01-02 00:10:44 +01:00 · 3d17bddc92
commit 3d17bddc92
parent b358e4a43b
2 changed files with 15 additions and 7 deletions
--- a/src/distromatic.c
+++ b/src/distromatic.c
@ -1270,7 +1270,8 @@ main(int argc, char *argv[])

             if (mode & MODE_DATA_TABLES) {
               if (!quietmode) fprintf(stdout, " - writing dependencies table...\n");
-                  print_datatables(configtag,i);             }
+               print_datatables(configtag,i);
+             }

             if (genheader_mode & GENHEADER_STATS) {
               if (!quietmode)
--- a/src/reports.c
+++ b/src/reports.c
@ -1803,10 +1803,10 @@ print_datatables(struct configTag *ct, int arch) {
     char builddeps_filename[1024], deps_filename[1024], virtual_filename[1024], 
          builds_filename[1024], builds_sh_filename[1024], sources_filename[1024],
 	  contents_filename[1024], buf[1024];
-     char obsoletebuf[1024];
+     char obsoletebuf[PATH_MAX];
     struct headerList *currheaderlist, *currchild;
     struct headerSourceList * currheadersourcelist;
-     int i, depscnt, nonobsoletednumproviders;
+     int i, nonobsoletednumproviders;

     snprintf(builddeps_filename,1024,"%sbuilddeps-%s",ct->html_dir,ct->arch[arch]);
     snprintf(deps_filename,1024,"%sdeps-%s",ct->html_dir,ct->arch[arch]);
@ -1893,6 +1893,7 @@ print_datatables(struct configTag *ct, int arch) {
     fprintf(fb,"\n");

     // write deps file
+     logmsg(LOG_DEBUG,"writing deps files (1)");
     struct providedList* provided = ct->providedlist_idx[arch][0];
     while (provided) {
        nonobsoletednumproviders=0;
@ -1954,8 +1955,10 @@ print_datatables(struct configTag *ct, int arch) {
     }

     //write contents (filenames)
+     logmsg(LOG_DEBUG,"writing contents file");
     print_contents_subtree(fc,ct->filetree[arch],ct,buf,1024);

+     logmsg(LOG_DEBUG,"writing deps files (2)");
     currheaderlist = ct->headerlist[arch];
     while (currheaderlist) {
        fprintf(fd,"%s: ", currheaderlist->name);
@ -2018,6 +2021,7 @@ print_datatables(struct configTag *ct, int arch) {
     //
     // headersourcelist scan: write builds and sources files
     //
+     logmsg(LOG_DEBUG,"writing builds and sources files (1)");
     fprintf(fbsh,"pkg_list=(");
     currheadersourcelist = ct->headersourcelist;
     while (currheadersourcelist != NULL) {
@ -2030,9 +2034,8 @@ print_datatables(struct configTag *ct, int arch) {
     }
     fprintf(fbsh,");\n");

-     depscnt = 0;
-
     currheadersourcelist = ct->headersourcelist;
+     logmsg(LOG_DEBUG,"writing builds and sources files (2)");
     while (currheadersourcelist != NULL) {

        currchild = currheadersourcelist->firstchild[arch];
@ -2066,8 +2069,12 @@ print_datatables(struct configTag *ct, int arch) {
              fprintf(fbsh,"%s",currchild->name);
              fprintf(fb," %s",currchild->name);
              for (i = 0; i < currchild->obsoletecount; i++ ) {
-                 if (obsoletebuf[0] != '\0') strncat(obsoletebuf," ",1024);
-                 strncat(obsoletebuf,currchild->obsoletename[i],1024);
+                 if (strlen(obsoletebuf) + strlen(currchild->obsoletename[i]) >= PATH_MAX - 2) {
+                    logmsg(LOG_WARNING, "reached obsoletebuf maximum size (%d); skipping further obsoletes", PATH_MAX);
+                    break;
+                 }
+                 if (obsoletebuf[0] != '\0') strcat(obsoletebuf," ");
+                 strcat(obsoletebuf,currchild->obsoletename[i]);
              }
              currchild = currchild->nextbrother;
              if (currchild) fprintf(fbsh," ");