From 3d17bddc92f16dc650613448167a04a08276988c Mon Sep 17 00:00:00 2001
From: Silvan Calarco <silvan.calarco@mambasoft.it>
Date: Wed, 2 Jan 2013 00:10:44 +0100
Subject: [PATCH] reports: fix a buffer overflow in obsoletebuf

---
 src/distromatic.c |  3 ++-
 src/reports.c     | 19 +++++++++++++------
 2 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/src/distromatic.c b/src/distromatic.c
index a718051..178954a 100644
--- a/src/distromatic.c
+++ b/src/distromatic.c
@@ -1270,7 +1270,8 @@ main(int argc, char *argv[])
 
              if (mode & MODE_DATA_TABLES) {
                if (!quietmode) fprintf(stdout, " - writing dependencies table...\n");
-                  print_datatables(configtag,i);             }
+               print_datatables(configtag,i);
+             }
 
              if (genheader_mode & GENHEADER_STATS) {
                if (!quietmode)
diff --git a/src/reports.c b/src/reports.c
index 972aca5..047458c 100644
--- a/src/reports.c
+++ b/src/reports.c
@@ -1803,10 +1803,10 @@ print_datatables(struct configTag *ct, int arch) {
      char builddeps_filename[1024], deps_filename[1024], virtual_filename[1024], 
           builds_filename[1024], builds_sh_filename[1024], sources_filename[1024],
 	  contents_filename[1024], buf[1024];
-     char obsoletebuf[1024];
+     char obsoletebuf[PATH_MAX];
      struct headerList *currheaderlist, *currchild;
      struct headerSourceList * currheadersourcelist;
-     int i, depscnt, nonobsoletednumproviders;
+     int i, nonobsoletednumproviders;
 
      snprintf(builddeps_filename,1024,"%sbuilddeps-%s",ct->html_dir,ct->arch[arch]);
      snprintf(deps_filename,1024,"%sdeps-%s",ct->html_dir,ct->arch[arch]);
@@ -1893,6 +1893,7 @@ print_datatables(struct configTag *ct, int arch) {
      fprintf(fb,"\n");
 
      // write deps file
+     logmsg(LOG_DEBUG,"writing deps files (1)");
      struct providedList* provided = ct->providedlist_idx[arch][0];
      while (provided) {
         nonobsoletednumproviders=0;
@@ -1954,8 +1955,10 @@ print_datatables(struct configTag *ct, int arch) {
      }
 
      //write contents (filenames)
+     logmsg(LOG_DEBUG,"writing contents file");
      print_contents_subtree(fc,ct->filetree[arch],ct,buf,1024);
 
+     logmsg(LOG_DEBUG,"writing deps files (2)");
      currheaderlist = ct->headerlist[arch];
      while (currheaderlist) {
         fprintf(fd,"%s: ", currheaderlist->name);
@@ -2018,6 +2021,7 @@ print_datatables(struct configTag *ct, int arch) {
      //
      // headersourcelist scan: write builds and sources files
      //
+     logmsg(LOG_DEBUG,"writing builds and sources files (1)");
      fprintf(fbsh,"pkg_list=(");
      currheadersourcelist = ct->headersourcelist;
      while (currheadersourcelist != NULL) {
@@ -2030,9 +2034,8 @@ print_datatables(struct configTag *ct, int arch) {
      }
      fprintf(fbsh,");\n");
 
-     depscnt = 0;
-
      currheadersourcelist = ct->headersourcelist;
+     logmsg(LOG_DEBUG,"writing builds and sources files (2)");
      while (currheadersourcelist != NULL) {
 
         currchild = currheadersourcelist->firstchild[arch];
@@ -2066,8 +2069,12 @@ print_datatables(struct configTag *ct, int arch) {
               fprintf(fbsh,"%s",currchild->name);
               fprintf(fb," %s",currchild->name);
               for (i = 0; i < currchild->obsoletecount; i++ ) {
-                 if (obsoletebuf[0] != '\0') strncat(obsoletebuf," ",1024);
-                 strncat(obsoletebuf,currchild->obsoletename[i],1024);
+                 if (strlen(obsoletebuf) + strlen(currchild->obsoletename[i]) >= PATH_MAX - 2) {
+                    logmsg(LOG_WARNING, "reached obsoletebuf maximum size (%d); skipping further obsoletes", PATH_MAX);
+                    break;
+                 }
+                 if (obsoletebuf[0] != '\0') strcat(obsoletebuf," ");
+                 strcat(obsoletebuf,currchild->obsoletename[i]);
               }
               currchild = currchild->nextbrother;
               if (currchild) fprintf(fbsh," ");