diff options
Diffstat (limited to 'dev-libs/confuse/files')
-rw-r--r-- | dev-libs/confuse/files/confuse-3.3-fix-CVE-2022-40320.patch | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/dev-libs/confuse/files/confuse-3.3-fix-CVE-2022-40320.patch b/dev-libs/confuse/files/confuse-3.3-fix-CVE-2022-40320.patch new file mode 100644 index 000000000000..478c8556fe59 --- /dev/null +++ b/dev-libs/confuse/files/confuse-3.3-fix-CVE-2022-40320.patch @@ -0,0 +1,39 @@ +https://bugs.gentoo.org/901089 +https://github.com/libconfuse/libconfuse/commit/d73777c2c3566fb2647727bb56d9a2295b81669b + +(Rebased by Vaibhav Rustagi <vaibhavrustagi@google.com>) + +From d73777c2c3566fb2647727bb56d9a2295b81669b Mon Sep 17 00:00:00 2001 +From: Joachim Wiberg <troglobit@gmail.com> +Date: Fri, 2 Sep 2022 16:12:46 +0200 +Subject: [PATCH] Fix #163: unterminated username used with getpwnam() + +Signed-off-by: Joachim Wiberg <troglobit@gmail.com> +--- a/src/confuse.c ++++ b/src/confuse.c +@@ -1863,18 +1863,20 @@ DLLIMPORT char *cfg_tilde_expand(const char *filename) + passwd = getpwuid(geteuid()); + file = filename + 1; + } else { +- /* ~user or ~user/path */ +- char *user; ++ char *user; /* ~user or ~user/path */ ++ size_t len; + + file = strchr(filename, '/'); + if (file == 0) + file = filename + strlen(filename); + +- user = malloc(file - filename); ++ len = file - filename - 1; ++ user = malloc(len + 1); + if (!user) + return NULL; + +- strncpy(user, filename + 1, file - filename - 1); ++ strncpy(user, &filename[1], len); ++ user[len] = 0; + passwd = getpwnam(user); + free(user); + } + |