Historical bug tracker for the Pacman package manager.
The pacman bug tracker has moved to gitlab:
https://gitlab.archlinux.org/pacman/pacman/-/issues
This tracker remains open for interaction with historical bugs during the transition period. Any new bugs reports will be closed without further action.
The pacman bug tracker has moved to gitlab:
https://gitlab.archlinux.org/pacman/pacman/-/issues
This tracker remains open for interaction with historical bugs during the transition period. Any new bugs reports will be closed without further action.
FS#442 - PATCH: Fix buffer overflow in Pacman
Attached to Project:
Pacman
Opened by Indan Zupancic (i3839) - Sunday, 08 February 2004, 00:57 GMT
Last edited by Judd Vinet (judd) - Sunday, 08 February 2004, 06:15 GMT
Opened by Indan Zupancic (i3839) - Sunday, 08 February 2004, 00:57 GMT
Last edited by Judd Vinet (judd) - Sunday, 08 February 2004, 06:15 GMT
|
DetailsIn pacman.c version 2.7.3, strlen is used, forgetting that strlen returns the length of the string without the terminating 0, thus allocating a buffer strlen + 1 gives you the actual size.
I think that using realloc would be better in this case, but that is another issue. patch: --- pacman.c 2004-02-08 00:02:04.000000000 +0100 +++ pacman.c.iz 2004-02-08 00:02:44.000000000 +0100 @@ -178,7 +178,7 @@ /* check for db existence */ /* add a trailing '/' if there isn't one */ if(pmo_root[strlen(pmo_root)-1] != '/') { - MALLOC(ptr, strlen(pmo_root)+1); + MALLOC(ptr, strlen(pmo_root)+2); strcpy(ptr, pmo_root); strcat(ptr, "/"); FREE(pmo_root); |
This task depends upon