From: Alex Stewart <alex.stewart@ni.com>
To: virendra thakur <thakur.virendra1810@gmail.com>,
openembedded-core@lists.openembedded.org
Subject: Re: [dunfell][PATCH] opkg: Fix bad memory acces error observe in file_read_line_alloc
Date: Wed, 24 Jan 2024 15:10:31 -0500 [thread overview]
Message-ID: <f64220e8-be7a-428d-b7d6-913ecaf05ee1@ni.com> (raw)
In-Reply-To: <20240123052820.50430-1-virendrak@kpit.com>
ACK. This is a valid bug fix backport from just after opkg_0.4.2's release.
On 1/23/24 00:28, virendra thakur wrote:
> [You don't often get email from thakur.virendra1810@gmail.com. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ]
>
> In the case of a zero length string being returned by fgets(), the condition
> checking for a trailing new line would perform a bad memory access outside
> of `buf`. This might happen when line with a leading null byte is read.
>
> Avoid this case by checking that the string has a length of at least one
> byte.
>
> Link: https://github.com/ndmsystems/opkg/commit/8b45a3c4cab95382beea1ecdddeb2e4a9ed14aba
>
> Signed-off-by: virendra thakur <virendrak@kpit.com>
> ---
> ...possible-bad-memory-access-in-file_r.patch | 50 +++++++++++++++++++
> meta/recipes-devtools/opkg/opkg_0.4.2.bb | 1 +
> 2 files changed, 51 insertions(+)
> create mode 100644 meta/recipes-devtools/opkg/opkg/0001-file_util.c-fix-possible-bad-memory-access-in-file_r.patch
>
> diff --git a/meta/recipes-devtools/opkg/opkg/0001-file_util.c-fix-possible-bad-memory-access-in-file_r.patch b/meta/recipes-devtools/opkg/opkg/0001-file_util.c-fix-possible-bad-memory-access-in-file_r.patch
> new file mode 100644
> index 0000000000..bec21e67f4
> --- /dev/null
> +++ b/meta/recipes-devtools/opkg/opkg/0001-file_util.c-fix-possible-bad-memory-access-in-file_r.patch
> @@ -0,0 +1,50 @@
> +From 8b45a3c4cab95382beea1ecdddeb2e4a9ed14aba Mon Sep 17 00:00:00 2001
> +From: Jo-Philipp Wich <jo@mein.io>
> +Date: Wed, 1 Apr 2020 21:47:40 +0200
> +Subject: [PATCH 001/104] file_util.c: fix possible bad memory access in
> + file_read_line_alloc()
> +
> +In the case of a zero length string being returned by fgets(), the condition
> +checking for a trailing new line would perform a bad memory access outside
> +of `buf`. This might happen when line with a leading null byte is read.
> +
> +Avoid this case by checking that the string has a length of at least one
> +byte. Also change the unsigned int types to size_t to store length values
> +while we're at it.
> +
> +Upstream-Status: Backport [https://github.com/ndmsystems/opkg/commit/8b45a3c4cab95382beea1ecdddeb2e4a9ed14aba]
> +
> +Signed-off-by: Jo-Philipp Wich <jo@mein.io>
> +Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com>
> +Signed-off-by: virendra thakur <virendrak@kpit.com>
> +---
> + libopkg/file_util.c | 7 ++-----
> + 1 file changed, 2 insertions(+), 5 deletions(-)
> +
> +diff --git a/libopkg/file_util.c b/libopkg/file_util.c
> +index fbed7b4..ee9f59d 100644
> +--- a/libopkg/file_util.c
> ++++ b/libopkg/file_util.c
> +@@ -127,17 +127,14 @@ char *file_readlink_alloc(const char *file_name)
> + */
> + char *file_read_line_alloc(FILE * fp)
> + {
> ++ size_t buf_len, line_size;
> + char buf[BUFSIZ];
> +- unsigned int buf_len;
> + char *line = NULL;
> +- unsigned int line_size = 0;
> + int got_nl = 0;
> +
> +- buf[0] = '\0';
> +-
> + while (fgets(buf, BUFSIZ, fp)) {
> + buf_len = strlen(buf);
> +- if (buf[buf_len - 1] == '\n') {
> ++ if (buf_len > 0 && buf[buf_len - 1] == '\n') {
> + buf_len--;
> + buf[buf_len] = '\0';
> + got_nl = 1;
> +--
> +2.25.1
> +
> diff --git a/meta/recipes-devtools/opkg/opkg_0.4.2.bb b/meta/recipes-devtools/opkg/opkg_0.4.2.bb
> index 55be6547c0..3ebc27c8ee 100644
> --- a/meta/recipes-devtools/opkg/opkg_0.4.2.bb
> +++ b/meta/recipes-devtools/opkg/opkg_0.4.2.bb
> @@ -16,6 +16,7 @@ SRC_URI = "http://downloads.yoctoproject.org/releases/${BPN}/${BPN}-${PV}.tar.gz
> file://opkg.conf \
> file://0001-opkg_conf-create-opkg.lock-in-run-instead-of-var-run.patch \
> file://sourcedateepoch.patch \
> + file://0001-file_util.c-fix-possible-bad-memory-access-in-file_r.patch \
> file://run-ptest \
> "
>
> --
> 2.25.1
>
--
Alex Stewart
Software Engineer - NI Real-Time OS
NI (National Instruments)
alex.stewart@ni.com
prev parent reply other threads:[~2024-01-24 20:10 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-23 5:28 [dunfell][PATCH] opkg: Fix bad memory acces error observe in file_read_line_alloc virendra thakur
2024-01-24 20:10 ` Alex Stewart [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f64220e8-be7a-428d-b7d6-913ecaf05ee1@ni.com \
--to=alex.stewart@ni.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=thakur.virendra1810@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox