fix a buffer overflow bug that cause

http://code.google.com/p/opkg/issues/detail?id=3

git-svn-id: http://opkg.googlecode.com/svn/trunk@197 e8e0d7a0-c8d9-11dd-a880-a1081c7ac358

diff --git a/libopkg/opkg_cmd.c b/libopkg/opkg_cmd.c
index 043536c025fdbc329ef959123cf83303af879068..f0ac3f75c94a6e929d86a52df3d47d12b45c99e5 100644 (file)
--- a/libopkg/opkg_cmd.c
+++ b/libopkg/opkg_cmd.c
@@ -815,7 +815,7 @@ static int opkg_info_status_cmd(opkg_conf_t *conf, int argc, char **argv, int in
      char *pkg_name = NULL;
      char **pkg_fields = NULL;
      int n_fields = 0;
-     char *buff ; 
+     char *buff = NULL; 
 
      if (argc > 0) {
          pkg_name = argv[0];
@@ -847,6 +847,7 @@ static int opkg_info_status_cmd(opkg_conf_t *conf, int argc, char **argv, int in
    We need to free it :)  ( Thanks florian for seeing the error )
 */
                free(buff);
+               buff = NULL;
           }
          if (conf->verbosity > 1) {
               conffile_list_elt_t *iter;

diff --git a/libopkg/pkg.c b/libopkg/pkg.c
index cc33e70671fb1ffb8c122f77c4926434cdca876e..5096ba022c82cc22a01fb264500b47ce8bdd004b 100644 (file)
--- a/libopkg/pkg.c
+++ b/libopkg/pkg.c
@@ -492,100 +492,127 @@ void set_flags_from_control(opkg_conf_t *conf, pkg_t *pkg){
 
 }
 
+#define CHECK_BUFF_SIZE(buff, line, buf_size, page_size) do { \
+        if (strlen(buff) + strlen(line) >= (buf_size)) { \
+            buf_size += page_size; \
+            buff = realloc(buff, buf_size); \
+        } \
+    } while(0)
 char * pkg_formatted_info(pkg_t *pkg )
 {
      char *line;
      char * buff;
+     const size_t page_size = 8192;
+     size_t buff_size = page_size;
 
-     buff = calloc(1, 8192);
+     buff = calloc(1, buff_size);
      if (buff == NULL) {
          fprintf(stderr, "%s: out of memory\n", __FUNCTION__);
          return NULL;
      }
 
-     buff[0] = '\0';
-
      line = pkg_formatted_field(pkg, "Package");
+     CHECK_BUFF_SIZE(buff, line, buff_size, page_size);
      strncat(buff ,line, strlen(line));
      free(line);
 
      line = pkg_formatted_field(pkg, "Version");
+     CHECK_BUFF_SIZE(buff, line, buff_size, page_size);
      strncat(buff ,line, strlen(line));
      free(line);
 
      line = pkg_formatted_field(pkg, "Depends");
+     CHECK_BUFF_SIZE(buff, line, buff_size, page_size);
      strncat(buff ,line, strlen(line));
      free(line);
      
      line = pkg_formatted_field(pkg, "Recommends");
+     CHECK_BUFF_SIZE(buff, line, buff_size, page_size);
      strncat(buff ,line, strlen(line));
      free(line);
 
      line = pkg_formatted_field(pkg, "Suggests");
+     CHECK_BUFF_SIZE(buff, line, buff_size, page_size);
      strncat(buff ,line, strlen(line));
      free(line);
 
      line = pkg_formatted_field(pkg, "Provides");
+     CHECK_BUFF_SIZE(buff, line, buff_size, page_size);
      strncat(buff ,line, strlen(line));
      free(line);
 
      line = pkg_formatted_field(pkg, "Replaces");
+     CHECK_BUFF_SIZE(buff, line, buff_size, page_size);
      strncat(buff ,line, strlen(line));
      free(line);
 
      line = pkg_formatted_field(pkg, "Conflicts");
+     CHECK_BUFF_SIZE(buff, line, buff_size, page_size);
      strncat(buff ,line, strlen(line));
      free(line);
 
      line = pkg_formatted_field(pkg, "Status");
+     CHECK_BUFF_SIZE(buff, line, buff_size, page_size);
      strncat(buff ,line, strlen(line));
      free(line);
 
      line = pkg_formatted_field(pkg, "Section");
+     CHECK_BUFF_SIZE(buff, line, buff_size, page_size);
      strncat(buff ,line, strlen(line));
      free(line);
 
      line = pkg_formatted_field(pkg, "Essential"); /* @@@@ should be removed in future release. *//* I do not agree with this Pigi*/
+     CHECK_BUFF_SIZE(buff, line, buff_size, page_size);
      strncat(buff ,line, strlen(line));
      free(line);
 
      line = pkg_formatted_field(pkg, "Architecture");
+     CHECK_BUFF_SIZE(buff, line, buff_size, page_size);
      strncat(buff ,line, strlen(line));
      free(line);
 
      line = pkg_formatted_field(pkg, "Maintainer");
+     CHECK_BUFF_SIZE(buff, line, buff_size, page_size);
      strncat(buff ,line, strlen(line));
      free(line);
 
      line = pkg_formatted_field(pkg, "MD5sum");
+     CHECK_BUFF_SIZE(buff, line, buff_size, page_size);
      strncat(buff ,line, strlen(line));
      free(line);
 
      line = pkg_formatted_field(pkg, "Size");
+     CHECK_BUFF_SIZE(buff, line, buff_size, page_size);
      strncat(buff ,line, strlen(line));
      free(line);
 
      line = pkg_formatted_field(pkg, "Filename");
+     CHECK_BUFF_SIZE(buff, line, buff_size, page_size);
      strncat(buff ,line, strlen(line));
      free(line);
 
      line = pkg_formatted_field(pkg, "Conffiles");
+     CHECK_BUFF_SIZE(buff, line, buff_size, page_size);
      strncat(buff ,line, strlen(line));
      free(line);
 
      line = pkg_formatted_field(pkg, "Source");
+     CHECK_BUFF_SIZE(buff, line, buff_size, page_size);
      strncat(buff ,line, strlen(line));
      free(line);
 
      line = pkg_formatted_field(pkg, "Description");
+     CHECK_BUFF_SIZE(buff, line, buff_size, page_size);
      strncat(buff ,line, strlen(line));
      free(line);
 
      line = pkg_formatted_field(pkg, "Installed-Time");
+     CHECK_BUFF_SIZE(buff, line, buff_size, page_size);
      strncat(buff ,line, strlen(line));
      free(line);
 
      line = pkg_formatted_field(pkg, "Tags");
+     CHECK_BUFF_SIZE(buff, line, buff_size, page_size);
      strncat(buff ,line, strlen(line));
      free(line);