mirror of
https://github.com/Ponce/slackbuilds
synced 2024-11-22 19:44:21 +01:00
77 lines
2.8 KiB
Diff
77 lines
2.8 KiB
Diff
From: Lubomir Rintel <lkundrak@v3.sk>
|
|
Subject: [PATCH] Fix stack smashing in variable expansion
|
|
|
|
Apparently, Fedora's compiler flags were too long for jam's mind,
|
|
resulting in out-of-bounds write on stack. This patch increases length
|
|
of variable expansion buffer (and filename buffer, just in case) as
|
|
well as adds checks for buffer overflows in some places.
|
|
|
|
diff -up jam-2.5/expand.c.overflow jam-2.5/expand.c
|
|
--- jam-2.5/expand.c.overflow 2003-04-23 06:45:50.000000000 +0200
|
|
+++ jam-2.5/expand.c 2009-07-25 15:59:30.319767119 +0200
|
|
@@ -27,6 +27,7 @@
|
|
* 10/22/02 (seiwald) - list_new() now does its own newstr()/copystr()
|
|
* 11/04/02 (seiwald) - const-ing for string literals
|
|
* 12/30/02 (armstrong) - fix out-of-bounds access in var_expand()
|
|
+ * 25/07/09 (lkundrak@v3.sk) - fix stack overflows in var_expand()
|
|
*/
|
|
|
|
# include "jam.h"
|
|
@@ -283,8 +284,14 @@ var_expand(
|
|
|
|
if( colon && edits.filemods )
|
|
var_edit_file( value->string, out, &edits );
|
|
- else
|
|
+ else {
|
|
+ if( out + strlen( value->string ) > out_buf + sizeof( out_buf ) ) {
|
|
+ fprintf( stderr, "ERROR: String longer than %i characters: '%s' + '%s'\n",
|
|
+ sizeof( out_buf ), out, value->string );
|
|
+ exit( 1 );
|
|
+ }
|
|
strcpy( out, value->string );
|
|
+ }
|
|
|
|
if( colon && ( edits.upshift || edits.downshift ) )
|
|
var_edit_shift( out, &edits );
|
|
@@ -298,6 +305,11 @@ var_expand(
|
|
( list_next( value ) || list_next( vars ) ) )
|
|
{
|
|
out += strlen( out );
|
|
+ if( out + strlen( edits.join.ptr ) > out_buf + sizeof( out_buf ) ) {
|
|
+ fprintf( stderr, "ERROR: String longer than %i characters: '%s' + '%s'\n",
|
|
+ sizeof( out_buf ), out, edits.join.ptr );
|
|
+ exit( 1 );
|
|
+ }
|
|
strcpy( out, edits.join.ptr );
|
|
out += strlen( out );
|
|
continue;
|
|
@@ -320,6 +332,11 @@ var_expand(
|
|
|
|
for( rem = remainder; rem; rem = list_next( rem ) )
|
|
{
|
|
+ if( out1 + strlen( rem->string ) > out_buf + sizeof( out_buf ) ) {
|
|
+ fprintf( stderr, "ERROR: String longer than %i characters: '%s' + '%s'\n",
|
|
+ sizeof( out_buf ), out, rem->string );
|
|
+ exit( 1 );
|
|
+ }
|
|
strcpy( out1, rem->string );
|
|
l = list_new( l, out_buf, 0 );
|
|
}
|
|
diff -up jam-2.5/jam.h.overflow jam-2.5/jam.h
|
|
--- jam-2.5/jam.h.overflow 2004-06-23 19:45:36.000000000 +0200
|
|
+++ jam-2.5/jam.h 2009-07-25 15:59:35.464767132 +0200
|
|
@@ -472,8 +472,12 @@
|
|
|
|
/* You probably don't need to muck with these. */
|
|
|
|
-# define MAXSYM 1024 /* longest symbol in the environment */
|
|
-# define MAXJPATH 1024 /* longest filename */
|
|
+# define MAXSYM 65536 /* longest symbol in the environment */
|
|
+# ifdef PATH_MAX
|
|
+# define MAXJPATH PATH_MAX /* longest filename */
|
|
+# else
|
|
+# define MAXJPATH 4096
|
|
+# endif
|
|
|
|
# define MAXJOBS 64 /* silently enforce -j limit */
|
|
# define MAXARGC 32 /* words in $(JAMSHELL) */
|