in the function query_fileowner, if the user enters a string longer
than PATH_MAX then rpath will buffer overflow when lrealpath tries to
strcat everything together.
So make sure to bail early if the generated path is going to be bigger
than PATH_MAX.
This also fixes the compiler warning:
query.c
On Sat, 22 Sep 2018 at 22:57, Andrew Gregory wrote:
> Set errno to ENAMETOOLONG and return NULL, just like realpath.
The problem still remains. You can input a filename that's < PATH_MAX
and have it resolve to something > PATH_MAX. You have no way to print
what that resolved path was. You can pri
On 09/22/18 at 10:46pm, Morgan Adamiec wrote:
> On Sat, 22 Sep 2018 at 22:20, Andrew Gregory
> wrote:
> > Good catch, but this approach allows lrealpath to allocate a buffer
> > larger than PATH_MAX only to error if it actually does. lrealpath is
> > intended to be the same as realpath (aside fr
On Sat, 22 Sep 2018 at 22:20, Andrew Gregory wrote:
> Good catch, but this approach allows lrealpath to allocate a buffer
> larger than PATH_MAX only to error if it actually does. lrealpath is
> intended to be the same as realpath (aside from not resolving symlinks
> obviously), so it should be f
On 09/22/18 at 09:16pm, morganamilo wrote:
> in the function query_fileowner, if the user enters a string longer
> than PATH_MAX then rpath will buffer overflow when lrealpath tries to
> strcat everything together.
>
> Even if we made sure filename was never longer than PATH_MAX this would
> not h
On Sat, 22 Sep 2018 at 21:54, Andrew Gregory wrote:
>
> On 09/22/18 at 09:16pm, morganamilo wrote:
> > The string only becomes longer than PATH_MAX once adding "/" to the end.
> > The error message should give this version of the path.
> >
> > Signed-off-by: morganamilo
>
> NACK. The trailing sl
On 09/22/18 at 09:16pm, morganamilo wrote:
> The string only becomes longer than PATH_MAX once adding "/" to the end.
> The error message should give this version of the path.
>
> Signed-off-by: morganamilo
NACK. The trailing slash is in the format string; your version now
has two trailing slas
The string only becomes longer than PATH_MAX once adding "/" to the end.
The error message should give this version of the path.
Signed-off-by: morganamilo
diff --git a/src/pacman/query.c b/src/pacman/query.c
index a1197cea..ecf8d148 100644
--- a/src/pacman/query.c
+++ b/src/pacman/query.c
@@ -2
in the function query_fileowner, if the user enters a string longer
than PATH_MAX then rpath will buffer overflow when lrealpath tries to
strcat everything together.
Even if we made sure filename was never longer than PATH_MAX this would
not help because lrealpath may concatenate filename with the
When --needed is used, up to date packages are now filtered out
before showing the group select.
Signed-off-by: morganamilo
---
This patch set is currently incomplete. There is a problem where if every
package in the group is already installed you end up with the eror.
"error: target not found:
10 matches
Mail list logo