opkg: Fix bad memory access error observe in file_read_line_alloc

In the case of a zero length string being returned by fgets(), the condition checking for a trailing new line would perform a bad memory access outside of `buf`. This might happen when line with a leading null byte is read. Avoid this case by checking that the string has a length of at least one byte. Link: https://github.com/ndmsystems/opkg/commit/8b45a3c4cab95382beea1ecdddeb2e4a9ed14aba (From OE-Core rev: 32e3618891295cec1ee5d4195998aa97f93b2207) Signed-off-by: virendra thakur <virendrak@kpit.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: virendra thakur <thakur.virendra1810@gmail.com> 2024-01-23 10:58:20 +0530
committer: Steve Sakoman <steve@sakoman.com> 2024-01-31 03:51:10 -1000
commit: a528dc22aafff4e91f01a48525ab19cf5eef395b (patch)
tree: 1f7128b21dee7c22caf7dfb1a3ca245c9dcb2ea8
parent: 4bda99df75e25df5ba6dccbd6df9ab3f089bb134 (diff)
download: poky-a528dc22aafff4e91f01a48525ab19cf5eef395b.tar.gz
2 files changed, 51 insertions, 0 deletions
diff --git a/meta/recipes-devtools/opkg/opkg/0001-file_util.c-fix-possible-bad-memory-access-in-file_r.patch b/meta/recipes-devtools/opkg/opkg/0001-file_util.c-fix-possible-bad-memory-access-in-file_r.patch
new file mode 100644
index 0000000000..bec21e67f4
--- /dev/null
+++ b/meta/recipes-devtools/opkg/opkg/0001-file_util.c-fix-possible-bad-memory-access-in-file_r.patch
@@ -0,0 +1,50 @@
+From 8b45a3c4cab95382beea1ecdddeb2e4a9ed14aba Mon Sep 17 00:00:00 2001
+From: Jo-Philipp Wich <jo@mein.io>
+Date: Wed, 1 Apr 2020 21:47:40 +0200
+Subject: [PATCH 001/104] file_util.c: fix possible bad memory access in
+ file_read_line_alloc()
+In the case of a zero length string being returned by fgets(), the condition
+checking for a trailing new line would perform a bad memory access outside
+of `buf`. This might happen when line with a leading null byte is read.
+Avoid this case by checking that the string has a length of at least one
+byte. Also change the unsigned int types to size_t to store length values
+while we're at it.
+Upstream-Status: Backport [https://github.com/ndmsystems/opkg/commit/8b45a3c4cab95382beea1ecdddeb2e4a9ed14aba]
+Signed-off-by: Jo-Philipp Wich <jo@mein.io>
+Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com>
+Signed-off-by: virendra thakur <virendrak@kpit.com>
+---
+ libopkg/file_util.c | 7 ++-----
+ 1 file changed, 2 insertions(+), 5 deletions(-)
+diff --git a/libopkg/file_util.c b/libopkg/file_util.c
+index fbed7b4..ee9f59d 100644
+--- a/libopkg/file_util.c
+++ b/libopkg/file_util.c
+@@ -127,17 +127,14 @@ char *file_readlink_alloc(const char *file_name)
+ */
+ char *file_read_line_alloc(FILE * fp)
+ {
+    size_t buf_len, line_size;
+     char buf[BUFSIZ];
+-    unsigned int buf_len;
+     char *line = NULL;
+-    unsigned int line_size = 0;
+     int got_nl = 0;
+ 
+-    buf[0] = '\0';
+-
+     while (fgets(buf, BUFSIZ, fp)) {
+         buf_len = strlen(buf);
+-        if (buf[buf_len - 1] == '\n') {
+        if (buf_len > 0 && buf[buf_len - 1] == '\n') {
+             buf_len--;
+             buf[buf_len] = '\0';
+             got_nl = 1;
+-- 
+2.25.1
diff --git a/meta/recipes-devtools/opkg/opkg_0.4.2.bb b/meta/recipes-devtools/opkg/opkg_0.4.2.bb
index 55be6547c0..3ebc27c8ee 100644
--- a/meta/recipes-devtools/opkg/opkg_0.4.2.bb
+++ b/meta/recipes-devtools/opkg/opkg_0.4.2.bb
@@ -16,6 +16,7 @@ SRC_URI = "http://downloads.yoctoproject.org/releases/${BPN}/${BPN}-${PV}.tar.gz
           file://opkg.conf \
           file://0001-opkg_conf-create-opkg.lock-in-run-instead-of-var-run.patch \
           file://sourcedateepoch.patch \
+           file://0001-file_util.c-fix-possible-bad-memory-access-in-file_r.patch \
           file://run-ptest \
 "
author	virendra thakur <thakur.virendra1810@gmail.com>	2024-01-23 10:58:20 +0530
committer	Steve Sakoman <steve@sakoman.com>	2024-01-31 03:51:10 -1000
commit	a528dc22aafff4e91f01a48525ab19cf5eef395b (patch)
tree	1f7128b21dee7c22caf7dfb1a3ca245c9dcb2ea8
parent	4bda99df75e25df5ba6dccbd6df9ab3f089bb134 (diff)
download	poky-a528dc22aafff4e91f01a48525ab19cf5eef395b.tar.gz

diff --git a/meta/recipes-devtools/opkg/opkg/0001-file_util.c-fix-possible-bad-memory-access-in-file_r.patch b/meta/recipes-devtools/opkg/opkg/0001-file_util.c-fix-possible-bad-memory-access-in-file_r.patch new file mode 100644 index 0000000000..bec21e67f4 --- /dev/null +++ b/meta/recipes-devtools/opkg/opkg/0001-file_util.c-fix-possible-bad-memory-access-in-file_r.patch
@@ -0,0 +1,50 @@
		1	From 8b45a3c4cab95382beea1ecdddeb2e4a9ed14aba Mon Sep 17 00:00:00 2001
		2	From: Jo-Philipp Wich <jo@mein.io>
		3	Date: Wed, 1 Apr 2020 21:47:40 +0200
		4	Subject: [PATCH 001/104] file_util.c: fix possible bad memory access in
		5	file_read_line_alloc()
		6
		7	In the case of a zero length string being returned by fgets(), the condition
		8	checking for a trailing new line would perform a bad memory access outside
		9	of `buf`. This might happen when line with a leading null byte is read.
		10
		11	Avoid this case by checking that the string has a length of at least one
		12	byte. Also change the unsigned int types to size_t to store length values
		13	while we're at it.
		14
		15	Upstream-Status: Backport [https://github.com/ndmsystems/opkg/commit/8b45a3c4cab95382beea1ecdddeb2e4a9ed14aba]
		16
		17	Signed-off-by: Jo-Philipp Wich <jo@mein.io>
		18	Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com>
		19	Signed-off-by: virendra thakur <virendrak@kpit.com>
		20	---
		21	libopkg/file_util.c \| 7 ++-----
		22	1 file changed, 2 insertions(+), 5 deletions(-)
		23
		24	diff --git a/libopkg/file_util.c b/libopkg/file_util.c
		25	index fbed7b4..ee9f59d 100644
		26	--- a/libopkg/file_util.c
		27	+++ b/libopkg/file_util.c
		28	@@ -127,17 +127,14 @@ char file_readlink_alloc(const char file_name)
		29	*/
		30	char file_read_line_alloc(FILE fp)
		31	{
		32	+ size_t buf_len, line_size;
		33	char buf[BUFSIZ];
		34	- unsigned int buf_len;
		35	char *line = NULL;
		36	- unsigned int line_size = 0;
		37	int got_nl = 0;
		38
		39	- buf[0] = '\0';
		40	-
		41	while (fgets(buf, BUFSIZ, fp)) {
		42	buf_len = strlen(buf);
		43	- if (buf[buf_len - 1] == '\n') {
		44	+ if (buf_len > 0 && buf[buf_len - 1] == '\n') {
		45	buf_len--;
		46	buf[buf_len] = '\0';
		47	got_nl = 1;
		48	--
		49	2.25.1
		50


diff --git a/meta/recipes-devtools/opkg/opkg_0.4.2.bb b/meta/recipes-devtools/opkg/opkg_0.4.2.bb index 55be6547c0..3ebc27c8ee 100644 --- a/meta/recipes-devtools/opkg/opkg_0.4.2.bb +++ b/meta/recipes-devtools/opkg/opkg_0.4.2.bb
@@ -16,6 +16,7 @@ SRC_URI = "http://downloads.yoctoproject.org/releases/${BPN}/${BPN}-${PV}.tar.gz
16	file://opkg.conf \	16	file://opkg.conf \
17	file://0001-opkg_conf-create-opkg.lock-in-run-instead-of-var-run.patch \	17	file://0001-opkg_conf-create-opkg.lock-in-run-instead-of-var-run.patch \
18	file://sourcedateepoch.patch \	18	file://sourcedateepoch.patch \
		19	file://0001-file_util.c-fix-possible-bad-memory-access-in-file_r.patch \
19	file://run-ptest \	20	file://run-ptest \
20	"	21	"
21		22