From 24df767c50c85beb95a5cba9036e1641745c461c Mon Sep 17 00:00:00 2001 From: Patrick McDermott Date: Sat, 06 Apr 2019 11:41:20 -0400 Subject: patches: Fix segfault on trailing comma in deps --- diff --git a/patches/0003-libopkg-Fix-segfault-on-trailing-comma-in-deps.patch b/patches/0003-libopkg-Fix-segfault-on-trailing-comma-in-deps.patch new file mode 100644 index 0000000..56181dd --- /dev/null +++ b/patches/0003-libopkg-Fix-segfault-on-trailing-comma-in-deps.patch @@ -0,0 +1,39 @@ +From a47ab58d94a48bd86fbb0fc54caea651464beaea Mon Sep 17 00:00:00 2001 +From: Patrick McDermott +Date: Sat, 6 Apr 2019 11:12:31 -0400 +Subject: [PATCH] libopkg: Fix segfault on trailing comma in deps + +A "Depends" or other package relationship field with a trailing comma +(followed by zero or more whitespace characters) in any package feed +list will cause opkg after commit 98ce8c2 ("pkg: convert most other +struct members into dynamic blob buffer fields") to segfault. + +In the case of a trailing comma, parseDepends() has always been called +with a string containing only the whitespace (if any) following the +comma, and previously a copy loop extracted the dependency package name +as an empty string. Now, strtok() returns NULL as the package name, +which is passed through ensure_abstract_pkg_by_name(), +abstract_pkg_fetch_by_name(), hash_table_get(), hash_index(), and +finally djb2_hash() which dereferences the NULL pointer. + +Signed-off-by: Patrick McDermott +--- + libopkg/pkg_depends.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/libopkg/pkg_depends.c b/libopkg/pkg_depends.c +index 3abdcd3..6d075f2 100644 +--- a/libopkg/pkg_depends.c ++++ b/libopkg/pkg_depends.c +@@ -1025,6 +1025,8 @@ static int parseDepends(compound_depend_t * compound_depend, char *depend_str, e + + for (i = 0, depend = strtok_r(depend_str, "|", &tok); depend; i++, depend = strtok_r(NULL, "|", &tok)) { + name = strtok(depend, " "); ++ if (!name) ++ break; + rest = strtok(NULL, "\n"); + + tmp = realloc(possibilities, sizeof(tmp) * (i + 1)); +-- +2.11.0 + -- cgit v0.9.1