[dpkg] 194/200: libdpkg: Use snprintf() instead of sprintf()

Ximin Luo infinity0 at debian.org
Wed Apr 5 15:17:39 UTC 2017 

This is an automated email from the git hooks/post-receive script.

infinity0 pushed a commit to branch master
in repository dpkg.

commit f34ce936004583f3280182a9dcc3daa9295f56a0
Author: Guillem Jover <guillem at debian.org>
Date:   Wed Feb 22 22:46:56 2017 +0100

    libdpkg: Use snprintf() instead of sprintf()
    
    The field width in a format string does not limit the number of bytes
    emitted, so we can overflow, even if we are checking the number of bytes
    written. Use snprintf() to limit the amount written.
    
    Warned-by: gcc-7
---
 debian/changelog | 2 ++
 lib/dpkg/ar.c    | 9 +++++----
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 60ee615..0da0ef9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -9,6 +9,8 @@ dpkg (1.18.23) UNRELEASED; urgency=medium
     Thanks to Jörg Sonnenberger <joerg at netbsd.org>.
   * Add a comment on any C code switch case that falls through. Fixes new
     gcc-7 warnings.
+  * Use snprintf() instead of sprintf() in libdpkg when constructing the ar
+    member header, as we might overflow depending on the input data.
   * Portability:
     - Do not redeclare sys_siglist in libcompat when the system does so.
       Thanks to Thomas Klausner <wiz at NetBSD.org>.
diff --git a/lib/dpkg/ar.c b/lib/dpkg/ar.c
index 70a5a43..444b10c 100644
--- a/lib/dpkg/ar.c
+++ b/lib/dpkg/ar.c
@@ -173,10 +173,11 @@ dpkg_ar_member_put_header(struct dpkg_ar *ar, struct dpkg_ar_member *member)
 	if (member->size > 9999999999L)
 		ohshit(_("ar member size %jd too large"), (intmax_t)member->size);
 
-	n = sprintf(header, "%-16s%-12lu%-6lu%-6lu%-8lo%-10jd`\n",
-	            member->name, (unsigned long)member->time,
-	            (unsigned long)member->uid, (unsigned long)member->gid,
-	            (unsigned long)member->mode, (intmax_t)member->size);
+	n = snprintf(header, sizeof(struct dpkg_ar_hdr) + 1,
+	             "%-16s%-12lu%-6lu%-6lu%-8lo%-10jd`\n",
+	             member->name, (unsigned long)member->time,
+	             (unsigned long)member->uid, (unsigned long)member->gid,
+	             (unsigned long)member->mode, (intmax_t)member->size);
 	if (n != sizeof(struct dpkg_ar_hdr))
 		ohshit(_("generated corrupt ar header for '%s'"), ar->name);
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/dpkg.git

More information about the Reproducible-commits mailing list