From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id CC8F6139085 for ; Tue, 20 Dec 2016 19:16:04 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 88B72E0EC2; Tue, 20 Dec 2016 19:16:02 +0000 (UTC) Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 65E3FE0EC2 for ; Tue, 20 Dec 2016 19:16:02 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 11965341026 for ; Tue, 20 Dec 2016 19:16:01 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id CE67E24E3 for ; Tue, 20 Dec 2016 19:15:59 +0000 (UTC) From: "Mike Frysinger" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Mike Frysinger" Message-ID: <1482261298.e2897872598b390b79e09d878738cfac3b3380ac.vapier@gentoo> Subject: [gentoo-commits] proj/portage-utils:master commit in: / X-VCS-Repository: proj/portage-utils X-VCS-Files: main.c X-VCS-Directories: / X-VCS-Committer: vapier X-VCS-Committer-Name: Mike Frysinger X-VCS-Revision: e2897872598b390b79e09d878738cfac3b3380ac X-VCS-Branch: master Date: Tue, 20 Dec 2016 19:15:59 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: dc8331c5-6e3d-41b6-afe0-423fa23f2c6b X-Archives-Hash: b152b83904a14cf6d4747c9b3c2d21ca commit: e2897872598b390b79e09d878738cfac3b3380ac Author: Mike Frysinger gentoo org> AuthorDate: Tue Dec 20 19:14:58 2016 +0000 Commit: Mike Frysinger gentoo org> CommitDate: Tue Dec 20 19:14:58 2016 +0000 URL: https://gitweb.gentoo.org/proj/portage-utils.git/commit/?id=e2897872 main: rework path handling to avoid unsafe strncat While this strncat shouldn't cause a problem, we can refactor the code a bit to avoid it entirely, and check the earlier snprintf result to boot. This also avoids warnings from clang about bad args to strncat. main.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/main.c b/main.c index af2ccce..543ac36 100644 --- a/main.c +++ b/main.c @@ -1382,14 +1382,20 @@ _q_static queue *get_vdb_atoms(int fullcpv) if ((dfd = scandirat(ctx->vdb_fd, cat[j]->d_name, &pf, q_vdb_filter_pkg, alphasort)) < 0) continue; for (i = 0; i < dfd; i++) { - snprintf(buf, sizeof(buf), "%s/%s", cat[j]->d_name, pf[i]->d_name); + int blen = snprintf(buf, sizeof(buf), "%s/%s/SLOT", cat[j]->d_name, pf[i]->d_name); + if (blen >= sizeof(buf)) { + warnf("unable to parse long package: %s/%s", cat[j]->d_name, pf[i]->d_name); + continue; + } + + /* Chop the SLOT for the atom parsing. */ + buf[blen - 5] = '\0'; if ((atom = atom_explode(buf)) == NULL) continue; + /* Restore the SLOT. */ + buf[blen - 5] = '/'; - /* XXX: This assumes static slot buf is big enough, but should be fine - * until this is rewritten & merged into libq/vdb.c. */ slot_len = sizeof(slot); - strncat(buf, "/SLOT", sizeof(buf)); eat_file_at(ctx->vdb_fd, buf, &slotp, &slot_len); rmspace(slot);