[pacman-dev] [PATCH 2/5] query_fileowner: avoid buffer overflow
Andrew Gregory
andrew.gregory.8 at gmail.com
Wed May 10 22:54:54 UTC 2017
Copying a string into a buffer that has just been determined to not be
able to hold it is obviously incorrect. The actual error handling
appears to have been unintentionally removed in
47762ab687959e48acc2de8592fcf3ba3cfa502b.
Signed-off-by: Andrew Gregory <andrew.gregory.8 at gmail.com>
---
src/pacman/query.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/pacman/query.c b/src/pacman/query.c
index 119764bc..247423fa 100644
--- a/src/pacman/query.c
+++ b/src/pacman/query.c
@@ -205,6 +205,7 @@ static int query_fileowner(alpm_list_t *targets)
size_t rlen = strlen(rpath);
if(rlen + 2 >= PATH_MAX) {
pm_printf(ALPM_LOG_ERROR, _("path too long: %s/\n"), rpath);
+ goto targcleanup;
}
strcat(rpath + rlen, "/");
}
--
2.12.2
More information about the pacman-dev
mailing list