mirror/guix
mirror/guix
1
Fork 0
mirror of https://https.git.savannah.gnu.org/git/guix.git/ synced 2025-07-14 19:10:49 +02:00
Code Releases Activity
guix/gnu/packages/patches/libconfuse-CVE-2022-40320.patch
Nicolas Graves df77bafb79
gnu: libconfuse: Patch CVE-2022-40320. 
* gnu/pacakges/patches/libconfuse-CVE-2022-40320.patch: Add file.
* gnu/packages/textutils.scm (libconfuse)[source]: Record patch.
* gnu/local.mk: Record patch.

Signed-off-by: Zheng Junjie <z572@z572.online>
2025-06-23 12:32:52 +08:00

38 lines
966 B
Diff
Raw Blame History

[PATCH] Fix #163: unterminated username used with getpwnam()
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
---
src/confuse.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/src/confuse.c b/src/confuse.c
index ce4fca8..060fae2 100644
--- a/src/confuse.c
+++ b/src/confuse.c
@@ -1863,18 +1863,20 @@ DLLIMPORT char *cfg_tilde_expand(const char *filename)
passwd = getpwuid(geteuid());
file = filename + 1;
} else {
- /* ~user or ~user/path */
- char *user;
+ char *user; /* ~user or ~user/path */
+ size_t len;
file = strchr(filename, '/');
if (file == 0)
file = filename + strlen(filename);
- user = malloc(file - filename);
+ len = file - filename - 1;
+ user = malloc(len + 1);
if (!user)
return NULL;
- strncpy(user, filename + 1, file - filename - 1);
+ strncpy(user, &filename[1], len);
+ user[len] = 0;
passwd = getpwnam(user);
free(user);
}
--
2.48.1
View git blame Copy permalink