[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Off-By-One



Hi,

On Fri, Nov 21, 2014 at 07:53:49PM +1100, Joshua Rogers wrote:
> In apt-inst/extract.cc, this code appears:
> 
> >       if (Res.length() > sizeof(FileName))
> >          return _error->Error(_("The path %s is too long"),Res.c_str());
> >       if (Debug == true)
> >          clog << "Followed conf file from " << FileName << " to " <<
> > Res << endl;
> >       Itm.Name = strcpy(FileName,Res.c_str());      
> 
> "if (Res.length() > sizeof(FileName))" should either be "if
> (Res.length() >= sizeof(FileName))", or "if (Res.length() >
> sizeof(FileName - 1))".

Thanks, the code is indeed very fishy!

Thankfully nobody is actually using it as its origin is a years old (=
predating any active apt maintainer) attempt at replacing dpkg, which
obviously failed as dpkg still exists and apt-inst exists for only two
reasons still: apt-extracttemplates (which is planed to be done by dpkg
instead for quiet a while now) and apt-ftparchive which uses it to
inspect deb files, but not to actually extract them on the filesystem.
This code is therefore completely unused.


So, the proper fix is here to just get right of apt-inst already (merge
the few useful bits into apt-pkg) and be happy. I will make a note to
get that done for stretch.

I therefore think that we don't need to get busy fixing this in
(old)stable/jessie as it hasn't any practical effect…
but the report is still very useful in reminding me to get that stuff
removed, so thanks a lot! :)


Best regards

David Kalnischkies

Attachment: signature.asc
Description: Digital signature


Reply to: