From f67c1c8b4882c7c1f0663f1df2fa26f56ed8527b Mon Sep 17 00:00:00 2001 From: Dan Goodliffe Date: Mon, 5 Feb 2018 17:31:26 +0000 Subject: Prevent reading beyond end of mem mapped file --- gentoobrowse-api/service/utils/ebuildCacheParser.cpp | 10 ++++------ gentoobrowse-api/unittests/Jamfile.jam | 2 +- gentoobrowse-api/unittests/fixtures/accerciser-3.22.0 | 14 ++++++++++++++ gentoobrowse-api/unittests/testUtils.cpp | 11 +++++++++++ 4 files changed, 30 insertions(+), 7 deletions(-) create mode 100644 gentoobrowse-api/unittests/fixtures/accerciser-3.22.0 diff --git a/gentoobrowse-api/service/utils/ebuildCacheParser.cpp b/gentoobrowse-api/service/utils/ebuildCacheParser.cpp index c305578..f83d5f8 100644 --- a/gentoobrowse-api/service/utils/ebuildCacheParser.cpp +++ b/gentoobrowse-api/service/utils/ebuildCacheParser.cpp @@ -1,4 +1,5 @@ #include "ebuildCacheParser.h" +#include namespace Gentoo { namespace Utils { @@ -6,15 +7,12 @@ namespace Gentoo { AdHoc::FileUtils::MemMap(p) { const char * chardata = (const char *)this->data; - while (const char * eq = strchr(chardata, '=')) { - if (const char * nl = strchr(eq + 1, '\n')) { + auto len = this->getStat().st_size; + while (const char * eq = (const char *)memchr(chardata, '=', len - (chardata - (const char *)this->data))) { + if (const char * nl = (const char *)memchr(eq + 1, '\n', len - ((eq + 1) - (const char *)this->data))) { kvs.insert({ std::string(chardata, eq), { eq + 1, nl } }); chardata = nl + 1; } - else { - kvs.insert({ std::string(chardata, eq), { eq + 1, (const char *)this->data + st.st_size } }); - return; - } } } diff --git a/gentoobrowse-api/unittests/Jamfile.jam b/gentoobrowse-api/unittests/Jamfile.jam index e6a7560..9225210 100644 --- a/gentoobrowse-api/unittests/Jamfile.jam +++ b/gentoobrowse-api/unittests/Jamfile.jam @@ -48,7 +48,7 @@ lib testCommon : ; run - testUtils.cpp ../service/utils/git.cpp + testUtils.cpp ../service/utils/git.cpp ../service/utils/ebuildCacheParser.cpp : : : BOOST_TEST_DYN_LINK testCommon diff --git a/gentoobrowse-api/unittests/fixtures/accerciser-3.22.0 b/gentoobrowse-api/unittests/fixtures/accerciser-3.22.0 new file mode 100644 index 0000000..65fd77f --- /dev/null +++ b/gentoobrowse-api/unittests/fixtures/accerciser-3.22.0 @@ -0,0 +1,14 @@ +DEFINED_PHASES=compile configure install postinst postrm preinst prepare +DEPEND=>=app-accessibility/at-spi2-core-2.5.2:2 >=dev-python/pygobject-2.90.3:3[python_targets_python3_4(-)?,python_targets_python3_5(-)?,python_targets_python3_6(-)?,-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-)] >=x11-libs/gtk+-3.1.13:3[introspection] dev-libs/atk[introspection] >=dev-libs/glib-2.28:2 dev-libs/gobject-introspection:= >=dev-python/ipython-0.11[python_targets_python3_4(-)?,python_targets_python3_5(-)?,python_targets_python3_6(-)?,-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-)] >=dev-python/pyatspi-2.1.5[python_targets_python3_4(-)?,python_targets_python3_5(-)?,python_targets_python3_6(-)?,-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-)] dev-python/pycairo[python_targets_python3_4(-)?,python_targets_python3_5(-)?,python_targets_python3_6(-)?,-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-)] x11-libs/gdk-pixbuf[introspection] x11-libs/libwnck:3[introspection] x11-libs/pango[introspection] python_targets_python3_4? ( dev-lang/python:3.4[xml] ) python_targets_python3_5? ( dev-lang/python:3.5[xml] ) python_targets_python3_6? ( dev-lang/python:3.6[xml] ) >=dev-lang/python-exec-2:=[python_targets_python3_4(-)?,python_targets_python3_5(-)?,python_targets_python3_6(-)?,-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-)] app-text/yelp-tools >=dev-util/intltool-0.35 sys-devel/gettext virtual/pkgconfig >=app-portage/elt-patches-20170422 app-arch/xz-utils >=sys-apps/sed-4 dev-util/desktop-file-utils x11-misc/shared-mime-info +DESCRIPTION=Interactive Python accessibility explorer +EAPI=6 +HOMEPAGE=https://wiki.gnome.org/Apps/Accerciser +IUSE=python_targets_python3_4 python_targets_python3_5 python_targets_python3_6 +KEYWORDS=amd64 x86 +LICENSE=BSD CC-BY-SA-3.0 +RDEPEND=>=app-accessibility/at-spi2-core-2.5.2:2 >=dev-python/pygobject-2.90.3:3[python_targets_python3_4(-)?,python_targets_python3_5(-)?,python_targets_python3_6(-)?,-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-)] >=x11-libs/gtk+-3.1.13:3[introspection] dev-libs/atk[introspection] >=dev-libs/glib-2.28:2 dev-libs/gobject-introspection:= >=dev-python/ipython-0.11[python_targets_python3_4(-)?,python_targets_python3_5(-)?,python_targets_python3_6(-)?,-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-)] >=dev-python/pyatspi-2.1.5[python_targets_python3_4(-)?,python_targets_python3_5(-)?,python_targets_python3_6(-)?,-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-)] dev-python/pycairo[python_targets_python3_4(-)?,python_targets_python3_5(-)?,python_targets_python3_6(-)?,-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-)] x11-libs/gdk-pixbuf[introspection] x11-libs/libwnck:3[introspection] x11-libs/pango[introspection] python_targets_python3_4? ( dev-lang/python:3.4[xml] ) python_targets_python3_5? ( dev-lang/python:3.5[xml] ) python_targets_python3_6? ( dev-lang/python:3.6[xml] ) >=dev-lang/python-exec-2:=[python_targets_python3_4(-)?,python_targets_python3_5(-)?,python_targets_python3_6(-)?,-python_single_target_python3_4(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-)] +REQUIRED_USE=|| ( python_targets_python3_4 python_targets_python3_5 python_targets_python3_6 ) +SLOT=0 +SRC_URI=mirror://gnome/sources/accerciser/3.22/accerciser-3.22.0.tar.xz +_eclasses_=desktop 2ccd1dd1dd7bfb8795eea024a4f91bb6 epatch 8233751dc5105a6ae8fcd86ce2bb0247 estack 43ddf5aaffa7a8d0482df54d25a66a1f eutils b4eee44966573b7fb6761e507910b306 gnome.org 5e4cc5af3f1b17bdee155bf02e8c2df4 gnome2 6e4acb9c9da2cfa25f2dfedb93bb4a43 gnome2-utils 4d211d7614f303710fca59db6ec12c88 libtool 0081a71a261724730ec4c248494f044d ltprune 2770eed66a9b8ef944714cd0e968182e multibuild 72647e255187a1fadc81097b3657e5c3 multilib 97f470f374f2e94ccab04a2fb21d811e preserve-libs ef207dc62baddfddfd39a164d9797648 python-r1 e9350ec46bb5c9f3504b4fbe8b8d8987 python-utils-r1 c9de01becf9df3f8c10aeec3dc693f5d toolchain-funcs 885c7d8dd70a58825f3d17e35a3cd1e9 versionator ce21313503c41896ebcd7d58b0607e37 xdg 6cd76cc914c1a759dee032778487b57f xdg-utils f2c8335407f0b935b0a96d4adf23ef25 +_md5_=d824645ab9e59e46288f40f698baa5e7 diff --git a/gentoobrowse-api/unittests/testUtils.cpp b/gentoobrowse-api/unittests/testUtils.cpp index 5109d48..de3dca0 100644 --- a/gentoobrowse-api/unittests/testUtils.cpp +++ b/gentoobrowse-api/unittests/testUtils.cpp @@ -4,6 +4,8 @@ #include #include #include +#include +#include using namespace Gentoo::Utils::Git; @@ -27,3 +29,12 @@ BOOST_AUTO_TEST_CASE( gitErrorMessage ) git_libgit2_shutdown(); } +BOOST_AUTO_TEST_CASE( EbuildCacheParser ) +{ + Gentoo::Utils::EbuildCacheParser ecp(rootDir / "fixtures" / "accerciser-3.22.0"); + BOOST_REQUIRE(!ecp.get("missing")); + BOOST_REQUIRE_EQUAL("compile configure install postinst postrm preinst prepare", *ecp.get("DEFINED_PHASES")); + BOOST_REQUIRE_EQUAL("0", *ecp.get("SLOT")); + BOOST_REQUIRE_EQUAL("d824645ab9e59e46288f40f698baa5e7", *ecp.get("_md5_")); +} + -- cgit v1.2.3