From 9a547d6a1dd52abc4174e3da3f820717b7d0dd02 Mon Sep 17 00:00:00 2001
From: sternenseemann <0rpkxez4ksa01gb3typccl0i@systemli.org>
Date: Sat, 10 Apr 2021 17:49:47 +0200
Subject: pkgs/sternenseemann/patches: prevent possible buffer overrun

---
 pkgs/sternenseemann/patches/mandoc-nix-store.patch | 33 ++++++++++++++--------
 1 file changed, 21 insertions(+), 12 deletions(-)

(limited to 'pkgs/sternenseemann')

diff --git a/pkgs/sternenseemann/patches/mandoc-nix-store.patch b/pkgs/sternenseemann/patches/mandoc-nix-store.patch
index 7fdee18c..d4d326d0 100644
--- a/pkgs/sternenseemann/patches/mandoc-nix-store.patch
+++ b/pkgs/sternenseemann/patches/mandoc-nix-store.patch
@@ -39,7 +39,7 @@ RCS file: /cvs/mandoc/mandocdb.c,v
 retrieving revision 1.267
 diff -r1.267 mandocdb.c
 167a168
-> static	int	 read_allowed(char *);
+> static	ssize_t	 read_allowed(char *);
 614,618c615
 < 			if (strncmp(buf, basedir, basedir_len) != 0
 < #ifdef HOMEBREWDIR
@@ -47,17 +47,20 @@ diff -r1.267 mandocdb.c
 < #endif
 < 			) {
 ---
-> 			if (!read_allowed(buf)) {
-824c821
+> 			if (read_allowed(buf) == -1) {
+788a786
+> 	ssize_t		 prefix_len;
+824,829c822,823
 < 	else if (strncmp(usefile, basedir, basedir_len) == 0)
----
-> 	else if (read_allowed(usefile))
-826,829d822
+< 		start = usefile + basedir_len;
 < #ifdef HOMEBREWDIR
 < 	else if (strncmp(usefile, HOMEBREWDIR, strlen(HOMEBREWDIR)) == 0)
 < 		start = usefile;
 < #endif
-1947a1941,1973
+---
+> 	else if ((prefix_len = read_allowed(usefile)) != -1)
+> 		start = usefile + prefix_len;
+1947a1942,1980
 > }
 > 
 > /*
@@ -65,16 +68,22 @@ diff -r1.267 mandocdb.c
 >  * constructing a database. This checks if the given
 >  * path is in the current set basedir or any directory
 >  * in READ_ALLOWED_PATH if it is defined.
+>  *
+>  * Returns -1 if reading is not allowed, the length
+>  * of the allowed directory part of the realpath if
+>  * reading is allowed. Note that stripping a prefix of
+>  * this length is only guaranteed to be a man dir if
+>  * the file is in basedir.
 >  */
-> static int
+> static ssize_t
 > read_allowed(char *realpath)
 > {
 > 	// if we have no basedir, don't check
 > 	if(basedir_len == 0 || basedir == NULL || *basedir == '\0')
-> 		return 1;
+> 		return basedir_len;
 > 
 > 	if(strncmp(realpath, basedir, basedir_len) == 0)
-> 		return 1;
+> 		return basedir_len;
 > 
 > #ifdef READ_ALLOWED_PATH
 > 	const char *pb = READ_ALLOWED_PATH;
@@ -83,11 +92,11 @@ diff -r1.267 mandocdb.c
 > 		size_t len = strcspn(pb, ":");
 > 
 > 		if (len > 0 && strncmp(realpath, pb, len) == 0)
-> 			return 1;
+> 			return len;
 > 
 > 		pb += len;
 > 		pb += strspn(pb, ":");
 > 	}
 > #endif
 > 
-> 	return 0;
+> 	return -1;
-- 
cgit 1.4.1