Fixes this buffer overflow: https://github.com/libarchive/libarchive/commit/e37b620fe8f14535d737e89a4dcabaed4517bf1a Patch copied from upstream source repository: https://github.com/libarchive/libarchive/commit/e37b620fe8f14535d737e89a4dcabaed4517bf1a From e37b620fe8f14535d737e89a4dcabaed4517bf1a Mon Sep 17 00:00:00 2001 From: Tim Kientzle Date: Sun, 21 Aug 2016 10:51:43 -0700 Subject: [PATCH] Issue #767: Buffer overflow printing a filename The safe_fprintf function attempts to ensure clean output for an arbitrary sequence of bytes by doing a trial conversion of the multibyte characters to wide characters -- if the resulting wide character is printable then we pass through the corresponding bytes unaltered, otherwise, we convert them to C-style ASCII escapes. The stack trace in Issue #767 suggest that the 20-byte buffer was getting overflowed trying to format a non-printable multibyte character. This should only happen if there is a valid multibyte character of more than 5 bytes that was unprintable. (Each byte would get expanded to a four-charcter octal-style escape of the form "\123" resulting in >20 characters for the >5 byte multibyte character.) I've not been able to reproduce this, but have expanded the conversion buffer to 128 bytes on the belief that no multibyte character set has a single character of more than 32 bytes. --- tar/util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tar/util.c b/tar/util.c index 9ff22f2..2b4aebe 100644 --- a/tar/util.c +++ b/tar/util.c @@ -182,7 +182,7 @@ safe_fprintf(FILE *f, const char *fmt, ...) } /* If our output buffer is full, dump it and keep going. */ - if (i > (sizeof(outbuff) - 20)) { + if (i > (sizeof(outbuff) - 128)) { outbuff[i] = '\0'; fprintf(f, "%s", outbuff); i = 0; 10' name='q' value=''/>
path: root/tests/cve.scm
AgeCommit message (Expand)Author
2019-10-23cve: Rewrite to read the JSON feed instead of the XML feed....The XML feed was discontinued on Oct. 16th, 2019: <https://nvd.nist.gov/General/News/XML-Vulnerability-Feed-Retirement-Phase-3> * guix/cve.scm (string->date*): New procedure. (<cve-item>, <cve>, <cve-reference>): New record types. (cpe-match->cve-configuration, configuration-data->cve-configurations) (json->cve-items, version-matches?): New procedures. (yearly-feed-uri): Change URL to refer to JSON feed. (cpe->product-alist, %parse-vulnerability-feed) (xml->vulnerabilities): Remove. (cve-configuration->package-list, merge-package-lists) (cve-item->vulnerability, json->vulnerabilities): New procedures. (write-cache): Use 'json->vulnerabilities' instead of 'xml->vulnerabilities', and remove 'parameterize'. (vulnerabilities->lookup-proc): Use 'version-matches?' when VERSION is true. * tests/cve.scm (%sample): Use 'tests/cve-sample.json'. (%expected-vulnerabilities): Rewrite accordingly. ("json->cve-items", "cve-item-published-date") ("json->vulnerabilities"): New tests. ("xml->vulnerabilities"): Remove. ("vulnerabilities->lookup-proc"): Adjust to new vulnerabilities. * tests/cve-sample.json: New file. * tests/cve-sample.xml: Remove. * Makefile.am (EXTRA_DIST): Adjust accordingly. * doc/guix.texi (Invoking guix lint): Update nist.gov URLs. Ludovic Courtès
2019-10-20tests: Avoid now-deprecated 'make-struct'....* tests/cve.scm (vulnerability): Use 'make-struct/no-tail' instead of 'make-struct', which is deprecated. * tests/lint.scm ("cve: one vulnerability") ("cve: one patched vulnerability") ("cve: known safe from vulnerability") ("cve: vulnerability fixed in replacement version") ("cve: patched vulnerability in replacement"): Likewise. Ludovic Courtès