| From 8095dc091decafccc672e63534ff5afef76f6f60 Mon Sep 17 00:00:00 2001 |
| From: Vaibhav Rustagi <vaibhavrustagi@google.com> |
| Date: Mon, 13 Mar 2023 14:22:52 -0700 |
| Subject: [PATCH] Fix CVE-2022-40320 in confuse. |
| |
| Upstream commit to fix the vulnerability: https://github.com/libconfuse/libconfuse/commit/d73777c2c3566fb2647727bb56d9a2295b81669b |
| --- |
| src/confuse.c | 10 ++++++---- |
| 1 file changed, 6 insertions(+), 4 deletions(-) |
| |
| diff --git a/src/confuse.c b/src/confuse.c |
| index ce4fca8..060fae2 100644 |
| --- a/src/confuse.c |
| +++ b/src/confuse.c |
| @@ -1863,18 +1863,20 @@ DLLIMPORT char *cfg_tilde_expand(const char *filename) |
| passwd = getpwuid(geteuid()); |
| file = filename + 1; |
| } else { |
| - /* ~user or ~user/path */ |
| - char *user; |
| + char *user; /* ~user or ~user/path */ |
| + size_t len; |
| |
| file = strchr(filename, '/'); |
| if (file == 0) |
| file = filename + strlen(filename); |
| |
| - user = malloc(file - filename); |
| + len = file - filename - 1; |
| + user = malloc(len + 1); |
| if (!user) |
| return NULL; |
| |
| - strncpy(user, filename + 1, file - filename - 1); |
| + strncpy(user, &filename[1], len); |
| + user[len] = 0; |
| passwd = getpwnam(user); |
| free(user); |
| } |
| -- |
| 2.31.0 |
| |