Commit 05194ff1 authored by Timo Teräs's avatar Timo Teräs

main/apk-tools: fix issue found by fortify

parent 7ca02ccb
From 60dd5798c90f0032b5c477bd35a2e0d49c280c7c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
Date: Wed, 8 Apr 2015 16:58:20 +0300
Subject: [PATCH] use memmove for copying buffer leftovers, as the ranges may
overlap
issue cought by fortify
---
src/io.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/io.c b/src/io.c
index e9d95df..765afc5 100644
--- a/src/io.c
+++ b/src/io.c
@@ -224,7 +224,7 @@ static apk_blob_t is_bs_read(void *stream, apk_blob_t token)
/* We need more data */
if (isbs->left.len != 0)
- memcpy(isbs->buffer, isbs->left.ptr, isbs->left.len);
+ memmove(isbs->buffer, isbs->left.ptr, isbs->left.len);
isbs->left.ptr = isbs->buffer;
size = isbs->is->read(isbs->is, isbs->buffer + isbs->left.len,
sizeof(isbs->buffer) - isbs->left.len);
--
2.3.5
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=apk-tools
pkgver=2.6.0_rc1
pkgrel=0
pkgrel=1
pkgdesc="Alpine Package Keeper - package manager for alpine"
subpackages="$pkgname-static"
depends=
......@@ -13,6 +13,7 @@ if [ "$CBUILD" = "$CHOST" ]; then
makedepends="$makedepends lua5.2-dev"
fi
source="http://dev.alpinelinux.org/archive/$pkgname/$pkgname-$pkgver.tar.xz
0001-use-memmove-for-copying-buffer-leftovers-as-the-rang.patch
"
url="http://git.alpinelinux.org/cgit/apk-tools/"
......@@ -82,6 +83,9 @@ luaapk() {
mv "$pkgdir"/usr/lib "$subpkgdir"/usr/lib/
}
md5sums="c9515f2063d31e4dc7583e6b3d3b8ab0 apk-tools-2.6.0_rc1.tar.xz"
sha256sums="41f87b45998bee0154a86d4e408ed014248abd713ca7d04b529b3d53b9af2fba apk-tools-2.6.0_rc1.tar.xz"
sha512sums="899706b2d440d4c28c3a8715514d3b32a0aea489ff48e5e1af658c167a2197f7d6e642182149f32744cd4c78d981ee4eb0f8588f07b365c6b8be04e1da3cf105 apk-tools-2.6.0_rc1.tar.xz"
md5sums="c9515f2063d31e4dc7583e6b3d3b8ab0 apk-tools-2.6.0_rc1.tar.xz
b6ad09951c806fa6d2ca5d1f3c316dff 0001-use-memmove-for-copying-buffer-leftovers-as-the-rang.patch"
sha256sums="41f87b45998bee0154a86d4e408ed014248abd713ca7d04b529b3d53b9af2fba apk-tools-2.6.0_rc1.tar.xz
01cedfd97bcbbeee309a1293c65a0e734c0b894f65b543330d564c648f91f3c4 0001-use-memmove-for-copying-buffer-leftovers-as-the-rang.patch"
sha512sums="899706b2d440d4c28c3a8715514d3b32a0aea489ff48e5e1af658c167a2197f7d6e642182149f32744cd4c78d981ee4eb0f8588f07b365c6b8be04e1da3cf105 apk-tools-2.6.0_rc1.tar.xz
4e26becda63fd1664fb1625487eedc4cb1b7b8155a65ac317e7c0583e3e9f203fe7cab7498463e6f9552ac71d9dbac48c1eba5926dc1f29481cef7d9a691c1ed 0001-use-memmove-for-copying-buffer-leftovers-as-the-rang.patch"
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment