From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <imz@altlinux.org>
Date: Sun, 16 Feb 2020 04:09:14 +0300 (MSK)
From: Ivan Zakharyaschev <imz@altlinux.org>
To: devel@lists.altlinux.org
Message-ID: <alpine.LFD.2.20.2002160401421.6363@imap.altlinux.org>
User-Agent: Alpine 2.20 (LFD 67 2015-01-07)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Cc: darktemplar@altlinux.org, ldv@altlinux.org
Subject: [devel] [APT PATCH] rpmSingle{Pkg,
 Src}Index::ArchiveURI(): avoid cases with undefined behavior
X-BeenThere: devel@lists.altlinux.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: ALT Linux Team development discussions <devel@lists.altlinux.org>
List-Id: ALT Linux Team development discussions <devel.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/options/devel>,
 <mailto:devel-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/devel>
List-Post: <mailto:devel@lists.altlinux.org>
List-Help: <mailto:devel-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/devel>,
 <mailto:devel-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Sun, 16 Feb 2020 01:09:14 -0000
Archived-At: <http://lore.altlinux.org/devel/alpine.LFD.2.20.2002160401421.6363@imap.altlinux.org/>
List-Archive: <http://lore.altlinux.org/devel/>
List-Post: <mailto:devel@altlinux.org>

Two cases of UB are avoided with such a rewrite:

* getcwd(2) returned NULL. Constructing a string from NULL is UB.
  (Such string was passed as an argument to flCombine().)
  Now, SafeGetCwd() (in fileutl.cc) returns "/" in such cases;
  if you consider SafeGetCwd()'s implementation not to be reasonable,
  rewrite it (just at a single place).

* File.length() < 2. Since File was a non-const string,
  File[File.length()] might be UB before C++11. Now, File is const, and
  it is guaranteed that File[File.length()] == 0.

This change was inspired by:

commit c138c48501381d26872a6b18aa1fb7af9f0300b2
Author: Aleksei Nikiforov <darktemplar@altlinux.org>
Date:   Mon Jun 10 18:10:30 2019 +0300

    RPM ArchiveURI: check file length before using it
---
 apt/apt-pkg/rpm/rpmindexfile.cc | 24 +++++++++---------------
 1 file changed, 9 insertions(+), 15 deletions(-)

diff --git a/apt/apt-pkg/rpm/rpmindexfile.cc b/apt/apt-pkg/rpm/rpmindexfile.cc
index 901ba77dd..ad6899a08 100644
--- a/apt/apt-pkg/rpm/rpmindexfile.cc
+++ b/apt/apt-pkg/rpm/rpmindexfile.cc
@@ -511,26 +511,20 @@ unsigned long rpmSrcDirIndex::Size() const
 
 // SinglePkgIndex::ArchiveURI - URI for the archive       	        /*{{{*/
 // ---------------------------------------------------------------------
-string rpmSinglePkgIndex::ArchiveURI(string File) const
+string rpmSinglePkgIndex::ArchiveURI(const string File) const
 {
-   char *cwd = getcwd(NULL,0);
-   if (File[0] == '.' && File[1] == '/')
-      File = string(File, 2);
-   string URI = "file://"+flCombine(cwd, File);
-   free(cwd);
-   return URI;
+   return "file://"+
+      flCombine(SafeGetCWD(),
+                (File[0] == '.' && File[1] == '/') ? string(File, 2) : File);
 }
 									/*}}}*/
 // SinglePkgIndex::ArchiveURI - URI for the archive       	        /*{{{*/
 // ---------------------------------------------------------------------
-string rpmSingleSrcIndex::ArchiveURI(string File) const
-{
-   char *cwd = getcwd(NULL,0);
-   if (File[0] == '.' && File[1] == '/')
-      File = string(File, 2);
-   string URI = "file://"+flCombine(cwd, File);
-   free(cwd);
-   return URI;
+string rpmSingleSrcIndex::ArchiveURI(const string File) const
+{
+   return "file://"+
+      flCombine(SafeGetCWD(),
+                (File[0] == '.' && File[1] == '/') ? string(File, 2) : File);
 }
 									/*}}}*/
 
-- 
2.21.0