1 files changed, 45 insertions, 0 deletions

diff --git a/main/libc0.9.32/0001-config-parser-fix-memory-corruption.patch b/main/libc0.9.32/0001-config-parser-fix-memory-corruption.patch
new file mode 100644
index 000000000..58acfb423
--- /dev/null
+++ b/main/libc0.9.32/0001-config-parser-fix-memory-corruption.patch
@@ -0,0 +1,45 @@
+From 80bcb7a4806b27397629cf2e6bcbb7e8a0c5db5b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
+Date: Fri, 6 Aug 2010 11:29:38 +0300
+Subject: [PATCH] config parser: fix memory corruption
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+fgets will happily write over allocated area limits. Adjusted the
+buffer size according to how much is already read.
+
+Also increase the maximum default line length, as 80 is slightly
+small. It might be better if bb_get_chunk_with_continuation would
+reallocate the line buffer if it was not user given.
+
+Signed-off-by: Timo Teräs <timo.teras@iki.fi>
+---
+ libc/misc/internals/parse_config.c |    4 ++--
+ 1 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libc/misc/internals/parse_config.c b/libc/misc/internals/parse_config.c
+index cbb6ef7..8404d80 100644
+--- a/libc/misc/internals/parse_config.c
++++ b/libc/misc/internals/parse_config.c
+@@ -60,7 +60,7 @@ static off_t bb_get_chunk_with_continuation(parser_t* parsr)
+ 	char *chp;
+ 
+ 	while (1) {
+-		if (fgets(parsr->line + pos, parsr->line_len, parsr->fp) == NULL) {
++		if (fgets(parsr->line + pos, parsr->line_len - pos, parsr->fp) == NULL) {
+ 			memset(parsr->line, 0, parsr->line_len);
+ 			pos = -1;
+ 			break;
+@@ -179,7 +179,7 @@ int attribute_hidden FAST_FUNC config_read(parser_t *parser, char ***tokens,
+ again:
+ 	if (parser->data == NULL) {
+ 		if (parser->line_len == 0)
+-			parser->line_len = 81;
++			parser->line_len = 161;
+ 		if (parser->data_len == 0)
+ 			parser->data_len += 1 + ntokens * sizeof(char *);
+ 		parser->data = realloc(parser->data,
+-- 
+1.7.0.4
+