commit: 23ae6131beed7a230516ef84cc3a8f36987c8ac5
parent 3ae9b755eb7d1bc63e9a76c6991eda84797f4016
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date: Sun, 5 Oct 2025 21:53:46 +0200
extras/usign: Use static buffer for default sigfile path
Diffstat:
2 files changed, 60 insertions(+), 0 deletions(-)
diff --git a/extras/usign-patches/0001-Use-static-buffer-for-default-sigfile-path.patch b/extras/usign-patches/0001-Use-static-buffer-for-default-sigfile-path.patch
@@ -0,0 +1,58 @@
+From 2ae5ef7e311782bffb5c68b7aaceb98086352ece Mon Sep 17 00:00:00 2001
+From: "Haelwenn (lanodan) Monnier" <contact@hacktivis.me>
+Date: Sun, 5 Oct 2025 21:29:44 +0200
+Subject: [PATCH] Use static buffer for default sigfile path
+
+---
+ main.c | 16 +++++++++++++---
+ 1 file changed, 13 insertions(+), 3 deletions(-)
+
+diff --git a/main.c b/main.c
+index ebfdfb0..addbfb8 100644
+--- a/main.c
++++ b/main.c
+@@ -26,11 +26,16 @@
+ #include <fcntl.h>
+ #include <unistd.h>
+ #include <inttypes.h>
++#include <limits.h>
+
+ #include "base64.h"
+ #include "edsign.h"
+ #include "ed25519.h"
+
++#ifndef PATH_MAX
++#define PATH_MAX 4096
++#endif
++
+ struct pubkey {
+ char pkalg[2];
+ uint8_t fingerprint[8];
+@@ -409,14 +414,19 @@ int main(int argc, char **argv)
+ }
+
+ if (!sigfile && msgfile) {
+- char *buf = alloca(strlen(msgfile) + 5);
+-
+ if (!strcmp(msgfile, "-")) {
+ fprintf(stderr, "Need signature file when reading message from stdin\n");
+ return 1;
+ }
+
+- sprintf(buf, "%s.sig", msgfile);
++ if ((strlen(msgfile) - 4) > PATH_MAX)
++ {
++ fprintf(stderr, "Need signature file when msgfile path is over %zd (PATH_MAX - 4)\n", (size_t)PATH_MAX);
++ return 1;
++ }
++
++ static char buf[PATH_MAX];
++ snprintf(buf, PATH_MAX, "%s.sig", msgfile);
+ sigfile = buf;
+ }
+
+
+base-commit: f1f65026a94137c91b5466b149ef3ea3f20091e9
+--
+2.49.1
+
diff --git a/make-root.sh b/make-root.sh
@@ -135,6 +135,8 @@ if ! test "${EXCLUDE_EXTRAS:+y}" = "y"; then
for i in $extra_local_files; do
cp "${WORKDIR}/$i" ./"$i" || die "Failed copying $i"
done
+
+ patch -d ./extras/usign-*/ -p1 <"${WORKDIR}/extras/usign-patches/0001-Use-static-buffer-for-default-sigfile-path.patch"
fi
deblob -c || die
