From b3b6325502415f9c1b2c986dd9956885b78390d3 Mon Sep 17 00:00:00 2001
From: Priyesh  Padmavilasom <ppadmavilasom@vmware.com>
Date: Fri, 1 Apr 2016 17:08:03 +0000
Subject: [PATCH] update to 1.0.8, add string allocation limits

---
 client/defines.h    |  3 +++
 client/strings.c    | 14 +++++++++++++-
 configure.ac        |  2 +-
 include/tdnferror.h |  1 +
 4 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/client/defines.h b/client/defines.h
index e2d6021b..c0dd3ae2 100644
--- a/client/defines.h
+++ b/client/defines.h
@@ -117,6 +117,7 @@ typedef enum
 #define TDNF_CONF_KEY_KEEP_CACHE          "keepcache"
 #define TDNF_CONF_KEY_DISTROVERPKG        "distroverpkg"
 #define TDNF_CONF_KEY_DISTROARCHPKG       "distroarchpkg"
+#define TDNF_CONF_KEY_MAX_STRING_LEN      "maxstringlen"
 //Repo file key names
 #define TDNF_REPO_KEY_BASEURL             "baseurl"
 #define TDNF_REPO_KEY_ENABLED             "enabled"
@@ -133,6 +134,7 @@ typedef enum
 #define TDNF_DEFAULT_CACHE_LOCATION       "/var/cache/tdnf"
 #define TDNF_DEFAULT_DISTROVERPKG         "photon-release"
 #define TDNF_DEFAULT_DISTROARCHPKG        "x86_64"
+#define TDNF_DEFAULT_MAX_STRING_LEN       16384000
 #define TDNF_RPM_CACHE_DIR_NAME           "rpms"
 #define TDNF_REPODATA_DIR_NAME            "repodata"
 //var names
@@ -154,6 +156,7 @@ typedef enum
     {ERROR_TDNF_NO_DISTROVERPKG,     "ERROR_TDNF_NO_DISTROVERPKG",     "distroverpkg config entry is set to a package that is not installed. Check /etc/tdnf/tdnf.conf"}, \
     {ERROR_TDNF_DISTROVERPKG_READ,   "ERROR_TDNF_DISTROVERPKG_READ",   "There was an error reading version of distroverpkg"}, \
     {ERROR_TDNF_INVALID_ALLOCSIZE,   "ERROR_TDNF_INVALID_ALLOCSIZE",   "A memory allocation was requested with an invalid size"}, \
+    {ERROR_TDNF_STRING_TOO_LONG,     "ERROR_TDNF_STRING_TOO_LONG",     "Requested string allocation size was too long."}, \
     {ERROR_TDNF_NO_ENABLED_REPOS,    "ERROR_TDNF_NO_ENABLED_REPOS",    "There are no enabled repos.\n Run ""tdnf repolist all"" to see the repos you have.\n You can enable repos by editing repo files in your repodir(usually /etc/yum.repos.d)"}, \
     {ERROR_TDNF_PACKAGELIST_EMPTY,   "ERROR_TDNF_PACKAGELIST_EMPTY",   "Packagelist was empty"}, \
     {ERROR_TDNF_GOAL_CREATE,         "ERROR_TDNF_GOAL_CREATE",         "Error creating goal"}, \
diff --git a/client/strings.c b/client/strings.c
index 1ea6ccb1..ef3f9a86 100644
--- a/client/strings.c
+++ b/client/strings.c
@@ -35,6 +35,12 @@ TDNFAllocateString(
       BAIL_ON_TDNF_ERROR(dwError);
     }
 
+    if(strlen(pszSrc) > TDNF_DEFAULT_MAX_STRING_LEN)
+    {
+        dwError = ERROR_TDNF_STRING_TOO_LONG;
+        BAIL_ON_TDNF_ERROR(dwError);
+    }
+
     pszDst = strdup(pszSrc);
     if(!pszDst)
     {
@@ -111,8 +117,14 @@ TDNFAllocateStringPrintf(
         dwError = errno;
         BAIL_ON_TDNF_SYSTEM_ERROR(dwError);
     }
-
     nSize = nSize + 1;
+
+    if(nSize > TDNF_DEFAULT_MAX_STRING_LEN)
+    {
+        dwError = ERROR_TDNF_STRING_TOO_LONG;
+        BAIL_ON_TDNF_ERROR(dwError);
+    }
+
     dwError = TDNFAllocateMemory(1, nSize, (void**)&pszDst);
     BAIL_ON_TDNF_ERROR(dwError);
 
diff --git a/configure.ac b/configure.ac
index bbad1a1e..a25fc1d7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-AC_INIT(tdnf, 1.0.7)
+AC_INIT(tdnf, 1.0.8)
 AC_MSG_NOTICE([tdnf configuration])
 
 AC_CANONICAL_SYSTEM
diff --git a/include/tdnferror.h b/include/tdnferror.h
index ac6f21f5..ce8037ee 100644
--- a/include/tdnferror.h
+++ b/include/tdnferror.h
@@ -60,6 +60,7 @@ extern "C" {
 #define ERROR_TDNF_DISTROVERPKG_READ        1023
 //
 #define ERROR_TDNF_INVALID_ALLOCSIZE        1024
+#define ERROR_TDNF_STRING_TOO_LONG          1025
 
 //Hawkey errors 1300 to 1399
 #define ERROR_TDNF_HAWKEY_BASE          1300