!10 [sync] PR-9: Fix possible buffer overflow in get_path

From: @openeuler-sync-bot 
Reviewed-by: @lyn1001 
Signed-off-by: @lyn1001

Fix-possible-buffer-overflow-in-get_path.patch

@@ -0,0 +1,24 @@
+From 6382711e9b0060bbd0408df512e48b2ce9cdb3be Mon Sep 17 00:00:00 2001
+From: William Hubbs <w.d.hubbs@gmail.com>
+Date: Tue, 22 Jun 2010 14:16:45 -0500
+Subject: [PATCH] fix possible buffer overflow in get_path
+
+If a pathname is longer than CFG_MAX_FILENAME, there was a possible
+buffer overflow when copying the path name.
+---
+ src/dotconf.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/dotconf.c b/src/dotconf.c
+index af553b3..7ba2001 100644
+--- a/src/dotconf.c
++++ b/src/dotconf.c
+@@ -1440,7 +1440,7 @@ char *get_path(char *name)
+ 	} else {
+ 		len = tmp - name + 1;
+ 		if (len > CFG_MAX_FILENAME)
+-			len -= 1;
++			len = CFG_MAX_FILENAME;
+ 	}
+ 		snprintf(buf, len, "%s", name);
+ 	return buf;

dotconf.spec

@@ -1,10 +1,12 @@
 Name:           dotconf
 Version:        1.3
-Release:        23
+Release:        24
 Summary:        A configuration file parser
 License:        LGPLv2
 URL:            https://github.com/williamh/dotconf
 Source:         https://github.com/williamh/dotconf/archive/v%{version}.tar.gz
+# https://github.com/williamh/dotconf/commit/6382711e9b0060bbd0408df512e48b2ce9cdb3be
+Patch0:         Fix-possible-buffer-overflow-in-get_path.patch
 BuildRequires:  findutils glibc-common make autoconf automake libtool
 
 %description
@@ -62,6 +64,9 @@ mv %{buildroot}/%{_docdir}/%{name} __doc_dir
 %doc __doc_dir/*
 
 %changelog
+* Wed Nov 29 2023 yaoxin <yao_xin001@hoperun.com> - 1.3-24
+- Fix possible buffer overflow in get_path
+
 * Tue Sep 8 2020 liuweibo <liuweibo10@huawei.com> - 1.3-23
 - Fix Source0