From 9da947a944dceddc56b7bc4aba908e89f4d3e957 Mon Sep 17 00:00:00 2001
From: starlet-dx <15929766099@163.com>
Date: Wed, 29 Nov 2023 14:17:41 +0800
Subject: [PATCH] Fix possible buffer overflow in get_path

(cherry picked from commit 1cb7dad7b4c456244dd50c9deecaa9c2bc989c1c)
---
 ...possible-buffer-overflow-in-get_path.patch | 24 +++++++++++++++++++
 dotconf.spec                                  |  7 +++++-
 2 files changed, 30 insertions(+), 1 deletion(-)
 create mode 100644 Fix-possible-buffer-overflow-in-get_path.patch

diff --git a/Fix-possible-buffer-overflow-in-get_path.patch b/Fix-possible-buffer-overflow-in-get_path.patch
new file mode 100644
index 0000000..19c9ea0
--- /dev/null
+++ b/Fix-possible-buffer-overflow-in-get_path.patch
@@ -0,0 +1,24 @@
+From 6382711e9b0060bbd0408df512e48b2ce9cdb3be Mon Sep 17 00:00:00 2001
+From: William Hubbs <w.d.hubbs@gmail.com>
+Date: Tue, 22 Jun 2010 14:16:45 -0500
+Subject: [PATCH] fix possible buffer overflow in get_path
+
+If a pathname is longer than CFG_MAX_FILENAME, there was a possible
+buffer overflow when copying the path name.
+---
+ src/dotconf.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/dotconf.c b/src/dotconf.c
+index af553b3..7ba2001 100644
+--- a/src/dotconf.c
++++ b/src/dotconf.c
+@@ -1440,7 +1440,7 @@ char *get_path(char *name)
+ 	} else {
+ 		len = tmp - name + 1;
+ 		if (len > CFG_MAX_FILENAME)
+-			len -= 1;
++			len = CFG_MAX_FILENAME;
+ 	}
+ 		snprintf(buf, len, "%s", name);
+ 	return buf;
diff --git a/dotconf.spec b/dotconf.spec
index 1d5bb73..3dc22b2 100644
--- a/dotconf.spec
+++ b/dotconf.spec
@@ -1,10 +1,12 @@
 Name:           dotconf
 Version:        1.3
-Release:        23
+Release:        24
 Summary:        A configuration file parser
 License:        LGPLv2
 URL:            https://github.com/williamh/dotconf
 Source:         https://github.com/williamh/dotconf/archive/v%{version}.tar.gz
+# https://github.com/williamh/dotconf/commit/6382711e9b0060bbd0408df512e48b2ce9cdb3be
+Patch0:         Fix-possible-buffer-overflow-in-get_path.patch
 BuildRequires:  findutils glibc-common make autoconf automake libtool
 
 %description
@@ -62,6 +64,9 @@ mv %{buildroot}/%{_docdir}/%{name} __doc_dir
 %doc __doc_dir/*
 
 %changelog
+* Wed Nov 29 2023 yaoxin <yao_xin001@hoperun.com> - 1.3-24
+- Fix possible buffer overflow in get_path
+
 * Tue Sep 8 2020 liuweibo <liuweibo10@huawei.com> - 1.3-23
 - Fix Source0