From: Taylor Blau <me@ttaylorr.com>
Date: Fri, 14 Apr 2023 15:46:59 +0000 (-0400)
Subject: Merge branch 'tb/config-copy-or-rename-in-file-injection'
X-Git-Tag: v2.30.9~1
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=528290f8c61222433a8cf02fb7cfffa8438432b4;p=thirdparty%2Fgit.git

Merge branch 'tb/config-copy-or-rename-in-file-injection'

Avoids issues with renaming or deleting sections with long lines, where
configuration values may be interpreted as sections, leading to
configuration injection. Addresses CVE-2023-29007.

* tb/config-copy-or-rename-in-file-injection:
  config.c: disallow overly-long lines in `copy_or_rename_section_in_file()`
  config.c: avoid integer truncation in `copy_or_rename_section_in_file()`
  config: avoid fixed-sized buffer when renaming/deleting a section
  t1300: demonstrate failure when renaming sections with long lines

Signed-off-by: Taylor Blau <me@ttaylorr.com>
---

528290f8c61222433a8cf02fb7cfffa8438432b4