From edd8a25cb8b469d8649e83fbbedac9a6ae87b521 Mon Sep 17 00:00:00 2001
From: Louis Burda <quent.burda@gmail.com>
Date: Wed, 19 May 2021 20:42:54 +0200
Subject: added patches for fixing each flagstore

---
 service/src/patches/flagstore1.diff | 19 +++++++++++++++++++
 service/src/patches/flagstore2.diff | 13 +++++++++++++
 2 files changed, 32 insertions(+)
 create mode 100644 service/src/patches/flagstore1.diff
 create mode 100644 service/src/patches/flagstore2.diff

(limited to 'service/src')

diff --git a/service/src/patches/flagstore1.diff b/service/src/patches/flagstore1.diff
new file mode 100644
index 0000000..0b5fe05
--- /dev/null
+++ b/service/src/patches/flagstore1.diff
@@ -0,0 +1,19 @@
+diff --git a/service/src/util.c b/service/src/util.c
+index 31a2628..354bbca 100644
+--- a/service/src/util.c
++++ b/service/src/util.c
+@@ -78,13 +78,12 @@ void
+ freadstr(FILE *f, char **dst)
+ {
+ 	size_t start, len, tmp;
+-	char c;
+ 
+ 	/* VULN #1: BAD CAST */
+ 	/* see documentation/README.md for more details */
+ 
+ 	start = ftell(f);
+-	for (len = 0; (c = fgetc(f)) != EOF && c; len++);
++	for (len = 0; fgetc(f) > 0; len++);
+ 	fseek(f, start, SEEK_SET);
+ 
+ 	*dst = checkp(calloc(1, len + 1));
diff --git a/service/src/patches/flagstore2.diff b/service/src/patches/flagstore2.diff
new file mode 100644
index 0000000..ef6f524
--- /dev/null
+++ b/service/src/patches/flagstore2.diff
@@ -0,0 +1,13 @@
+diff --git a/service/src/util.c b/service/src/util.c
+index 31a2628..bf272db 100644
+--- a/service/src/util.c
++++ b/service/src/util.c
+@@ -58,7 +58,7 @@ mhash(const char *str, int len)
+ 	srand(v);
+ 
+ 	for (bp = buf, i = 0; i < MHASHLEN / 2; i++)
+-		bp += sprintf(bp, "%02x", str[i % len] ^ (rand() % 256));
++		bp += sprintf(bp, "%02x", (unsigned char) str[i % len] ^ (rand() % 256));
+ 
+ 	return buf;
+ }
-- 
cgit v1.2.3-71-gd317