From 788d9f26d97f0140881ac357bce39fa9447e68f7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
Date: Thu, 5 Nov 2020 10:06:24 +0100
Subject: [PATCH] Fix an off-by-one in bsd_realpath()

---
 ...wd.xs-fix-off-by-one-in-bsd_realpath.patch | 76 +++++++++++++++++++
 perl-PathTools.spec                           |  8 +-
 2 files changed, 83 insertions(+), 1 deletion(-)
 create mode 100644 perl-5.33.3-PathTools-Cwd.xs-fix-off-by-one-in-bsd_realpath.patch

diff --git a/perl-5.33.3-PathTools-Cwd.xs-fix-off-by-one-in-bsd_realpath.patch b/perl-5.33.3-PathTools-Cwd.xs-fix-off-by-one-in-bsd_realpath.patch
new file mode 100644
index 0000000..02a9577
--- /dev/null
+++ b/perl-5.33.3-PathTools-Cwd.xs-fix-off-by-one-in-bsd_realpath.patch
@@ -0,0 +1,76 @@
+From c8c367581c3333c38d07481e2ea8d81171403c81 Mon Sep 17 00:00:00 2001
+From: David Mitchell <davem@iabyn.com>
+Date: Mon, 26 Oct 2020 15:11:14 +0000
+Subject: [PATCH] PathTools/Cwd.xs: fix off-by-one in bsd_realpath()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+At the heart of this function is a loop which repeatedly finds the next
+component in the path, processes it, then chops that component off the
+front of the path by shifting the string to the start of the buffer;
+i.e. something like:
+
+    while (remaining_len) {
+        s = strchr(remaining, '/')
+        ...
+        remaining_len -= s - remaining;
+        memmove(remaining, s, remaining_len + 1);
+    }
+
+The problem is that the per-iteration decrement to remaining_len doesn't
+take account of the '/' character, so each iteration, remaining_len gets
+one more byte too big.
+
+It turns out that this is harmless - it just means that more and more
+garbage characters after the trailing null byte get copied each time,
+but after each copy the path string is still well formed, with a
+trailing null in the right place. So just the random garbage after the
+null byte is different.
+
+This commit fixes that.
+
+Although really, it would be better to just increment the
+start-of-string pointer each time rather than shift the whole string
+each time.
+
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+---
+ dist/PathTools/Cwd.xs | 15 ++++++++++++---
+ 1 file changed, 12 insertions(+), 3 deletions(-)
+
+diff --git a/dist/PathTools/Cwd.xs b/dist/PathTools/Cwd.xs
+index 8662400e47..e7ecb3c6c1 100644
+--- a/dist/PathTools/Cwd.xs
++++ b/dist/PathTools/Cwd.xs
+@@ -119,15 +119,24 @@ bsd_realpath(const char *path, char resolved[MAXPATHLEN])
+ 
+             p = strchr(remaining, '/');
+             s = p ? p : remaining + remaining_len;
++
+             if ((STRLEN)(s - remaining) >= (STRLEN)sizeof(next_token)) {
+                 errno = ENAMETOOLONG;
+                 return (NULL);
+             }
+             memcpy(next_token, remaining, s - remaining);
+             next_token[s - remaining] = '\0';
+-            remaining_len -= s - remaining;
+-            if (p != NULL)
+-                memmove(remaining, s + 1, remaining_len + 1);
++
++            /* shift first component off front of path, including '/' */
++            if (p) {
++                s++; /* skip '/' */
++                remaining_len -= s - remaining;
++                /* the +1 includes the trailing '\0' */
++                memmove(remaining, s, remaining_len + 1);
++            }
++            else
++                remaining_len = 0;
++
+             if (resolved[resolved_len - 1] != '/') {
+                 if (resolved_len + 1 >= MAXPATHLEN) {
+                     errno = ENAMETOOLONG;
+-- 
+2.25.4
+
diff --git a/perl-PathTools.spec b/perl-PathTools.spec
index 624038a..25c9122 100644
--- a/perl-PathTools.spec
+++ b/perl-PathTools.spec
@@ -2,7 +2,7 @@
 
 Name:           perl-PathTools
 Version:        3.78
-Release:        457%{?dist}
+Release:        458%{?dist}
 Summary:        PathTools Perl module (Cwd, File::Spec)
 # Cwd.xs:                   BSD
 # other files:              GPL+ or Artistic
@@ -13,6 +13,8 @@ Source0:        https://cpan.metacpan.org/authors/id/X/XS/XSAWYERX/PathTools-%{b
 Patch0:         PathTools-3.74-Disable-VMS-tests.patch
 # Unbundled from perl 5.29.10
 Patch1:         PathTools-3.75-Upgrade-to-3.78.patch
+# Fix an off-by-one in bsd_realpath(), in perl after 5.33.3
+Patch2:         perl-5.33.3-PathTools-Cwd.xs-fix-off-by-one-in-bsd_realpath.patch
 BuildRequires:  coreutils
 BuildRequires:  findutils
 BuildRequires:  gcc
@@ -57,6 +59,7 @@ This is the combined distribution for the File::Spec and Cwd modules.
 %setup -q -n PathTools-%{base_version}
 %patch0 -p1
 %patch1 -p1
+%patch2 -p3
 
 # Do not distribute File::Spec::VMS as it works on VMS only (bug #973713)
 rm lib/File/Spec/VMS.pm
@@ -82,6 +85,9 @@ make test
 %{_mandir}/man3/*
 
 %changelog
+* Thu Nov 05 2020 Petr Pisar <ppisar@redhat.com> - 3.78-458
+- Fix an off-by-one in bsd_realpath()
+
 * Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.78-457
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild