[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH] find: fix potential buffer overflow in -execdir and -okdir
From: |
Dmitry V. Levin |
Subject: |
[PATCH] find: fix potential buffer overflow in -execdir and -okdir |
Date: |
Thu, 16 May 2013 03:48:21 +0400 |
* lib/buildcmd.c (bc_push_arg): Take prefix length into account
to avoid state->argbuf overflow.
* NEWS: Mention this fix.
---
It would be a security issue if one could control factors triggering this
bug, which include a directory with thousands of files.
ChangeLog | 7 +++++++
NEWS | 2 ++
lib/buildcmd.c | 2 +-
3 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/ChangeLog b/ChangeLog
index e6914ff..7b4f3e0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2013-05-15 Dmitry V. Levin <address@hidden>
+
+ find: fix potential buffer overflow in -execdir and -okdir.
+ * lib/buildcmd.c (bc_push_arg): Take prefix length into account
+ to avoid state->argbuf overflow.
+ * NEWS: Mention this fix.
+
2013-04-22 Paul Eggert <address@hidden>
More removal of support for -perm +MODE.
diff --git a/NEWS b/NEWS
index 4349a21..010ba6e 100644
--- a/NEWS
+++ b/NEWS
@@ -30,6 +30,8 @@ The documentation for xargs now warns about parallel
processes (xargs
Some bugs in 4.5.11 were fixed without adding them to the bug
database, though they are in the ChangeLog:
+*** find -execdir/-okdir potential buffer overflow.
+
*** Use of [[ ... ]] in find/testsuite/sv-bug-32043.sh
*** Don't delete header files in "lib/" for "make clean".
diff --git a/lib/buildcmd.c b/lib/buildcmd.c
index d135692..2616ed6 100644
--- a/lib/buildcmd.c
+++ b/lib/buildcmd.c
@@ -364,7 +364,7 @@ bc_push_arg (struct buildcmd_control *ctl,
if (!terminate)
{
- if (state->cmd_argv_chars + len > ctl->arg_max)
+ if (state->cmd_argv_chars + len + pfxlen > ctl->arg_max)
{
if (initial_args || state->cmd_argc == ctl->initial_argc)
error (EXIT_FAILURE, 0,
--
ldv
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [PATCH] find: fix potential buffer overflow in -execdir and -okdir,
Dmitry V. Levin <=