[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug #51841] find buffer-overflow with -printf '%T+'
From: |
Kamil Dudka |
Subject: |
[bug #51841] find buffer-overflow with -printf '%T+' |
Date: |
Fri, 25 Aug 2017 07:01:53 -0400 (EDT) |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:55.0) Gecko/20100101 Firefox/55.0 |
Follow-up Comment #1, bug #51841 (project findutils):
I think that both the bug and the fix are obvious. After the mentioned
patch,
the code writes 12 bytes into a stack-allocated array of size 6 bytes:
char fmt[6];
// [...]
/* Format the main part of the time. */
if (kind == '+')
{
/* Avoid %F, some Unix versions lack it. For example:
HP Tru64 UNIX V5.1B (Rev. 2650); Wed Feb 17 22:59:59 CST 2016
Also, some older HP-UX versions expand %F as the full month (like
%B).
Reported by Steven M. Schweda <address@hidden> */
strcpy (fmt, "%Y-%m-%d+%T");
I believe that increasing size of the fmt array to 12 bytes will fix the bug.
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?51841>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/