RE: Buffer overflow in orig/implicit.c

[Martin Dorey]

3.82 isn't the latest.  It looks like someone beat you to it:

 

Differences between revisions 3f6bb04e75e5a02f23339c9d4bec99b22d430803 and 6405534814f04899890a2d932db9a4985fd772fe:

 

2012-02-26 21:34:51 +0000 address@hidden (6405534814f04899890a2d932db9a4985fd772fe)

 

Check for possible buffer overflow on very long filenames. Fixes Savannah bug #35525

 

---------------------------------------------------

diff --git a/implicit.c b/implicit.c

index 96c7b2b..c5f7481 100644

--- a/implicit.c

+++ b/implicit.c

@@ -488,6 +488,13 @@ pattern_search (struct file *file, int archive,

               dir = pathdir;

             }

+          if (stemlen > GET_PATH_MAX)

+            {

+              DBS (DB_IMPLICIT, (_("Stem too long: `%.*s'.\n"),

+                                 (int) stemlen, stem));

+              continue;

+            }

+

           DBS (DB_IMPLICIT, (_("Trying pattern rule with stem `%.*s'.\n"),

                              (int) stemlen, stem));

 

From: bug-make-bounces+address@hidden [mailto:bug-make-bounces+address@hidden On Behalf Of Mustapha Abiola
Sent: Friday, June 27, 2014 22:30
To: address@hidden
Subject: Buffer overflow in orig/implicit.c

 

Kindly consider my fix for the lack of bounds checks in implicit.c

 

Index: make-3.82/implicit.c

===================================================================

--- make-3.82.orig/implicit.c

+++ make-3.82/implicit.c

@@ -488,6 +488,9 @@ pattern_search (struct file *file, int a

               dir = pathdir;

             }

+          if (stemlen >= PATH_MAX)

+              fatal (NILF, _("File name too long"));

+

           DBS (DB_IMPLICIT, (_("Trying pattern rule with stem `%.*s'.\n"),

                              (int) stemlen, stem));

Thanks.