From owner-svn-src-head@freebsd.org Wed May 23 09:16:21 2018 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D4B66EF5FEF; Wed, 23 May 2018 09:16:21 +0000 (UTC) (envelope-from eadler@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 8258E7FFB8; Wed, 23 May 2018 09:16:21 +0000 (UTC) (envelope-from eadler@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 62DB720D33; Wed, 23 May 2018 09:16:21 +0000 (UTC) (envelope-from eadler@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w4N9GLGp013932; Wed, 23 May 2018 09:16:21 GMT (envelope-from eadler@FreeBSD.org) Received: (from eadler@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w4N9GLcb013931; Wed, 23 May 2018 09:16:21 GMT (envelope-from eadler@FreeBSD.org) Message-Id: <201805230916.w4N9GLcb013931@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: eadler set sender to eadler@FreeBSD.org using -f From: Eitan Adler Date: Wed, 23 May 2018 09:16:21 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r334083 - head/usr.bin/cut X-SVN-Group: head X-SVN-Commit-Author: eadler X-SVN-Commit-Paths: head/usr.bin/cut X-SVN-Commit-Revision: 334083 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 May 2018 09:16:22 -0000 Author: eadler Date: Wed May 23 09:16:20 2018 New Revision: 334083 URL: https://svnweb.freebsd.org/changeset/base/334083 Log: cut: Fix out of boundary write on illegal list argument It is possible to trigger an out of boundary write in cut if an invalid range with autostart has been supplied. PR: 227330 Submitted by: tobias@stoeckmann.org Modified: head/usr.bin/cut/cut.c Modified: head/usr.bin/cut/cut.c ============================================================================== --- head/usr.bin/cut/cut.c Wed May 23 09:02:31 2018 (r334082) +++ head/usr.bin/cut/cut.c Wed May 23 09:16:20 2018 (r334083) @@ -210,6 +210,12 @@ get_list(char *list) needpos(maxval + 1); } + /* reversed range with autostart */ + if (maxval < autostart) { + maxval = autostart; + needpos(maxval + 1); + } + /* set autostart */ if (autostart) memset(positions + 1, '1', autostart);