Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 23 May 2018 09:16:21 +0000 (UTC)
From:      Eitan Adler <eadler@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r334083 - head/usr.bin/cut
Message-ID:  <201805230916.w4N9GLcb013931@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: eadler
Date: Wed May 23 09:16:20 2018
New Revision: 334083
URL: https://svnweb.freebsd.org/changeset/base/334083

Log:
  cut: Fix out of boundary write on illegal list argument
  
  It is possible to trigger an out of boundary write in cut if an invalid
  range with autostart has been supplied.
  
  PR:		227330
  Submitted by:	tobias@stoeckmann.org

Modified:
  head/usr.bin/cut/cut.c

Modified: head/usr.bin/cut/cut.c
==============================================================================
--- head/usr.bin/cut/cut.c	Wed May 23 09:02:31 2018	(r334082)
+++ head/usr.bin/cut/cut.c	Wed May 23 09:16:20 2018	(r334083)
@@ -210,6 +210,12 @@ get_list(char *list)
 		needpos(maxval + 1);
 	}
 
+	/* reversed range with autostart */
+	if (maxval < autostart) {
+		maxval = autostart;
+		needpos(maxval + 1);
+	}
+
 	/* set autostart */
 	if (autostart)
 		memset(positions + 1, '1', autostart);

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201805230916.w4N9GLcb013931>