Date: Mon, 6 May 2024 06:04:08 GMT From: Xin LI <delphij@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: 45764d1d4856 - stable/14 - Tighten boundary check in split(1) to prevent a potential buffer overflow. Message-ID: <202405060604.446648lR086132@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/14 has been updated by delphij: URL: https://cgit.FreeBSD.org/src/commit/?id=45764d1d4856954fbfc48c11a715fad88821b135 commit 45764d1d4856954fbfc48c11a715fad88821b135 Author: Shawn Bayern <sbayern@law.fsu.edu> AuthorDate: 2024-05-03 07:46:18 +0000 Commit: Xin LI <delphij@FreeBSD.org> CommitDate: 2024-05-06 05:59:08 +0000 Tighten boundary check in split(1) to prevent a potential buffer overflow. (cherry picked from commit 95032b58a1ad0fde57518f17805ca721bb4563ad) --- usr.bin/split/split.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/usr.bin/split/split.c b/usr.bin/split/split.c index e246a0d4adfc..52374c93efca 100644 --- a/usr.bin/split/split.c +++ b/usr.bin/split/split.c @@ -401,6 +401,10 @@ newfile(void) */ if (!dflag && autosfx && (fpnt[0] == 'y') && strspn(fpnt+1, "z") == strlen(fpnt+1)) { + /* Ensure the generated filenames will fit into the buffer. */ + if (strlen(fname) + 2 >= sizeof(fname)) + errx(EX_USAGE, "combined filenames would be too long"); + fpnt = fname + strlen(fname) - sufflen; fpnt[sufflen + 2] = '\0'; fpnt[0] = end;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202405060604.446648lR086132>