Date: Wed, 1 Jan 2014 20:10:01 GMT From: Ben Reser <ben@reser.org> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/185393: find -lname buffer read overflow bug Message-ID: <201401012010.s01KA1GA004045@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/185393; it has been noted by GNATS.
From: Ben Reser <ben@reser.org>
To: bug-followup@FreeBSD.org
Cc:
Subject: Re: bin/185393: find -lname buffer read overflow bug
Date: Wed, 01 Jan 2014 12:03:04 -0800
This is a multi-part message in MIME format.
--------------080101030108030107080503
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Correction on the patch. Forgot to subtract one byte from the buffer to allow
for the NULL character to be set. Updated patch attached.
--------------080101030108030107080503
Content-Type: text/plain; charset=UTF-8;
name="fbsd-find-lname.patch.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="fbsd-find-lname.patch.txt"
Index: usr.bin/find/function.c
===================================================================
--- usr.bin/find/function.c (revision 260159)
+++ usr.bin/find/function.c (working copy)
@@ -1124,9 +1124,11 @@ f_name(PLAN *plan, FTSENT *entry)
const char *name;
if (plan->flags & F_LINK) {
+ int len = readlink(entry->fts_path, fn, sizeof(fn) - 1);
+ if (len == -1)
+ return 0;
+ fn[len] = '\0';
name = fn;
- if (readlink(entry->fts_path, fn, sizeof(fn)) == -1)
- return 0;
} else
name = entry->fts_name;
return !fnmatch(plan->c_data, name,
--------------080101030108030107080503--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201401012010.s01KA1GA004045>