From owner-freebsd-bugs  Thu Dec  3 22:09:22 1998
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id WAA24646
          for freebsd-bugs-outgoing; Thu, 3 Dec 1998 22:09:22 -0800 (PST)
          (envelope-from owner-freebsd-bugs@FreeBSD.ORG)
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id WAA24639
          for <freebsd-bugs@FreeBSD.org>; Thu, 3 Dec 1998 22:09:21 -0800 (PST)
          (envelope-from gnats@FreeBSD.org)
Received: (from Unknown UID 563@localhost)
	by freefall.freebsd.org (8.8.8/8.8.5) id WAA28546;
	Thu, 3 Dec 1998 22:10:01 -0800 (PST)
Received: from lamb.sas.com (lamb.sas.com [192.35.83.8])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id WAA24590
          for <FreeBSD-gnats-submit@freebsd.org>; Thu, 3 Dec 1998 22:07:42 -0800 (PST)
          (envelope-from jwd@unx.sas.com)
Received: from mozart (mozart.unx.sas.com [192.58.184.8])
	by lamb.sas.com (8.9.1/8.9.1) with SMTP id BAA05079
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 4 Dec 1998 01:07:26 -0500 (EST)
Received: from magenta.pc.sas.com by mozart (5.65c/SAS/Domains/5-6-90)
	id AA22446; Fri, 4 Dec 1998 01:07:26 -0500
Received: (from jwd@localhost)
	by magenta.pc.sas.com (8.9.1/8.9.1) id BAA03786;
	Fri, 4 Dec 1998 01:09:20 -0500 (EST)
	(envelope-from jwd)
Message-Id: <199812040609.BAA03786@magenta.pc.sas.com>
Date: Fri, 4 Dec 1998 01:09:20 -0500 (EST)
From: jwd@unx.sas.com
Reply-To: jwd@unx.sas.com
To: FreeBSD-gnats-submit@FreeBSD.ORG
X-Send-Pr-Version: 3.2
Subject: bin/8958: bug in /bin/pax -s option processing
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


>Number:         8958
>Category:       bin
>Synopsis:       bug in /bin/pax -s option processing
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Dec  3 22:10:00 PST 1998
>Last-Modified:
>Originator:     John W. DeBoskey
>Organization:
SAS Institute
>Release:        FreeBSD 3.0-19981124-SNAP i386
>Environment:

    Typical FreeBSD installation.

>Description:

/bin/pax -s processing assumes pattern match/replacements will always
occur at offset zero. When a pattern match does not occur at offset zero,
then the input source string pointer is incremented too far. Thus,
output replacement strings are corrupt.

User level data is damaged.

>How-To-Repeat:

Create the following symlink in /tmp:
ln -s /usr/src/bin/pax/pax.c pax.c
pax.c -> /usr/src/bin/pax/pax.c

Copy the symlink to /var/tmp and change src to src2
pax -rw -v -pp -s /src/src2/ pax.c /var/tmp

Inspect the copied link:
pax.c -> /usr/src2pax/pax.c

Note the missing path sep char.

>Fix:
	
--- /usr/src/bin/pax/pat_rep.c.old      Fri May 15 02:27:44 1998
+++ /usr/src/bin/pax/pat_rep.c  Fri Dec  4 00:11:44 1998
@@ -1002,7 +1002,7 @@
 #                      ifdef NET2_REGEX
                        inpt = pt->rcmp->endp[0];
 #                      else
-                       inpt += pm[0].rm_eo;
+                       inpt += pm[0].rm_eo - pm[0].rm_so;
 #                      endif
 
                        if ((outpt == endpt) || (*inpt == '\0'))


>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message