Date: Wed, 1 Sep 2010 21:51:29 +0000 (UTC) From: Jilles Tjoelker <jilles@FreeBSD.org> To: cvs-src-old@freebsd.org Subject: cvs commit: src/bin/sh expand.c src/tools/regression/bin/sh/expansion pathname3.0 Message-ID: <201009012152.o81LqDF8052718@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
jilles 2010-09-01 21:51:29 UTC FreeBSD src repository Modified files: (Branch: RELENG_7) bin/sh expand.c Added files: (Branch: RELENG_7) tools/regression/bin/sh/expansion pathname3.0 Log: SVN rev 212118 on 2010-09-01 21:51:29Z by jilles MFC r211155: sh: Fix heap-based buffer overflow in pathname generation. The buffer for generated pathnames could be too small in some cases. It happened to be always at least PATH_MAX long, so there was never an overflow if the resulting pathnames would be usable. This bug may be abused if a script subjects input from an untrusted source to pathname generation, which a bad idea anyhow. Most shell scripts do not work on untrusted data. secteam@ says no advisory is necessary. PR: bin/148733 Reported by: Changming Sun snnn119 at gmail com Revision Changes Path 1.51.2.4 +15 -16 src/bin/sh/expand.c 1.1.4.2 +29 -0 src/tools/regression/bin/sh/expansion/pathname3.0 (new)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201009012152.o81LqDF8052718>