Date: Wed, 1 Sep 2010 21:51:29 +0000 (UTC) From: Jilles Tjoelker <jilles@FreeBSD.org> To: cvs-src-old@freebsd.org Subject: cvs commit: src/bin/sh expand.c src/tools/regression/bin/sh/expansion pathname3.0 Message-ID: <201009012152.o81LqDF8052718@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
jilles 2010-09-01 21:51:29 UTC
FreeBSD src repository
Modified files: (Branch: RELENG_7)
bin/sh expand.c
Added files: (Branch: RELENG_7)
tools/regression/bin/sh/expansion pathname3.0
Log:
SVN rev 212118 on 2010-09-01 21:51:29Z by jilles
MFC r211155: sh: Fix heap-based buffer overflow in pathname generation.
The buffer for generated pathnames could be too small in some cases. It
happened to be always at least PATH_MAX long, so there was never an overflow
if the resulting pathnames would be usable.
This bug may be abused if a script subjects input from an untrusted source
to pathname generation, which a bad idea anyhow. Most shell scripts do not
work on untrusted data. secteam@ says no advisory is necessary.
PR: bin/148733
Reported by: Changming Sun snnn119 at gmail com
Revision Changes Path
1.51.2.4 +15 -16 src/bin/sh/expand.c
1.1.4.2 +29 -0 src/tools/regression/bin/sh/expansion/pathname3.0 (new)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201009012152.o81LqDF8052718>