Date: Thu, 25 Nov 2004 11:43:03 GMT From: Max Okumoto <okumoto@ucsd.edu> To: freebsd-gnats-submit@FreeBSD.org Subject: bin/74368: Bug in archive code (string is truncated) Message-ID: <200411251143.iAPBh33S097794@www.freebsd.org> Resent-Message-ID: <200411251150.iAPBoPrX073537@freefall.freebsd.org>
index | next in thread | raw e-mail
>Number: 74368
>Category: bin
>Synopsis: Bug in archive code (string is truncated)
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Nov 25 11:50:25 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator: Max Okumoto
>Release: 5.2.1
>Organization:
Univ Calif San Diego
>Environment:
FreeBSD oecpc11.ucsd.edu 5.2.1-RELEASE-p12 FreeBSD 5.2.1-RELEASE-p12 #0: Thu Nov 25 01:31:26 PST 2004 root@oecpc11.ucsd.edu:/usr/obj/usr/src/sys/GENERIC i386
>Description:
Date: 2004/11/14 20:13:12
Author: dillon
Log:
Fix an inverted conditional which could lead to nameBuf being truncated in the later snprintf().
Noticed-by: Max Okumoto <okumoto@home>
Members:
arch.c:1.11->1.12
>How-To-Repeat:
>Fix:
Apply patch.
diff -ru fbsd-src/make/arch.c dfly-src/make/arch.c
--- arch.c Mon Nov 15 20:39:53 2004
+++ arch.c Mon Nov 15 20:39:56 2004
@@ -341,15 +339,17 @@
char *member;
size_t sz = MAXPATHLEN;
size_t nsz;
+
nameBuf = emalloc(sz);
Dir_Expand(memName, dirSearchPath, members);
while (!Lst_IsEmpty(members)) {
member = (char *)Lst_DeQueue(members);
- nsz = strlen(libName) + strlen(member) + 3;
- if (sz > nsz)
- nameBuf = erealloc(nameBuf, sz = nsz * 2);
-
+ nsz = strlen(libName) + strlen(member) + 3; /* 3 = ()+\0 */
+ if (sz < nsz) {
+ sz = nsz * 2;
+ nameBuf = erealloc(nameBuf, sz);
+ }
snprintf(nameBuf, sz, "%s(%s)", libName, member);
free(member);
gn = Targ_FindNode (nameBuf, TARG_CREATE);
>Release-Note:
>Audit-Trail:
>Unformatted:
home |
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200411251143.iAPBh33S097794>