diff options
author | Dmitry V. Levin <ldv@altlinux.org> | 2013-05-16 03:48:21 +0400 |
---|---|---|
committer | James Youngman <jay@gnu.org> | 2013-09-21 22:55:43 +0100 |
commit | 29f3173a562edc67361426ab8c7a1789e5814de1 (patch) | |
tree | e025eea6a704e1add2571dc510b7e0c6d97c49e3 | |
parent | 2376e7c4a8bed066f7444dcf328f2f41912a7218 (diff) | |
download | findutils-29f3173a562edc67361426ab8c7a1789e5814de1.tar.gz |
find: fix potential buffer overflow in -execdir and -okdir
* lib/buildcmd.c (bc_push_arg): Take prefix length into account
to avoid state->argbuf overflow.
* NEWS: Mention this fix.
-rw-r--r-- | ChangeLog | 7 | ||||
-rw-r--r-- | NEWS | 2 | ||||
-rw-r--r-- | lib/buildcmd.c | 2 |
3 files changed, 10 insertions, 1 deletions
@@ -1,3 +1,10 @@ +2013-09-21 Dmitry V. Levin <ldv@altlinux.org> + + find: fix potential buffer overflow in -execdir and -okdir. + * lib/buildcmd.c (bc_push_arg): Take prefix length into account + to avoid state->argbuf overflow. + * NEWS: Mention this fix. + 2013-09-21 James Youngman <jay@gnu.org> Make sv-34976-execdir-fd-leak.sh test more POSIX-compliant. @@ -30,6 +30,8 @@ The documentation for xargs now warns about parallel processes (xargs Some bugs in 4.5.11 were fixed without adding them to the bug database, though they are in the ChangeLog: +*** find -execdir/-okdir potential buffer overflow. + *** Use of [[ ... ]] in find/testsuite/sv-bug-32043.sh *** Don't delete header files in "lib/" for "make clean". diff --git a/lib/buildcmd.c b/lib/buildcmd.c index d1356920..2616ed6f 100644 --- a/lib/buildcmd.c +++ b/lib/buildcmd.c @@ -364,7 +364,7 @@ bc_push_arg (struct buildcmd_control *ctl, if (!terminate) { - if (state->cmd_argv_chars + len > ctl->arg_max) + if (state->cmd_argv_chars + len + pfxlen > ctl->arg_max) { if (initial_args || state->cmd_argc == ctl->initial_argc) error (EXIT_FAILURE, 0, |