Thanks, I applied this directly (since you already have a copyright assignment for findutils).
Sorry about the delay. James. On Thu, May 16, 2013 at 12:48 AM, Dmitry V. Levin <[email protected]> wrote: > * lib/buildcmd.c (bc_push_arg): Take prefix length into account > to avoid state->argbuf overflow. > * NEWS: Mention this fix. > --- > > It would be a security issue if one could control factors triggering this > bug, which include a directory with thousands of files. > > ChangeLog | 7 +++++++ > NEWS | 2 ++ > lib/buildcmd.c | 2 +- > 3 files changed, 10 insertions(+), 1 deletion(-) > > diff --git a/ChangeLog b/ChangeLog > index e6914ff..7b4f3e0 100644 > --- a/ChangeLog > +++ b/ChangeLog > @@ -1,3 +1,10 @@ > +2013-05-15 Dmitry V. Levin <[email protected]> > + > + find: fix potential buffer overflow in -execdir and -okdir. > + * lib/buildcmd.c (bc_push_arg): Take prefix length into account > + to avoid state->argbuf overflow. > + * NEWS: Mention this fix. > + > 2013-04-22 Paul Eggert <[email protected]> > > More removal of support for -perm +MODE. > diff --git a/NEWS b/NEWS > index 4349a21..010ba6e 100644 > --- a/NEWS > +++ b/NEWS > @@ -30,6 +30,8 @@ The documentation for xargs now warns about parallel > processes (xargs > Some bugs in 4.5.11 were fixed without adding them to the bug > database, though they are in the ChangeLog: > > +*** find -execdir/-okdir potential buffer overflow. > + > *** Use of [[ ... ]] in find/testsuite/sv-bug-32043.sh > > *** Don't delete header files in "lib/" for "make clean". > diff --git a/lib/buildcmd.c b/lib/buildcmd.c > index d135692..2616ed6 100644 > --- a/lib/buildcmd.c > +++ b/lib/buildcmd.c > @@ -364,7 +364,7 @@ bc_push_arg (struct buildcmd_control *ctl, > > if (!terminate) > { > - if (state->cmd_argv_chars + len > ctl->arg_max) > + if (state->cmd_argv_chars + len + pfxlen > ctl->arg_max) > { > if (initial_args || state->cmd_argc == ctl->initial_argc) > error (EXIT_FAILURE, 0, > > -- > ldv -- -- This email is intended solely for the use of its addressee, sender, and any readers of a mailing list archive in which it happens to appear. If you have received this email in error, please say or type three times, "I believe in the utility of email disclaimers," and then reply to the author correcting any spellings (and, optionally, any incorrect spellings), accompanying these with humorous jests about the author's parentage. If you are not the addressee, you are nevertheless permitted to both copy and forward this email since without such permissions email systems are unable to transmit email to anybody, intended recipient or not. To those still reading by this point, the author would like to apologise for being unable to maintain a consistent level of humour throughout this disclaimer. Contents may settle during transit. Do not feed the animals.
