Ivan Pacheco <[email protected]> ha escrit:
> Hi. Just by curiosity I found a segfault inside the command info. If used
> well it can be a serious vulnerability.
>
> Command:
>
> $ info -k l
That happens due to a malformed dir entry, e.g.:
* gdbm_dump: gdbm_dump(gdbm).
The resulting reference entry contails filename=NULL, which causes
coredump. The fix for this particular problem is attached.
Regards,
Sergey
Index: info-utils.c
===================================================================
--- info-utils.c (revision 6335)
+++ info-utils.c (working copy)
@@ -1487,6 +1487,8 @@
length = skip_whitespace (inptr);
length += read_bracketed_filename (inptr + length, &entry->filename);
+ if (!entry->filename)
+ return 0;
length += strspn (inptr + length, " ");
/* Get the node name. */
