On Wed, Nov 30, 2016 at 5:52 PM, Denys Vlasenko
<vda.li...@googlemail.com> wrote:
> On Wed, Nov 30, 2016 at 3:46 AM, Daniel Sabogal <dsaboga...@gmail.com> wrote:
>> The following commands cause busybox to segfault on musl-based systems.
>>
>> $ install -D a /
>> $ install -D a /b
>> $ install -D a /b/
>>
>> This happens because the code in
>>
>> https://git.busybox.net/busybox/tree/coreutils/install.c?h=1_25_1#n196
>>
>> passes the result of dirname() to bb_make_directory() which modifies its
>> contents. For paths of the above forms, musl's dirname returns a string
>> literal "/" which shouldn't be modified.
>>
>> See http://git.musl-libc.org/cgit/musl/tree/src/misc/dirname.c
>>
>> There are a few other occurrences of the code shown above, but I've not
>> checked to see if they could be made to segfault.
>
> Does this fix the problem?
>
>                         /* Bypass leading non-'/'s and then subsequent '/'s */
>                         while (*s) {
>                                 if (*s == '/') {
>                                         do {
>                                                 ++s;
>                                         } while (*s == '/');
>                                         c = *s; /* Save the current char */
> ====added line==>                       if (c)
>                                                 *s = '\0'; /* and
> replace it with nul */
>                                         break;

This does prevent the segfault, but I'm not sure if depending on being able to
modify the result of dirname() is reliable.
_______________________________________________
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox

Reply via email to