On Sun, Dec 4, 2016 at 3:45 AM, Daniel Sabogal <[email protected]> wrote: > On Thu, Dec 1, 2016 at 3:13 PM, Daniel Sabogal <[email protected]> wrote: >> On Wed, Nov 30, 2016 at 5:52 PM, Denys Vlasenko >> <[email protected]> wrote: >>> On Wed, Nov 30, 2016 at 3:46 AM, Daniel Sabogal <[email protected]> >>> wrote: >>>> The following commands cause busybox to segfault on musl-based systems. >>>> >>>> $ install -D a / >>>> $ install -D a /b >>>> $ install -D a /b/ >>>> >>>> This happens because the code in >>>> >>>> https://git.busybox.net/busybox/tree/coreutils/install.c?h=1_25_1#n196 >>>> >>>> passes the result of dirname() to bb_make_directory() which modifies its >>>> contents. For paths of the above forms, musl's dirname returns a string >>>> literal "/" which shouldn't be modified. >>>> >>>> See http://git.musl-libc.org/cgit/musl/tree/src/misc/dirname.c >>>> >>>> There are a few other occurrences of the code shown above, but I've not >>>> checked to see if they could be made to segfault. >>> >>> Does this fix the problem? >>> >>> /* Bypass leading non-'/'s and then subsequent '/'s >>> */ >>> while (*s) { >>> if (*s == '/') { >>> do { >>> ++s; >>> } while (*s == '/'); >>> c = *s; /* Save the current char */ >>> ====added line==> if (c) >>> *s = '\0'; /* and >>> replace it with nul */ >>> break; >> >> This does prevent the segfault, but I'm not sure if depending on being able >> to >> modify the result of dirname() is reliable. > > https://git.busybox.net/busybox/commit/?id=cf2600c3661c11491a838ef29733583afb6ad968 > > There are other occurrences of dirname + bb_make_directory that may have > this issue. > > The following also segfaults. > > $ cp --parents a /
Indeed. I moved the check into bb_make_directory(), please try now. _______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
