The following reply was made to PR bin/185393; it has been noted by GNATS.
From: Ben Reser <[email protected]>
To: [email protected]
Cc:
Subject: Re: bin/185393: find -lname buffer read overflow bug
Date: Wed, 01 Jan 2014 12:03:04 -0800
This is a multi-part message in MIME format.
--------------080101030108030107080503
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Correction on the patch. Forgot to subtract one byte from the buffer to allow
for the NULL character to be set. Updated patch attached.
--------------080101030108030107080503
Content-Type: text/plain; charset=UTF-8;
name="fbsd-find-lname.patch.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="fbsd-find-lname.patch.txt"
Index: usr.bin/find/function.c
===================================================================
--- usr.bin/find/function.c (revision 260159)
+++ usr.bin/find/function.c (working copy)
@@ -1124,9 +1124,11 @@ f_name(PLAN *plan, FTSENT *entry)
const char *name;
if (plan->flags & F_LINK) {
+ int len = readlink(entry->fts_path, fn, sizeof(fn) - 1);
+ if (len == -1)
+ return 0;
+ fn[len] = '\0';
name = fn;
- if (readlink(entry->fts_path, fn, sizeof(fn)) == -1)
- return 0;
} else
name = entry->fts_name;
return !fnmatch(plan->c_data, name,
--------------080101030108030107080503--
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "[email protected]"
