Re: chmod input validation bug

bug-coreutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: chmod input validation bug

From:	Jim Meyering
Subject:	Re: chmod input validation bug
Date:	Thu, 20 Oct 2005 16:37:48 +0200

Thanks a lot!
I've applied that and added a test.

2005-10-20  Jim Meyering  <address@hidden>

        * tests/chmod/octal: New file/test, to exercise today's
        lib/modechange.c fix.
        * tests/chmod/Makefile.am (TESTS): Add octal.
        * NEWS: Mention this chmod fix as well as the dircolors one.

2005-10-20  Jim Meyering  <address@hidden>

        * modechange.c (mode_compile): Reject an invalid mode string
        that starts with an octal digit.  From Andreas Gruenbacher.

Index: tests/chmod/Makefile.am
===================================================================
RCS file: /fetish/cu/tests/chmod/Makefile.am,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -p -u -r1.9 -r1.10
--- tests/chmod/Makefile.am     4 May 2005 17:22:41 -0000       1.9
+++ tests/chmod/Makefile.am     20 Oct 2005 14:27:03 -0000      1.10
@@ -1,7 +1,7 @@
 ## Process this file with automake to produce Makefile.in -*-Makefile-*-.
 AUTOMAKE_OPTIONS = 1.4 gnits
 
-TESTS = no-x equals equal-x c-option setgid umask-x usage
+TESTS = octal no-x equals equal-x c-option setgid umask-x usage
 EXTRA_DIST = $(TESTS)
 TESTS_ENVIRONMENT = \
   PATH="`pwd`/../../src$(PATH_SEPARATOR)$$PATH"
Index: tests/chmod/octal
===================================================================
RCS file: tests/chmod/octal
diff -N tests/chmod/octal
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ tests/chmod/octal   20 Oct 2005 14:24:29 -0000      1.1
@@ -0,0 +1,31 @@
+#!/bin/sh
+# ensure that chmod diagnoses a certain type of invalid mode string
+
+if test "$VERBOSE" = yes; then
+  set -x
+  chmod --version
+fi
+
+pwd=`pwd`
+t0=`echo "$0"|sed 's,.*/,,'`.tmp; tmp=$t0/$$
+trap 'status=$?; cd $pwd; chmod -R u+rwx $t0; rm -rf $t0 && exit $status' 0
+trap '(exit $?); exit $?' 1 2 13 15
+
+framework_failure=0
+mkdir -p $tmp || framework_failure=1
+cd $tmp || framework_failure=1
+
+if test $framework_failure = 1; then
+  echo "$0: failure in testing framework" 1>&2
+  (exit 1); exit 1
+fi
+
+fail=0
+
+# Before coreutils-5.92, this would mistakenly succeed,
+# and act like `chmod 0 .'.
+chmod 0-followed-by-anything . 2> /dev/null && fail=1
+chmod 7-followed-by-anything . 2> /dev/null && fail=1
+chmod 8                      . 2> /dev/null && fail=1
+
+(exit $fail); exit $fail

Andreas Gruenbacher <address@hidden> wrote:
> here is a small chmod input validation fix.
>
> A command like ``chmod 0759 /mnt/x'' doesn't produce an error
> message even though 0759 is not a valid octal number.
>
> Index: coreutils-5.90/lib/modechange.c
> ===================================================================
> --- coreutils-5.90.orig/lib/modechange.c
> +++ coreutils-5.90/lib/modechange.c
> @@ -124,6 +124,9 @@ mode_compile (char const *mode_string)
>       }
>        while ('0' <= *mode_string && *mode_string < '8');
>  
> +      if (*mode_string)
> +     return NULL;
> +
>        /* Help the compiler optimize the usual case where mode_t uses
>        the traditional octal representation.  */
>        mode = ((S_ISUID == SUID && S_ISGID == SGID && S_ISVTX == SVTX

[Prev in Thread]

Current Thread

[Next in Thread]

chmod input validation bug, Andreas Gruenbacher, 2005/10/20
- Re: chmod input validation bug, Jim Meyering <=

Prev by Date: chmod input validation bug
Next by Date: bugreport for chmod -R
Previous by thread: chmod input validation bug
Next by thread: bugreport for chmod -R
Index(es):
- Date
- Thread