[Bug-cpio] cpio large filesize buffer overflow

bug-cpio

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug-cpio] cpio large filesize buffer overflow

From:	Peter Vrabec
Subject:	[Bug-cpio] cpio large filesize buffer overflow
Date:	Fri, 11 Nov 2005 16:46:57 -0500
User-agent:	Mozilla Thunderbird 1.0.7-1.1.fc4 (X11/20050929)

copyout.c:300

 char ascii_header[112];
...
      sprintf (ascii_header,

"%6s%08lx%08lx%08lx%08lx%08lx%08lx%08lx%08lx%08lx%08lx%08lx%08lx%08lx",
               magic_string,
               file_hdr->c_ino, file_hdr->c_mode, file_hdr->c_uid,
               file_hdr->c_gid, file_hdr->c_nlink, file_hdr->c_mtime,

file_hdr->c_filesize, file_hdr->c_dev_maj,file_hdr->c_dev_min,file_hdr->c_rdev_maj, file_hdr->c_rdev_min,file_hdr->c_namesize,

               file_hdr->c_chksum);

...

Cpio assumes the filesize is at most 8 digits in size and that's not.
If it's more, this buffer will indeed overflow.

see:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=172669

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug-cpio] cpio large filesize buffer overflow, Peter Vrabec <=
- Re: [Bug-cpio] cpio large filesize buffer overflow, Sergey Poznyakoff, 2005/11/12
- Re: [Bug-cpio] cpio large filesize buffer overflow, Dmitry V. Levin, 2005/11/15
  - Re: [Bug-cpio] cpio large filesize buffer overflow, Sergey Poznyakoff, 2005/11/16

Prev by Date: [Bug-cpio] say newer or same age
Next by Date: Re: [Bug-cpio] cpio large filesize buffer overflow
Previous by thread: [Bug-cpio] say newer or same age
Next by thread: Re: [Bug-cpio] cpio large filesize buffer overflow
Index(es):
- Date
- Thread