[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug-cpio] Bad splitting long file names in ustar header
|
From: |
Pavel Raiskup |
|
Subject: |
[Bug-cpio] Bad splitting long file names in ustar header |
|
Date: |
Wed, 17 Oct 2012 07:18:46 +0200 |
Hello,
Filip Krska/Ondřej Vašík revealed problem in GNU cpio source code - bad
splitting of long names -- as Ondrej suggested, fix is possible to get
from tar source (src/create.c -> split_long_name):
diff --git a/src/tar.c b/src/tar.c
index 04d1e32..854878e 100644
--- a/src/tar.c
+++ b/src/tar.c
@@ -49,10 +49,12 @@ split_long_name (const char *name, size_t length)
{
size_t i;
- if (length > TARPREFIXSIZE)
- length = TARPREFIXSIZE+2;
+ if (length > TARPREFIXSIZE + 1)
+ length = TARPREFIXSIZE + 1;
+ else if (ISSLASH (name[length - 1]))
+ length--;
for (i = length - 1; i > 0; i--)
- if (name[i] == '/')
+ if (ISSLASH (name[i]))
break;
return i;
}
Without this fix, problem may happen when the strlen(path name) >= 157 and
character '/' is on the 156th position ~~> function 'split_long_name'
than could return number 156 and it is bigger than the 'tar_hdr->prefix'
buffer size (155). See the line src/tar.c:164, there may occur buffer
overflow:
$ export MYDIR=`printf 'a%.0s' {1..67}`/`printf 'a%.0s' {1..88}`/
$ mkdir -p $MYDIR
$ echo $MYDIR | cpio -ov -H ustar > /dev/null
Pavel
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Bug-cpio] Bad splitting long file names in ustar header,
Pavel Raiskup <=