ping?
On Thu, May 16, 2013 at 03:48:21AM +0400, Dmitry V. Levin wrote:
> * lib/buildcmd.c (bc_push_arg): Take prefix length into account
> to avoid state->argbuf overflow.
> * NEWS: Mention this fix.
> ---
>
> It would be a security issue if one could control factors triggering this
> bug, which include a directory with thousands of files.
>
> ChangeLog | 7 +++++++
> NEWS | 2 ++
> lib/buildcmd.c | 2 +-
> 3 files changed, 10 insertions(+), 1 deletion(-)
>
> diff --git a/ChangeLog b/ChangeLog
> index e6914ff..7b4f3e0 100644
> --- a/ChangeLog
> +++ b/ChangeLog
> @@ -1,3 +1,10 @@
> +2013-05-15 Dmitry V. Levin <l...@altlinux.org>
> +
> + find: fix potential buffer overflow in -execdir and -okdir.
> + * lib/buildcmd.c (bc_push_arg): Take prefix length into account
> + to avoid state->argbuf overflow.
> + * NEWS: Mention this fix.
> +
> 2013-04-22 Paul Eggert <egg...@cs.ucla.edu>
>
> More removal of support for -perm +MODE.
> diff --git a/NEWS b/NEWS
> index 4349a21..010ba6e 100644
> --- a/NEWS
> +++ b/NEWS
> @@ -30,6 +30,8 @@ The documentation for xargs now warns about parallel
> processes (xargs
> Some bugs in 4.5.11 were fixed without adding them to the bug
> database, though they are in the ChangeLog:
>
> +*** find -execdir/-okdir potential buffer overflow.
> +
> *** Use of [[ ... ]] in find/testsuite/sv-bug-32043.sh
>
> *** Don't delete header files in "lib/" for "make clean".
> diff --git a/lib/buildcmd.c b/lib/buildcmd.c
> index d135692..2616ed6 100644
> --- a/lib/buildcmd.c
> +++ b/lib/buildcmd.c
> @@ -364,7 +364,7 @@ bc_push_arg (struct buildcmd_control *ctl,
>
> if (!terminate)
> {
> - if (state->cmd_argv_chars + len > ctl->arg_max)
> + if (state->cmd_argv_chars + len + pfxlen > ctl->arg_max)
> {
> if (initial_args || state->cmd_argc == ctl->initial_argc)
> error (EXIT_FAILURE, 0,
>
> --
> ldv
--
ldv
