[bug #45062] Enabling CACHE_IDS causes segfaults

Sat, 09 May 2015 15:04:27 -0700 

URL:
  <http://savannah.gnu.org/bugs/?45062>

                 Summary: Enabling CACHE_IDS causes segfaults
                 Project: findutils
            Submitted by: jay
            Submitted on: Sat 09 May 2015 22:03:56 GMT
                Category: find
                Severity: 5 - Blocker
              Item Group: Wrong result
                  Status: In Progress
                 Privacy: Public
             Assigned to: jay
         Originator Name: Tobias Stoeckmann
        Originator Email: tob...@stoeckmann.org
             Open/Closed: Open
         Discussion Lock: Any
                 Release: 4.1.7
           Fixed Release: None

    _______________________________________________________

Details:

Hi,

if id caching is activated during compilation, findutils is prone to two
segmentation faults. First, it fails to validate a range check in file
find/parser.c line 1750. If the group in /etc/groups has a gid that is
close to 2^32, the variable overflows in xmalloc and reserves not enough
memory, which will then be overridden with ones.

The other one happens when find encounters a group id that is higher
than the highest one in /etc/group. It uses the gid of the file as index
without validating ranges.

I would recommend to just remove the --enable-id-cache/CACHE_IDS code.
It has to be activated and I didn't encounter a Linux distribution that
activated it so far.

This shows how to reproduce the segfault pathes with group ids. The
same is true for user ids:

$ ./configure --enable-id-cache && make
$ ./find/find --version
find (GNU findutils) 4.5.15-git
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Written by Eric B. Decker, James Youngman, and Kevin Dalley.
Features enabled: CACHE_IDS D_TYPE O_NOFOLLOW(enabled) LEAF_OPTIMISATION
FTS(FTS_CWDFD) CBO(level=2)
$ sudo groupadd -g 4294965248 crash
$ ./find/find -nogroup
Segmentation fault
$ sudo groupdel crash
$ touch myfile
$ sudo chgrp 2000000 myfile
$ ./find/find -nogroup
Segmentation fault




    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?45062>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/

Reply via email to