[bug #40088] potential buffer overflow in -execdir and -okdir

James Youngman Sun, 22 Sep 2013 13:25:21 -0700

URL:
  <http://savannah.gnu.org/bugs/?40088>


                 Summary: potential buffer overflow in -execdir and -okdir
                 Project: findutils
            Submitted by: jay
            Submitted on: Sun 22 Sep 2013 20:24:45 GMT
                Category: find
                Severity: 3 - Normal
              Item Group: None
                  Status: None
                 Privacy: Public
             Assigned to: jay
         Originator Name: Dmitry V. Levin
        Originator Email: [email protected]
             Open/Closed: Open
         Discussion Lock: Any
                 Release: 4.5.11
           Fixed Release: None

    _______________________________________________________

Details:

Dmitry already supplied a patch, described thus:

* lib/buildcmd.c (bc_push_arg): Take prefix length into account
to avoid state->argbuf overflow.
* NEWS: Mention this fix.
---

It would be a security issue if one could control factors triggering this bug,
which include a directory with thousands of files.

The full patch is attached.




    _______________________________________________________

File Attachments:


-------------------------------------------------------
Date: Sun 22 Sep 2013 20:24:45 GMT  Name: 0.txt  Size: 5kB   By: jay

<http://savannah.gnu.org/bugs/download.php?file_id=29198>

    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?40088>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/

[bug #40088] potential buffer overflow in -execdir and -okdir

Reply via email to