Module Name: src
Committed By: bouyer
Date: Sun Aug 16 22:41:17 UTC 2009
Modified Files:
src/lib/libc/gen [netbsd-5-0]: fts.c
Log Message:
Pull up following revision(s) (requested by christos in ticket #915):
lib/libc/gen/fts.c: revision 1.38
Avoid possible integer overflow and subsequent collateral damage.
Received from OpenBSD via US-CERT as VU #590371.
Original OpenBSD commit log:
revision 1.42
date: 2009/02/11 13:24:05; author: otto; state: Exp; lines: +9 -1
Avoid level going negative on deep (i mean really deep) dirs. Reported
by Maksymilian Arciemowicz. ok kettenis@ millert@
To generate a diff of this commit:
cvs rdiff -u -r1.34.4.1 -r1.34.4.1.2.1 src/lib/libc/gen/fts.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/lib/libc/gen/fts.c
diff -u src/lib/libc/gen/fts.c:1.34.4.1 src/lib/libc/gen/fts.c:1.34.4.1.2.1
--- src/lib/libc/gen/fts.c:1.34.4.1 Thu Jan 8 22:00:34 2009
+++ src/lib/libc/gen/fts.c Sun Aug 16 22:41:16 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: fts.c,v 1.34.4.1 2009/01/08 22:00:34 snj Exp $ */
+/* $NetBSD: fts.c,v 1.34.4.1.2.1 2009/08/16 22:41:16 bouyer Exp $ */
/*-
* Copyright (c) 1990, 1993, 1994
@@ -38,7 +38,7 @@
#if 0
static char sccsid[] = "@(#)fts.c 8.6 (Berkeley) 8/14/94";
#else
-__RCSID("$NetBSD: fts.c,v 1.34.4.1 2009/01/08 22:00:34 snj Exp $");
+__RCSID("$NetBSD: fts.c,v 1.34.4.1.2.1 2009/08/16 22:41:16 bouyer Exp $");
#endif
#endif /* LIBC_SCCS and not lint */
@@ -726,6 +726,14 @@
len++;
maxlen = sp->fts_pathlen - len;
+ if (cur->fts_level == SHRT_MAX) {
+ (void)closedir(dirp);
+ cur->fts_info = FTS_ERR;
+ SET(FTS_STOP);
+ errno = ENAMETOOLONG;
+ return (NULL);
+ }
+
level = cur->fts_level + 1;
/* Read the directory, attaching each entry to the `link' pointer. */
