Module Name: src Committed By: bouyer Date: Sun Aug 16 22:41:23 UTC 2009
Modified Files: src/lib/libc/gen [netbsd-5]: fts.c Log Message: Pull up following revision(s) (requested by christos in ticket #915): lib/libc/gen/fts.c: revision 1.38 Avoid possible integer overflow and subsequent collateral damage. Received from OpenBSD via US-CERT as VU #590371. Original OpenBSD commit log: revision 1.42 date: 2009/02/11 13:24:05; author: otto; state: Exp; lines: +9 -1 Avoid level going negative on deep (i mean really deep) dirs. Reported by Maksymilian Arciemowicz. ok kettenis@ millert@ To generate a diff of this commit: cvs rdiff -u -r1.34.4.1 -r1.34.4.2 src/lib/libc/gen/fts.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/lib/libc/gen/fts.c diff -u src/lib/libc/gen/fts.c:1.34.4.1 src/lib/libc/gen/fts.c:1.34.4.2 --- src/lib/libc/gen/fts.c:1.34.4.1 Thu Jan 8 22:00:34 2009 +++ src/lib/libc/gen/fts.c Sun Aug 16 22:41:23 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: fts.c,v 1.34.4.1 2009/01/08 22:00:34 snj Exp $ */ +/* $NetBSD: fts.c,v 1.34.4.2 2009/08/16 22:41:23 bouyer Exp $ */ /*- * Copyright (c) 1990, 1993, 1994 @@ -38,7 +38,7 @@ #if 0 static char sccsid[] = "@(#)fts.c 8.6 (Berkeley) 8/14/94"; #else -__RCSID("$NetBSD: fts.c,v 1.34.4.1 2009/01/08 22:00:34 snj Exp $"); +__RCSID("$NetBSD: fts.c,v 1.34.4.2 2009/08/16 22:41:23 bouyer Exp $"); #endif #endif /* LIBC_SCCS and not lint */ @@ -726,6 +726,14 @@ len++; maxlen = sp->fts_pathlen - len; + if (cur->fts_level == SHRT_MAX) { + (void)closedir(dirp); + cur->fts_info = FTS_ERR; + SET(FTS_STOP); + errno = ENAMETOOLONG; + return (NULL); + } + level = cur->fts_level + 1; /* Read the directory, attaching each entry to the `link' pointer. */