|
From: | Paul Eggert |
Subject: | Re: [Bug-tar] [PATCH] Possible off-by-one in readlink result |
Date: | Mon, 13 Jul 2015 10:04:50 -0700 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 |
Tobias Stoeckmann wrote:
- size = readlinkat (parentfd, name, buffer, linklen + 1); + size = readlinkat (parentfd, name, buffer, linklen);
Thanks for the bug report and patch. Although that patch fixes the immediate problem, it would still have the bug that a race could cause 'tar' to create a tar image of a symlink that never existed. Also, some file systems report an incorrect st_size on symlinks so it's not wise to trust st_size.
I noticed some other problems while fixing this, and installed the attached set of patches to fix what I found. The last patch should fix the bug you reported, along with the untrustworthy st_size problem.
0001-tar-pacify-GCC-5.1-Wformat-signedness.patch
Description: Text Data
0002-tar-port-to-recent-gnulib.patch
Description: Text Data
0003-tar-port-d-to-longer-symlinks.patch
Description: Text Data
0004-tar-fix-symlink-race-and-symlink-transform-bug.patch
Description: Text Data
[Prev in Thread] | Current Thread | [Next in Thread] |