[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: cpio RCE Exploit Caused by Integer Overflow
From: |
Salvatore Bonaccorso |
Subject: |
Re: cpio RCE Exploit Caused by Integer Overflow |
Date: |
Wed, 11 Aug 2021 16:31:20 +0200 |
Hi Sergey,
On Sat, Aug 07, 2021 at 12:02:30PM +0200, Sergey Poznyakoff wrote:
> Thank you. Fixed in dd96882877721703e19272fe25034560b794061b.
It looks the fix might cause a functional regression. In Debian the
patch was cherry-picked. With the unpatched version the following
works:
cd $(mktemp -d) ; touch foo ; echo foo | cpio -pd $(python3 -c 'print("A" *
128)')
applying the patch, causes cpio with the above to hang (not with a
length of 127 characters though).
Regards,
Salvatore
Re: cpio RCE Exploit Caused by Integer Overflow, Diederik de Haas, 2021/08/17