Re: cpio RCE Exploit Caused by Integer Overflow

bug-cpio

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cpio RCE Exploit Caused by Integer Overflow

From:	Salvatore Bonaccorso
Subject:	Re: cpio RCE Exploit Caused by Integer Overflow
Date:	Wed, 11 Aug 2021 16:31:20 +0200

Hi Sergey,

On Sat, Aug 07, 2021 at 12:02:30PM +0200, Sergey Poznyakoff wrote:
> Thank you.  Fixed in dd96882877721703e19272fe25034560b794061b.

It looks the fix might cause a functional regression. In Debian the
patch was cherry-picked. With the unpatched version the following
works:

cd $(mktemp -d) ; touch foo ; echo foo | cpio -pd $(python3 -c 'print("A" * 
128)')

applying the patch, causes cpio with the above to hang (not with a
length of 127 characters though).

Regards,
Salvatore

[Prev in Thread]

Current Thread

[Next in Thread]

cpio RCE Exploit Caused by Integer Overflow, Maverick Chung, 2021/08/06
- Re: cpio RCE Exploit Caused by Integer Overflow, Maverick Chung, 2021/08/06
- Re: cpio RCE Exploit Caused by Integer Overflow, Sergey Poznyakoff, 2021/08/07
  - Re: cpio RCE Exploit Caused by Integer Overflow, Salvatore Bonaccorso <=
    - Re: cpio RCE Exploit Caused by Integer Overflow, Sergey Poznyakoff, 2021/08/11
- Re: cpio RCE Exploit Caused by Integer Overflow, Juerg Haefliger, 2021/08/17
  - Re: cpio RCE Exploit Caused by Integer Overflow, Sergey Poznyakoff, 2021/08/17
    - Re: cpio RCE Exploit Caused by Integer Overflow, Salvatore Bonaccorso, 2021/08/21
    - Re: cpio RCE Exploit Caused by Integer Overflow, Sergey Poznyakoff, 2021/08/21
    - Re: cpio RCE Exploit Caused by Integer Overflow, Salvatore Bonaccorso, 2021/08/21
- Re: cpio RCE Exploit Caused by Integer Overflow, Diederik de Haas, 2021/08/17

Prev by Date: Re: cpio RCE Exploit Caused by Integer Overflow
Next by Date: Re: Bug#992098: version -6 seems to have introduced another bug
Previous by thread: Re: cpio RCE Exploit Caused by Integer Overflow
Next by thread: Re: cpio RCE Exploit Caused by Integer Overflow
Index(es):
- Date
- Thread