[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

segfaults in CACHE_IDS code paths

From: Tobias Stoeckmann
Subject: segfaults in CACHE_IDS code paths
Date: Mon, 23 Feb 2015 22:04:59 +0100


if id caching is activated during compilation, findutils is prone to two
segmentation faults. First, it fails to validate a range check in file
find/parser.c line 1750. If the group in /etc/groups has a gid that is
close to 2^32, the variable overflows in xmalloc and reserves not enough
memory, which will then be overridden with ones.

The other one happens when find encounters a group id that is higher
than the highest one in /etc/group. It uses the gid of the file as index
without validating ranges.

I would recommend to just remove the --enable-id-cache/CACHE_IDS code.
It has to be activated and I didn't encounter a Linux distribution that
activated it so far.

This shows how to reproduce the segfault pathes with group ids. The
same is true for user ids:

$ ./configure --enable-id-cache && make
$ ./find/find --version
find (GNU findutils) 4.5.15-git
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Written by Eric B. Decker, James Youngman, and Kevin Dalley.
FTS(FTS_CWDFD) CBO(level=2) 
$ sudo groupadd -g 4294965248 crash
$ ./find/find -nogroup
Segmentation fault
$ sudo groupdel crash
$ touch myfile
$ sudo chgrp 2000000 myfile
$ ./find/find -nogroup
Segmentation fault


reply via email to

[Prev in Thread] Current Thread [Next in Thread]