Re: Bug w/ gawk tat extension

bug-gnu-utils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bug w/ gawk tat extension

From:	Aharon Robbins
Subject:	Re: Bug w/ gawk tat extension
Date:	Mon, 20 Jun 2005 22:56:42 +0300

Thanks for the fix.  I'll get it in for the next release.

Arnold

> Date: Fri, 17 Jun 2005 14:35:13 -0600 (MDT)
> From: Glenn Zazulia <address@hidden>
> Subject: Bug w/ gawk tat extension
> To: address@hidden
> Cc: address@hidden
>
> Hello,
>
> I noticed a bug with the readlink() call in extension/filefuncs.c when
> stat()ing a symlink.  Notice that the code does not check the return
> value. When readlink() fails, the return value is set to -1, of course,
> and that value is used as an array offset a few lines later, corrupting
> the stack and ultimately causing a SEGV abort.
>
> Example filesystem symlinks that cause readlink() to fail can be found
> in the /proc filesystem on Linux systems (at least on the various RedHat
> versions that I've tested, such as 8 & 9).  In particular, look for the
> low-numbered kernel process, such as /proc/10/exe.
>
> Since this bug occurs just in the sample extension code, it's probably
> not considered especially serious, but I thought I'd report it anyway.
> Please see below for a sample patch...
>
> Glenn Zazulia
> address@hidden
>
> --
>
> --- filefuncs.c       2004-06-21 08:05:51.000000000 -0600
> +++ filefuncs.new.c   2005-06-17 14:23:39.000000000 -0600
> @@ -260,14 +260,15 @@
>               char buf[BUFSIZ*2];
>               int linksize;
>  
> -             linksize = readlink(file->stptr, buf, sizeof buf);
> -             /* should make this smarter */
> -             if (linksize == sizeof(buf))
> -                     fatal("size of symbolic link too big");
> -             buf[linksize] = '\0';
> -
> -             aptr = assoc_lookup(array, tmp_string("linkval", 7), FALSE);
> -             *aptr = make_string(buf, linksize);
> +             if ((linksize = readlink(file->stptr, buf, sizeof buf)) >= 0) {
> +                 /* should make this smarter */
> +                 if (linksize >= sizeof(buf))
> +                         fatal("size of symbolic link too big");
> +                 buf[linksize] = '\0';
> +
> +                 aptr = assoc_lookup(array, tmp_string("linkval", 7), FALSE);
> +                 *aptr = make_string(buf, linksize);
> +             }
>       }
>  
>       /* add a type field */

[Prev in Thread]

Current Thread

[Next in Thread]

Bug w/ gawk tat extension, Glenn Zazulia, 2005/06/19
- Re: Bug w/ gawk tat extension, Aharon Robbins <=
  - Re: Bug w/ gawk stat extension, Glenn Zazulia, 2005/06/21
    - Re: Bug w/ gawk stat extension, Andrew J. Schorr, 2005/06/21
    - Re: Bug w/ gawk stat extension, Andrew J. Schorr, 2005/06/21
    - Re: Bug w/ gawk stat extension, Andreas Schwab, 2005/06/21
    - Re: Bug w/ gawk stat extension, Andrew J. Schorr, 2005/06/21
    - Re: Bug w/ gawk stat extension, Glenn Zazulia, 2005/06/22
    - Re: Bug w/ gawk stat extension, Jim Meyering, 2005/06/22
    - Re: Bug w/ gawk stat extension, Andrew J. Schorr, 2005/06/22
    - Re: Bug w/ gawk stat extension, Jim Meyering, 2005/06/22

Prev by Date: gawk 3.1.4l: pwcat and grcat in wrong directory
Next by Date: Re: gawk 3.1.4l: pwcat and grcat in wrong directory
Previous by thread: Bug w/ gawk tat extension
Next by thread: Re: Bug w/ gawk stat extension
Index(es):
- Date
- Thread