Re: tiny buffer overflow in 'stat' (4.5.3)

bug-coreutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: tiny buffer overflow in 'stat' (4.5.3)

From:	Jim Meyering
Subject:	Re: tiny buffer overflow in 'stat' (4.5.3)
Date:	Wed, 27 Aug 2003 11:06:28 +0200

Tommi Kyntola <address@hidden> wrote:
> It appears that stat source function print_it (stat.c:574) can be tricked
> into performing a strchr (and after that either an fputs or worse with %
> manipulation) beyond the terminator in the string received from
> char *format = strdup (masterformat);
>
> This happens whenever the given --format ends in '%'.
...
> --- coreutils-4.5.3-vanilla/src/stat.c  2002-09-22 09:48:28.000000000 +0300
> +++ coreutils-4.5.3-statfix/src/stat.c  2003-08-26 16:23:50.097650304 +0300
...

Thank you very much.
I've applied your patch.

FYI, the latest is coreutils-5.0.90:

  ftp://alpha.gnu.org/gnu/coreutils/coreutils-5.0.90.tar.bz2

Even newer sources (including your fix) are available here:
  http://savannah.gnu.org/projects/coreutils/

[Prev in Thread]

Current Thread

[Next in Thread]

tiny buffer overflow in 'stat' (4.5.3), Tommi Kyntola, 2003/08/26
- Re: tiny buffer overflow in 'stat' (4.5.3), Jim Meyering <=

Prev by Date: paste(1) adds a \377 to files with no final newline.
Next by Date: Re: du -D doesn't?
Previous by thread: tiny buffer overflow in 'stat' (4.5.3)
Next by thread: configure incorrectly approves system mkstemp on Tru64 os
Index(es):
- Date
- Thread