bug-cpio
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-cpio] out-of-bounds write with cpio -i


From: Pavel Raiskup
Subject: Re: [Bug-cpio] out-of-bounds write with cpio -i
Date: Thu, 27 Nov 2014 16:02:37 +0100
User-agent: KMail/4.14.3 (Linux/3.17.3-200.fc20.x86_64; KDE/4.14.3; x86_64; ; )

On Tuesday 25 of November 2014 13:31:23 Pavel Raiskup wrote:
> On Saturday 22 of November 2014 23:37:07 Michal Zalewski wrote:
> > Please see this test case for cpio 2.11:
> > 
> > http://lcamtuf.coredump.cx/afl/vulns/lesspipe-cpio-bad-write.cpio
> 
> Possible fix attached.

Well, that patch follows the "no-limit" GNU advice.  Taking some weird big
cpio archive into account (consisting of only symlink name), we could
rather end up with something like MAX_SYMLINK_LENGTH constant.  The pros
would be probably smaller code change.  Thoughts?

Pavel




reply via email to

[Prev in Thread] Current Thread [Next in Thread]