[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-cpio] out-of-bounds write with cpio -i
From: |
Pavel Raiskup |
Subject: |
Re: [Bug-cpio] out-of-bounds write with cpio -i |
Date: |
Thu, 27 Nov 2014 16:02:37 +0100 |
User-agent: |
KMail/4.14.3 (Linux/3.17.3-200.fc20.x86_64; KDE/4.14.3; x86_64; ; ) |
On Tuesday 25 of November 2014 13:31:23 Pavel Raiskup wrote:
> On Saturday 22 of November 2014 23:37:07 Michal Zalewski wrote:
> > Please see this test case for cpio 2.11:
> >
> > http://lcamtuf.coredump.cx/afl/vulns/lesspipe-cpio-bad-write.cpio
>
> Possible fix attached.
Well, that patch follows the "no-limit" GNU advice. Taking some weird big
cpio archive into account (consisting of only symlink name), we could
rather end up with something like MAX_SYMLINK_LENGTH constant. The pros
would be probably smaller code change. Thoughts?
Pavel