Re: segfaults in CACHE_IDS code paths

[James Youngman]

Thank you for the bug report.  As you suggested, I have removed the
problem code.

On Mon, Feb 23, 2015 at 9:04 PM, Tobias Stoeckmann
<address@hidden> wrote:
> Hi,
>
> if id caching is activated during compilation, findutils is prone to two
> segmentation faults. First, it fails to validate a range check in file
> find/parser.c line 1750. If the group in /etc/groups has a gid that is
> close to 2^32, the variable overflows in xmalloc and reserves not enough
> memory, which will then be overridden with ones.
>
> The other one happens when find encounters a group id that is higher
> than the highest one in /etc/group. It uses the gid of the file as index
> without validating ranges.
>
> I would recommend to just remove the --enable-id-cache/CACHE_IDS code.
> It has to be activated and I didn't encounter a Linux distribution that
> activated it so far.
>
> This shows how to reproduce the segfault pathes with group ids. The
> same is true for user ids:
>
> $ ./configure --enable-id-cache && make
> $ ./find/find --version
> find (GNU findutils) 4.5.15-git
> Copyright (C) 2014 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>.
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.
>
> Written by Eric B. Decker, James Youngman, and Kevin Dalley.
> Features enabled: CACHE_IDS D_TYPE O_NOFOLLOW(enabled) LEAF_OPTIMISATION 
> FTS(FTS_CWDFD) CBO(level=2)
> $ sudo groupadd -g 4294965248 crash
> $ ./find/find -nogroup
> Segmentation fault
> $ sudo groupdel crash
> $ touch myfile
> $ sudo chgrp 2000000 myfile
> $ ./find/find -nogroup
> Segmentation fault
>
>
> Tobias
>



-- 
--
This email is intended solely for the use of its addressee, sender,
and any readers of a mailing list archive in which it happens to
appear.   If you have received this email in error, please say or type
three times, "I believe in the utility of email disclaimers," and then
reply to the author correcting any spellings (and, optionally, any
incorrect spellings), accompanying these with humorous jests about the
author's parentage.   If you are not the addressee, you are
nevertheless permitted to both copy and forward this email since
without such permissions email systems are unable to transmit email to
anybody, intended recipient or not.  To those still reading by this
point, the author would like to apologise for being unable to maintain
a consistent level of humour throughout this disclaimer.  Contents may
settle during transit.  Do not feed the animals.