[bug #51841] find buffer-overflow with -printf '%T+'

bug-findutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug #51841] find buffer-overflow with -printf '%T+'

From:	Kamil Dudka
Subject:	[bug #51841] find buffer-overflow with -printf '%T+'
Date:	Fri, 25 Aug 2017 07:01:53 -0400 (EDT)
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:55.0) Gecko/20100101 Firefox/55.0

Follow-up Comment #1, bug #51841 (project findutils):

I think that both the bug and the fix are obvious.  After the mentioned
patch,
the code writes 12 bytes into a stack-allocated array of size 6 bytes:

  char fmt[6];

  // [...]

  /* Format the main part of the time. */
  if (kind == '+')
    {
      /* Avoid %F, some Unix versions lack it.  For example:
         HP Tru64 UNIX V5.1B (Rev. 2650); Wed Feb 17 22:59:59 CST 2016
         Also, some older HP-UX versions expand %F as the full month (like
%B).
         Reported by Steven M. Schweda <address@hidden> */
      strcpy (fmt, "%Y-%m-%d+%T");

I believe that increasing size of the fmt array to 12 bytes will fix the bug.


    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?51841>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/

[Prev in Thread]

Current Thread

[Next in Thread]

[bug #51841] find buffer-overflow with -printf '%T+', Andreas Metzler, 2017/08/24
- [bug #51841] find buffer-overflow with -printf '%T+', Kamil Dudka <=
  - [bug #51841] find buffer-overflow with -printf '%T+', Bernhard Voelker, 2017/08/28

Prev by Date: [bug #51841] find buffer-overflow with -printf '%T+'
Next by Date: [bug #51711] non-helping error output with find
Previous by thread: [bug #51841] find buffer-overflow with -printf '%T+'
Next by thread: [bug #51841] find buffer-overflow with -printf '%T+'
Index(es):
- Date
- Thread