Bug#33781: tiny-ls.c in busybox has buffer overruns

To: submit@bugs.debian.org
Subject: Bug#33781: tiny-ls.c in busybox has buffer overruns
From: Avery Pennarun <apenwarr@worldvisions.ca>
Date: Tue, 23 Feb 1999 18:01:38 -0500
Message-id: <[🔎] 19990223180138.A31470@worldvisions.ca>
Reply-to: Avery Pennarun <apenwarr@worldvisions.ca>, 33781@bugs.debian.org

Package: boot-floppies
Version: 2.1.7

Hi,

I just found a bug that crashes the busybox package.  It has lots of buffer
overrun possibilities, but this one is actually likely to occur under
"normal" (non-evil) use:  the buffer it gives to readlink() is much too
small.

Here's a fix.

Have fun,

Avery


diff -u -r1.3 tiny-ls.c
--- tiny-ls.c	1998/11/09 04:07:39	1.3
+++ tiny-ls.c	1999/02/23 22:51:29
@@ -146,7 +146,7 @@
 
 static void writenum(long val, short minwidth)
 {
-	char	scratch[20];
+	char	scratch[128];
 
 	char *p = scratch + sizeof(scratch);
 	short len = 0;
@@ -211,7 +211,7 @@
 
 static void list_single(const char *name, struct stat *info)
 {
-	char scratch[20];
+	char scratch[PATH_MAX];
 	short len = strlen(name);
 #ifdef FEATURE_FILETYPECHAR
 	char append = append_char(info->st_mode);

Reply to:

Prev by Date: Re: slink_cd: still waiting on final boot/install setup
Next by Date: Re: boot disk comments
Previous by thread: Uploaded boot-floppies_2.1.8 (source all i386) to master
Next by thread: Bug#33798: Bug in base package for PowerPC
Index(es):
- Date
- Thread