Bug 1279 - Core from xargs due to out of range string copying
Core from xargs due to out of range string copying
Status: CLOSED CURRENTRELEASE
Product: Red Hat Linux
Classification: Retired
Component: findutils (Show other bugs)
5.2
i386 Linux
high Severity medium
: ---
: ---
Assigned To: Preston Brown
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 1999-02-22 11:21 EST by Mark Cooke
Modified: 2008-05-01 11:37 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 1999-03-29 17:05:07 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Mark Cooke 1999-02-22 11:21:15 EST
Using substitution for xargs scripting can cause an
out of bounds string copy, which in turn causes a core.

Eg,

echo 123 | xargs -i touch --reference={}.body {}.shtml

file core
core: ELF 32-bit LSB core file of 'xargs' (signal 11), Intel
80386, version 1

Solution:

A patch to the do_insert function.

ftp://pc24.sr.bham.ac.uk/pub/packages/SOURCES/findutils-4.1-xargs-overflow.patch

--- findutils-4.1/xargs/xargs.c.orig    Mon Feb 22 16:18:15
1999
+++ findutils-4.1/xargs/xargs.c Mon Feb 22 16:18:48 1999
@@ -625,4 +625,5 @@
       p += len;
       arg += len;
+      arglen -= len;

       if (s)
@@ -633,4 +634,5 @@
          strcpy (p, linebuf);
          arg += rplen;
+          arglen -= rplen;
          p += lblen;
        }

Regards,

Mark Cooke
Comment 1 Preston Brown 1999-03-29 17:04:59 EST
fixed in findutils-4.1-31 and later, available in the RawHide tree
(and 6.0, if you don't mind waiting).

Note You need to log in before you can comment on or make changes to this bug.