1279 – Core from xargs due to out of range string copying

Bug 1279 - Core from xargs due to out of range string copying

Summary: Core from xargs due to out of range string copying

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	findutils
Sub Component:
Version:	5.2
Hardware:	i386
OS:	Linux
Priority:	high
Severity:	medium
Target Milestone:	---
Assignee:	Preston Brown
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	1999-02-22 16:21 UTC by Mark Cooke
Modified:	2008-05-01 15:37 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	1999-03-29 22:05:07 UTC
Embargoed:

Attachments	(Terms of Use)

Description Mark Cooke 1999-02-22 16:21:15 UTC

Using substitution for xargs scripting can cause an
out of bounds string copy, which in turn causes a core.

Eg,

echo 123 | xargs -i touch --reference={}.body {}.shtml

file core
core: ELF 32-bit LSB core file of 'xargs' (signal 11), Intel
80386, version 1

Solution:

A patch to the do_insert function.

ftp://pc24.sr.bham.ac.uk/pub/packages/SOURCES/findutils-4.1-xargs-overflow.patch

--- findutils-4.1/xargs/xargs.c.orig    Mon Feb 22 16:18:15
1999
+++ findutils-4.1/xargs/xargs.c Mon Feb 22 16:18:48 1999
@@ -625,4 +625,5 @@
       p += len;
       arg += len;
+      arglen -= len;

       if (s)
@@ -633,4 +634,5 @@
          strcpy (p, linebuf);
          arg += rplen;
+          arglen -= rplen;
          p += lblen;
        }

Regards,

Mark Cooke

Comment 1 Preston Brown 1999-03-29 22:04:59 UTC

fixed in findutils-4.1-31 and later, available in the RawHide tree
(and 6.0, if you don't mind waiting).

Note You need to log in before you can comment on or make changes to this bug.