Page MenuHomeFreeBSD
Differential D53129

quot: Fix benign buffer overflow
ClosedPublic
Actions

Authored by des on Thu, Oct 16, 10:32 AM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Nov 6, 6:06 PM
Unknown Object (File)
Sat, Nov 1, 10:35 AM
Unknown Object (File)
Thu, Oct 30, 8:06 AM
Unknown Object (File)
Sat, Oct 25, 6:05 PM
Unknown Object (File)
Sat, Oct 25, 6:05 PM
Unknown Object (File)
Wed, Oct 22, 7:26 PM
Unknown Object (File)
Sat, Oct 18, 1:59 PM
Unknown Object (File)
Sat, Oct 18, 1:56 PM
View All 18 Files
Subscribers
imp

Details

Reviewers
obiwac
emaste
Commits
rG60384327a89e: quot: Fix benign buffer overflow
rGbbf986d0f140: quot: Fix benign buffer overflow
rG3d680881f6ed: quot: Fix benign buffer overflow
rGedeff9b3f5ef: quot: Fix benign buffer overflow
rG5854d1cbab10: quot: Fix benign buffer overflow
Summary

If it encounters an inode whose owner does not have a pw entry, quot
allocates a 7-byte buffer (8 in practice, since that is the minimum
allocation size) and uses it to store the numeric uid preceded by a
hash character. This will overflow the allocated buffer if the UID
exceeds 6 decimal digits. Avoid this by using asprintf() instead.

While here, simplify the common case as well using strdup().

Reported by: Igor Gabriel Sousa e Souza
MFC after: 3 days

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
usr.sbin/
quot/
8 lines

Diff 164397

View Options

usr.sbin/quot/quot.c

Loading...