Differential D53129

quot: Fix benign buffer overflow
ClosedPublic
Actions

Authored by des on Oct 16 2025, 10:32 AM.

Tags

None

Referenced Files

	F157230629: D53129.diff
	Tue, May 19, 12:57 PM

	Unknown Object (File)
	Thu, May 14, 2:01 PM

	Unknown Object (File)
	Thu, May 14, 8:25 AM

	Unknown Object (File)
	Wed, May 13, 6:33 AM

	Unknown Object (File)
	Tue, May 5, 9:12 AM

	Unknown Object (File)
	Sat, May 2, 7:53 PM

	Unknown Object (File)
	Mon, Apr 20, 12:23 PM

	Unknown Object (File)
	Mon, Apr 20, 12:41 AM

View All 49 Files

Subscribers

Details

Reviewers

obiwac
emaste

Commits

rG60384327a89e: quot: Fix benign buffer overflow
rGbbf986d0f140: quot: Fix benign buffer overflow
rG3d680881f6ed: quot: Fix benign buffer overflow
rGedeff9b3f5ef: quot: Fix benign buffer overflow
rG5854d1cbab10: quot: Fix benign buffer overflow

Summary

If it encounters an inode whose owner does not have a pw entry, quot
allocates a 7-byte buffer (8 in practice, since that is the minimum
allocation size) and uses it to store the numeric uid preceded by a
hash character. This will overflow the allocated buffer if the UID
exceeds 6 decimal digits. Avoid this by using asprintf() instead.

While here, simplify the common case as well using strdup().

Reported by: Igor Gabriel Sousa e Souza
MFC after: 3 days

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

des created this revision.Oct 16 2025, 10:32 AM

Herald added a subscriber: imp. · View Herald TranscriptOct 16 2025, 10:32 AM

des requested review of this revision.Oct 16 2025, 10:32 AM

Harbormaster completed remote builds in B67815: Diff 164280.Oct 16 2025, 10:32 AM

des added a child revision: D53130: quot: Clean up.Oct 16 2025, 10:32 AM

obiwac accepted this revision.Oct 16 2025, 10:38 AM

This revision is now accepted and ready to land.Oct 16 2025, 10:38 AM

emaste accepted this revision.Oct 16 2025, 12:20 PM

Closed by commit rG5854d1cbab10: quot: Fix benign buffer overflow (authored by des). · Explain WhyOct 17 2025, 11:55 AM

This revision was automatically updated to reflect the committed changes.

des added a commit: rG5854d1cbab10: quot: Fix benign buffer overflow.

des added a commit: rGedeff9b3f5ef: quot: Fix benign buffer overflow.Oct 20 2025, 4:12 PM

des added a commit: rG3d680881f6ed: quot: Fix benign buffer overflow.

des added a commit: rGbbf986d0f140: quot: Fix benign buffer overflow.

cperciva added a commit: rG60384327a89e: quot: Fix benign buffer overflow.Oct 30 2025, 11:53 PM

Revision Contents
Changeset List

Path

Size

usr.sbin/

quot/

8 lines

Diff 164397

usr.sbin/quot/quot.c

Loading...