diff options
| author | imp <imp@FreeBSD.org> | 1999-09-02 07:45:07 +0000 |
|---|---|---|
| committer | imp <imp@FreeBSD.org> | 1999-09-02 07:45:07 +0000 |
| commit | c137e13b4eaed1f761594dffb6c81af06d2ac78e (patch) | |
| tree | b8ff49e3abb374589094ea0c64eb01c2d6dd5e1a /lib | |
| parent | ac5f1ad1345830495bb5bd18b4edf9f1ff8dabde (diff) | |
| download | FreeBSD-src-c137e13b4eaed1f761594dffb6c81af06d2ac78e.zip FreeBSD-src-c137e13b4eaed1f761594dffb6c81af06d2ac78e.tar.gz | |
Fix the root cause of the fts buffer overflow. This is a temporary
patch to stop the core dumps while others come up with a better
reviewed patch which may also fix other problems. We do illegal
pointer arithmetic, but it should be OK since FreeBSD only supports
machines with flat address spaces.
Submitted by: bde
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libc/gen/fts-compat.c | 28 | ||||
| -rw-r--r-- | lib/libc/gen/fts.c | 28 |
2 files changed, 46 insertions, 10 deletions
diff --git a/lib/libc/gen/fts-compat.c b/lib/libc/gen/fts-compat.c index da88ed1..c592cfd 100644 --- a/lib/libc/gen/fts-compat.c +++ b/lib/libc/gen/fts-compat.c @@ -963,6 +963,24 @@ fts_palloc(sp, more) return (sp->fts_path == NULL); } +static void +ADJUST(p, addr) + FTSENT *p; + void *addr; +{ + if ((p)->fts_accpath >= (p)->fts_path && + (p)->fts_accpath < (p)->fts_path + (p)->fts_pathlen) { + if (p->fts_accpath != p->fts_path) + errx(1, "fts ADJUST: accpath %p path %p", + p->fts_accpath, p->fts_path); + if (p->fts_level != 0) + errx(1, "fts ADJUST: level %d not 0", p->fts_level); + (p)->fts_accpath = + (char *)addr + ((p)->fts_accpath - (p)->fts_path); + } + (p)->fts_path = addr; +} + /* * When the path is realloc'd, have to fix all of the pointers in structures * already returned. @@ -974,18 +992,18 @@ fts_padjust(sp, addr) { FTSENT *p; -#define ADJUST(p) { \ - (p)->fts_accpath = \ - (char *)addr + ((p)->fts_accpath - (p)->fts_path); \ +#define ADJUST1(p) { \ + if ((p)->fts_accpath == (p)->fts_path) \ + (p)->fts_accpath = (addr); \ (p)->fts_path = addr; \ } /* Adjust the current set of children. */ for (p = sp->fts_child; p; p = p->fts_link) - ADJUST(p); + ADJUST(p, addr); /* Adjust the rest of the tree. */ for (p = sp->fts_cur; p->fts_level >= FTS_ROOTLEVEL;) { - ADJUST(p); + ADJUST(p, addr); p = p->fts_link ? p->fts_link : p->fts_parent; } } diff --git a/lib/libc/gen/fts.c b/lib/libc/gen/fts.c index da88ed1..c592cfd 100644 --- a/lib/libc/gen/fts.c +++ b/lib/libc/gen/fts.c @@ -963,6 +963,24 @@ fts_palloc(sp, more) return (sp->fts_path == NULL); } +static void +ADJUST(p, addr) + FTSENT *p; + void *addr; +{ + if ((p)->fts_accpath >= (p)->fts_path && + (p)->fts_accpath < (p)->fts_path + (p)->fts_pathlen) { + if (p->fts_accpath != p->fts_path) + errx(1, "fts ADJUST: accpath %p path %p", + p->fts_accpath, p->fts_path); + if (p->fts_level != 0) + errx(1, "fts ADJUST: level %d not 0", p->fts_level); + (p)->fts_accpath = + (char *)addr + ((p)->fts_accpath - (p)->fts_path); + } + (p)->fts_path = addr; +} + /* * When the path is realloc'd, have to fix all of the pointers in structures * already returned. @@ -974,18 +992,18 @@ fts_padjust(sp, addr) { FTSENT *p; -#define ADJUST(p) { \ - (p)->fts_accpath = \ - (char *)addr + ((p)->fts_accpath - (p)->fts_path); \ +#define ADJUST1(p) { \ + if ((p)->fts_accpath == (p)->fts_path) \ + (p)->fts_accpath = (addr); \ (p)->fts_path = addr; \ } /* Adjust the current set of children. */ for (p = sp->fts_child; p; p = p->fts_link) - ADJUST(p); + ADJUST(p, addr); /* Adjust the rest of the tree. */ for (p = sp->fts_cur; p->fts_level >= FTS_ROOTLEVEL;) { - ADJUST(p); + ADJUST(p, addr); p = p->fts_link ? p->fts_link : p->fts_parent; } } |
