diff options
author | jilles <jilles@FreeBSD.org> | 2010-08-10 22:45:59 +0000 |
---|---|---|
committer | jilles <jilles@FreeBSD.org> | 2010-08-10 22:45:59 +0000 |
commit | 8824c5ab7690895c9f4c64dc73d5cbd0dd4d62e4 (patch) | |
tree | 7e2b11fc91b3dd1fd5d1dc48d4e2e40ebee05f55 /sbin | |
parent | 243488333fe36a4095d1e102254a664ed1effc85 (diff) | |
download | FreeBSD-src-8824c5ab7690895c9f4c64dc73d5cbd0dd4d62e4.zip FreeBSD-src-8824c5ab7690895c9f4c64dc73d5cbd0dd4d62e4.tar.gz |
sh: Fix heap-based buffer overflow in pathname generation.
The buffer for generated pathnames could be too small in some cases. It
happened to be always at least PATH_MAX long, so there was never an overflow
if the resulting pathnames would be usable.
This bug may be abused if a script subjects input from an untrusted source
to pathname generation, which a bad idea anyhow. Most shell scripts do not
work on untrusted data. secteam@ says no advisory is necessary.
PR: bin/148733
Reported by: Changming Sun snnn119 at gmail com
MFC after: 10 days
Diffstat (limited to 'sbin')
0 files changed, 0 insertions, 0 deletions