NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: PR/45285 CVS commit: src/usr.sbin/makefs



The following reply was made to PR bin/45285; it has been noted by GNATS.

From: Martin Matuska <mm%FreeBSD.org@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: Christos Zoulas <christos%netbsd.org@localhost>, 
gnats-admin%netbsd.org@localhost, 
 netbsd-bugs%netbsd.org@localhost
Subject: Re: PR/45285 CVS commit: src/usr.sbin/makefs
Date: Tue, 23 Aug 2011 20:10:57 +0200

 My patch for cd9660.c contained one typo:
 @@ -1652,8 +1652,7 @@ cd9660_level1_convert_filename(const cha
                             *oldname == ',' && strlen(oldname) == 4)
                                 break;
                         /* Enforce 12.3 / 8 */
 -                       if (((namelen == 8) && !found_ext) ||
 -                           (found_ext && extlen == 3)) {
 +                       if (namelen == 8 && !found_ext)
                                 break;
                         }
 
 
 The "}" at the end of this snipplet should be removed, too.
 Thanks!
 
 On 23. 8. 2011 19:10, Christos Zoulas wrote:
 > The following reply was made to PR bin/45285; it has been noted by GNATS.
 >
 > From: "Christos Zoulas" <christos%netbsd.org@localhost>
 > To: gnats-bugs%gnats.NetBSD.org@localhost
 > Cc: 
 > Subject: PR/45285 CVS commit: src/usr.sbin/makefs
 > Date: Tue, 23 Aug 2011 13:09:11 -0400
 >
 >  Module Name:        src
 >  Committed By:       christos
 >  Date:               Tue Aug 23 17:09:11 UTC 2011
 >  
 >  Modified Files:
 >      src/usr.sbin/makefs: cd9660.c
 >  
 >  Log Message:
 >  PR/45285: Martin Matuska: makefs does not properly convert ISO level 1 and 2
 >  filenames (buffer overflow)
 >  
 >  makefs does not properly verify the maximum filename length in the
 >  special "." case for both ISO level 1 and ISO level 2 filename
 >  conversion.  This creates broken images or causes a buffer overflow
 >  (ISO level 2).
 >  
 >  ISO level 1:
 >  If a filename contains only dots or up to 8 characters followed by
 >  dots the 8+3 limit check doesn't work.
 >  
 >  ISO level 2:
 >  If a filename contains a dot in the first 30 characters and a dot
 >  on the 30th character, the length limit check doesn't work and the
 >  buffer is overflowed.
 >  
 >  $ mkdir level1
 >  $ touch level1/12345............
 >  $ makefs -t cd9660 -o isolevel=1 test.iso level1
 >  
 >  $ mkdir level2
 >  $ touch level2/1234567890.2345678901234567.....34567890123456789012345
 >  $ makefs -t cd9660 -o isolevel=2 test.iso level2
 >  
 >  
 >  To generate a diff of this commit:
 >  cvs rdiff -u -r1.31 -r1.32 src/usr.sbin/makefs/cd9660.c
 >  
 >  Please note that diffs are not public domain; they are subject to the
 >  copyright notices on the relevant files.
 >  
 
 
 -- 
 Martin Matuska
 FreeBSD committer
 http://blog.vx.sk
 


Home | Main Index | Thread Index | Old Index