CVS commit: src/usr.bin/gzip

To: source-changes%NetBSD.org@localhost
Subject: CVS commit: src/usr.bin/gzip
From: "Christos Zoulas" <christos%netbsd.org@localhost>
Date: Tue, 14 Apr 2015 22:29:13 -0400

Module Name:    src
Committed By:   christos
Date:           Wed Apr 15 02:29:13 UTC 2015

Modified Files:
        src/usr.bin/gzip: gzip.c

Log Message:
Coverity CID 1264915, Via FreeBSD (Xin Li)

When reading in the original file name from gzip header, we read
in PATH_MAX + 1 bytes from the file.  In r281500, strrchr() is
used to strip possible path portion of the file name to mitigate
a possible attack.  Unfortunately, strrchr() expects a buffer
that is NUL-terminated, and since we are processing potentially
untrusted data, we can not assert that be always true.

Solve this by reading in one less byte (now PATH_MAX) and
explicitly terminate the buffer after the read size with NUL.


To generate a diff of this commit:
cvs rdiff -u -r1.107 -r1.108 src/usr.bin/gzip/gzip.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: src/sys/arch
Next by Date: CVS commit: src/sys/netinet
Previous by Thread: CVS commit: src/sys/arch
Next by Thread: CVS commit: src/sys/netinet
Indexes:

Home | Main Index | Thread Index | Old Index