Date: Fri, 4 Dec 1998 01:09:20 -0500 (EST) From: jwd@unx.sas.com To: FreeBSD-gnats-submit@FreeBSD.ORG Subject: bin/8958: bug in /bin/pax -s option processing Message-ID: <199812040609.BAA03786@magenta.pc.sas.com>
next in thread | raw e-mail | index | archive | help
>Number: 8958 >Category: bin >Synopsis: bug in /bin/pax -s option processing >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Dec 3 22:10:00 PST 1998 >Last-Modified: >Originator: John W. DeBoskey >Organization: SAS Institute >Release: FreeBSD 3.0-19981124-SNAP i386 >Environment: Typical FreeBSD installation. >Description: /bin/pax -s processing assumes pattern match/replacements will always occur at offset zero. When a pattern match does not occur at offset zero, then the input source string pointer is incremented too far. Thus, output replacement strings are corrupt. User level data is damaged. >How-To-Repeat: Create the following symlink in /tmp: ln -s /usr/src/bin/pax/pax.c pax.c pax.c -> /usr/src/bin/pax/pax.c Copy the symlink to /var/tmp and change src to src2 pax -rw -v -pp -s /src/src2/ pax.c /var/tmp Inspect the copied link: pax.c -> /usr/src2pax/pax.c Note the missing path sep char. >Fix: --- /usr/src/bin/pax/pat_rep.c.old Fri May 15 02:27:44 1998 +++ /usr/src/bin/pax/pat_rep.c Fri Dec 4 00:11:44 1998 @@ -1002,7 +1002,7 @@ # ifdef NET2_REGEX inpt = pt->rcmp->endp[0]; # else - inpt += pm[0].rm_eo; + inpt += pm[0].rm_eo - pm[0].rm_so; # endif if ((outpt == endpt) || (*inpt == '\0')) >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199812040609.BAA03786>