Date: Fri, 4 Dec 1998 01:09:20 -0500 (EST) From: jwd@unx.sas.com To: FreeBSD-gnats-submit@FreeBSD.ORG Subject: bin/8958: bug in /bin/pax -s option processing Message-ID: <199812040609.BAA03786@magenta.pc.sas.com>
next in thread | raw e-mail | index | archive | help
>Number: 8958
>Category: bin
>Synopsis: bug in /bin/pax -s option processing
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Dec 3 22:10:00 PST 1998
>Last-Modified:
>Originator: John W. DeBoskey
>Organization:
SAS Institute
>Release: FreeBSD 3.0-19981124-SNAP i386
>Environment:
Typical FreeBSD installation.
>Description:
/bin/pax -s processing assumes pattern match/replacements will always
occur at offset zero. When a pattern match does not occur at offset zero,
then the input source string pointer is incremented too far. Thus,
output replacement strings are corrupt.
User level data is damaged.
>How-To-Repeat:
Create the following symlink in /tmp:
ln -s /usr/src/bin/pax/pax.c pax.c
pax.c -> /usr/src/bin/pax/pax.c
Copy the symlink to /var/tmp and change src to src2
pax -rw -v -pp -s /src/src2/ pax.c /var/tmp
Inspect the copied link:
pax.c -> /usr/src2pax/pax.c
Note the missing path sep char.
>Fix:
--- /usr/src/bin/pax/pat_rep.c.old Fri May 15 02:27:44 1998
+++ /usr/src/bin/pax/pat_rep.c Fri Dec 4 00:11:44 1998
@@ -1002,7 +1002,7 @@
# ifdef NET2_REGEX
inpt = pt->rcmp->endp[0];
# else
- inpt += pm[0].rm_eo;
+ inpt += pm[0].rm_eo - pm[0].rm_so;
# endif
if ((outpt == endpt) || (*inpt == '\0'))
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199812040609.BAA03786>