Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: Buffer overflow with long fd numbers in redirects

X-seq: zsh-workers 33366
From: Peter Stephenson <p.stephenson@xxxxxxxxxxx>
To: zsh workers <zsh-workers@xxxxxxx>
Subject: Re: Buffer overflow with long fd numbers in redirects
Date: Mon, 06 Oct 2014 15:09:00 +0100
In-reply-to: <CAHYJk3QeCiKGuohbduaFa9cct48oL4c2+weEQKsWpr91EM_YkQ@mail.gmail.com>
List-help: <mailto:zsh-workers-help@zsh.org>
List-id: Zsh Workers List <zsh-workers.zsh.org>
List-post: <mailto:zsh-workers@zsh.org>
Mailing-list: contact zsh-workers-help@xxxxxxx; run by ezmlm
Organization: Samsung Cambridge Solution Centre
References: <CAHYJk3QeCiKGuohbduaFa9cct48oL4c2+weEQKsWpr91EM_YkQ@mail.gmail.com>

On Mon, 06 Oct 2014 16:00:44 +0200
Mikael Magnusson <mikachu@xxxxxxxxx> wrote:
> Obviously anything over 999 will not fit in fdstr[]. I just checked
> and it appears we do not use snprintf anywhere, is this for any
> particular reason?

I think the shell's been around longer than snprintf has been
widespread.  It will need checking in configure and variant code; the
latter makes the shell less safe overall.

> The patch below just changes the array to [64], it
> should be some time before any system uses a 256-bit type for fds. If
> you guys have another preference for solving this, let me know

Shouldn't DIGBUFSIZE work?

pws

Follow-Ups:
- Re: Buffer overflow with long fd numbers in redirects
  - From: Mikael Magnusson

References:
- Buffer overflow with long fd numbers in redirects
  - From: Mikael Magnusson

Messages sorted by: Reverse Date, Date, Thread, Author