Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: Buffer overflow with long fd numbers in redirects

X-seq: zsh-workers 33369
From: Mikael Magnusson <mikachu@xxxxxxxxx>
To: Peter Stephenson <p.stephenson@xxxxxxxxxxx>
Subject: Re: Buffer overflow with long fd numbers in redirects
Date: Mon, 6 Oct 2014 16:58:11 +0200
Cc: zsh workers <zsh-workers@xxxxxxx>
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=nSZ/9pYPDScn5yUR37jIWucKFgC21dE3mZojkuLbEVE=; b=TVrtxMi1CJnxO2uP8qhtiRIYAyoYskFjieAl/BFlhEShElePl581bofHBuBV8HbzeR 9gIlEW6PvS/i9n+ZqQGDua6hueRMnVxdZtc1Ked4aMKGtJYju5UZoi3e2O/atoBu5qSV UYdKbZMdDKezxVWBxtUvJXZ1l/qMMMyAYqm4ZaUknd6PSLENjp8sb+wDmi+4s6WfL6oS /0vNKbtqTeQD4xaImlOUqmA19GeOW7hphAEHL81vLsFqHuPNhf5ldBDAYantmCnJyHG1 8bVGTzBkhEOb8mebPCucDoSXD1Q//UFG5SJptHZRwx27i/tPYd4ayv4egq3czC4Rov/M qsfQ==
In-reply-to: <20141006150900.4df5e556@pwslap01u.europe.root.pri>
List-help: <mailto:zsh-workers-help@zsh.org>
List-id: Zsh Workers List <zsh-workers.zsh.org>
List-post: <mailto:zsh-workers@zsh.org>
Mailing-list: contact zsh-workers-help@xxxxxxx; run by ezmlm
References: <CAHYJk3QeCiKGuohbduaFa9cct48oL4c2+weEQKsWpr91EM_YkQ@mail.gmail.com> <20141006150900.4df5e556@pwslap01u.europe.root.pri>

On 6 October 2014 16:09, Peter Stephenson <p.stephenson@xxxxxxxxxxx> wrote:
> On Mon, 06 Oct 2014 16:00:44 +0200
> Mikael Magnusson <mikachu@xxxxxxxxx> wrote:
>> Obviously anything over 999 will not fit in fdstr[]. I just checked
>> and it appears we do not use snprintf anywhere, is this for any
>> particular reason?
>
> I think the shell's been around longer than snprintf has been
> widespread.  It will need checking in configure and variant code; the
> latter makes the shell less safe overall.
>
>> The patch below just changes the array to [64], it
>> should be some time before any system uses a 256-bit type for fds. If
>> you guys have another preference for solving this, let me know
>
> Shouldn't DIGBUFSIZE work?
>
> pws

Ah, I was unaware of such a thing. I'll commit it with that instead
then, thanks!

-- 
Mikael Magnusson

Follow-Ups:
- Re: Buffer overflow with long fd numbers in redirects
  - From: Peter Stephenson

References:
- Buffer overflow with long fd numbers in redirects
  - From: Mikael Magnusson
- Re: Buffer overflow with long fd numbers in redirects
  - From: Peter Stephenson

Messages sorted by: Reverse Date, Date, Thread, Author