[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
segfaults in CACHE_IDS code paths
From: |
Tobias Stoeckmann |
Subject: |
segfaults in CACHE_IDS code paths |
Date: |
Mon, 23 Feb 2015 22:04:59 +0100 |
Hi,
if id caching is activated during compilation, findutils is prone to two
segmentation faults. First, it fails to validate a range check in file
find/parser.c line 1750. If the group in /etc/groups has a gid that is
close to 2^32, the variable overflows in xmalloc and reserves not enough
memory, which will then be overridden with ones.
The other one happens when find encounters a group id that is higher
than the highest one in /etc/group. It uses the gid of the file as index
without validating ranges.
I would recommend to just remove the --enable-id-cache/CACHE_IDS code.
It has to be activated and I didn't encounter a Linux distribution that
activated it so far.
This shows how to reproduce the segfault pathes with group ids. The
same is true for user ids:
$ ./configure --enable-id-cache && make
$ ./find/find --version
find (GNU findutils) 4.5.15-git
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Written by Eric B. Decker, James Youngman, and Kevin Dalley.
Features enabled: CACHE_IDS D_TYPE O_NOFOLLOW(enabled) LEAF_OPTIMISATION
FTS(FTS_CWDFD) CBO(level=2)
$ sudo groupadd -g 4294965248 crash
$ ./find/find -nogroup
Segmentation fault
$ sudo groupdel crash
$ touch myfile
$ sudo chgrp 2000000 myfile
$ ./find/find -nogroup
Segmentation fault
Tobias
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- segfaults in CACHE_IDS code paths,
Tobias Stoeckmann <=