[parted-devel] [PATCH] Fix potential command line buffer overflow

[Simon Xu]

parted terminates with 'stack smashing detected' when fed with a long command
line argument, and segfaults when the argument is long enough:

root # /sbin/parted /dev/sda $(perl -e 'print "a"x265')
*** stack smashing detected ***: /sbin/parted terminated
...
Aborted

root # /sbin/parted /dev/sda $(perl -e 'print "a"x328')
*** stack smashing detected ***: /sbin/parted terminated
...
Command History:
Segmentation fault

parted should be able to detect it and exit with error and usage messages.
This also makes command line buffer overflow exploit more possible.  Fix it by
adding length check in the condition of the for loop where command line
arguments are copied.

Signed-off-by: Simon Xu <xu.simon at oracle.com>
---
 parted/ui.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/parted/ui.c b/parted/ui.c
index 4f42b7c..d421768 100644
--- a/parted/ui.c
+++ b/parted/ui.c
@@ -728,7 +728,7 @@ command_line_push_line (const char* line, int multi_word)
                         line++;
 
                 i = 0;
-                for (; *line; line++) {
+                for (; *line && i < sizeof (this_word) - 1; line++) {
                         if (*line == ' ' && !quoted) {
                                 if (multi_word)
                                         break;
-- 
2.18.0