[parted-devel] [PATCH] Fix potential command line buffer overflow
Simon Xu
xu.simon at oracle.com
Mon Aug 20 13:31:26 BST 2018
parted terminates with 'stack smashing detected' when fed with a long command
line argument, and segfaults when the argument is long enough:
root # /sbin/parted /dev/sda $(perl -e 'print "a"x265')
*** stack smashing detected ***: /sbin/parted terminated
...
Aborted
root # /sbin/parted /dev/sda $(perl -e 'print "a"x328')
*** stack smashing detected ***: /sbin/parted terminated
...
Command History:
Segmentation fault
parted should be able to detect it and exit with error and usage messages.
This also makes command line buffer overflow exploit more possible. Fix it by
adding length check in the condition of the for loop where command line
arguments are copied.
Signed-off-by: Simon Xu <xu.simon at oracle.com>
---
parted/ui.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/parted/ui.c b/parted/ui.c
index 4f42b7c..d421768 100644
--- a/parted/ui.c
+++ b/parted/ui.c
@@ -728,7 +728,7 @@ command_line_push_line (const char* line, int multi_word)
line++;
i = 0;
- for (; *line; line++) {
+ for (; *line && i < sizeof (this_word) - 1; line++) {
if (*line == ' ' && !quoted) {
if (multi_word)
break;
--
2.18.0
More information about the parted-devel
mailing list