From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 19146 invoked from network); 7 May 2005 16:23:24 -0000 Received: from news.dotsrc.org (HELO a.mx.sunsite.dk) (130.225.247.88) by ns1.primenet.com.au with SMTP; 7 May 2005 16:23:24 -0000 Received: (qmail 32896 invoked from network); 7 May 2005 16:23:18 -0000 Received: from sunsite.dk (130.225.247.90) by a.mx.sunsite.dk with SMTP; 7 May 2005 16:23:18 -0000 Received: (qmail 29117 invoked by alias); 7 May 2005 16:23:15 -0000 Mailing-List: contact zsh-workers-help@sunsite.dk; run by ezmlm Precedence: bulk X-No-Archive: yes X-Seq: 21234 Received: (qmail 29107 invoked from network); 7 May 2005 16:23:15 -0000 Received: from news.dotsrc.org (HELO a.mx.sunsite.dk) (130.225.247.88) by sunsite.dk with SMTP; 7 May 2005 16:23:15 -0000 Received: (qmail 32576 invoked from network); 7 May 2005 16:23:15 -0000 Received: from vms042pub.verizon.net (206.46.252.42) by a.mx.sunsite.dk with SMTP; 7 May 2005 16:23:10 -0000 Received: from candle.brasslantern.com ([4.11.1.68]) by vms042.mailsrvcs.net (Sun Java System Messaging Server 6.2 HotFix 0.04 (built Dec 24 2004)) with ESMTPA id <0IG4008XWO6KCCW2@vms042.mailsrvcs.net> for zsh-workers@sunsite.dk; Sat, 07 May 2005 11:23:09 -0500 (CDT) Received: from candle.brasslantern.com (IDENT:schaefer@localhost [127.0.0.1]) by candle.brasslantern.com (8.12.11/8.12.11) with ESMTP id j47GN73L001186; Sat, 07 May 2005 09:23:07 -0700 Received: (from schaefer@localhost) by candle.brasslantern.com (8.12.11/8.12.11/Submit) id j47GN6gK001185; Sat, 07 May 2005 09:23:06 -0700 Date: Sat, 07 May 2005 16:23:05 +0000 From: Bart Schaefer Subject: Re: Obscure overflow with very long path; completion In-reply-to: To: mason@primenet.com.au, zsh-workers@sunsite.dk Message-id: <1050507162306.ZM1184@candle.brasslantern.com> MIME-version: 1.0 X-Mailer: Z-Mail (5.0.0 30July97) Content-type: text/plain; charset=us-ascii References: <200505031026.j43AQwBE014903@news01.csr.com> Comments: In reply to Geoff Wing "Re: Obscure overflow with very long path; completion" (May 6, 4:10am) X-Spam-Checker-Version: SpamAssassin 3.0.2 on a.mx.sunsite.dk X-Spam-Level: X-Spam-Status: No, score=-2.6 required=6.0 tests=AWL,BAYES_00 autolearn=ham version=3.0.2 X-Spam-Hits: -2.6 On May 6, 4:10am, Geoff Wing wrote: } Subject: Re: Obscure overflow with very long path; completion } } These two in utils.c: } static char xbuf[PATH_MAX*2]; } and } char xbuf2[PATH_MAX*2], ... } are insufficient because the path is over twice the allowed PATH_MAX } (1024) on my machine. Try this patch? My fear is that this is going to lead to slowness such as that fixed by the recent patches to the globbing code, but hopefully this isn't called quite as often. Index: Src/utils.c =================================================================== retrieving revision 1.23 diff -c -r1.23 utils.c --- Src/utils.c 14 Apr 2005 04:33:51 -0000 1.23 +++ Src/utils.c 7 May 2005 16:11:26 -0000 @@ -358,14 +358,19 @@ *p = '\0'; continue; } - sprintf(xbuf2, "%s/%s", xbuf, *pp); - t0 = readlink(unmeta(xbuf2), xbuf3, PATH_MAX); + if (ztrlen(xbuf) >= PATH_MAX-1 || ztrlen(*pp) >= PATH_MAX-1) { + t0 = -1; + } else { + sprintf(xbuf2, "%s/%s", xbuf, *pp); + t0 = readlink(unmeta(xbuf2), xbuf3, PATH_MAX); + } if (t0 == -1) { strcat(xbuf, "/"); strcat(xbuf, *pp); zsfree(*pp); } else { - ret = 1; + DPUTS(t0 == PATH_MAX, "BUG: overflow in readlink()"); + ret = 1; metafy(xbuf3, t0, META_NOALLOC); if (*xbuf3 == '/') { strcpy(xbuf, "");