From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <zsh-workers-return-33369-mason-zsh=primenet.com.au@zsh.org>
Received: (qmail 15879 invoked by alias); 6 Oct 2014 14:58:17 -0000
Mailing-List: contact zsh-workers-help@zsh.org; run by ezmlm
Precedence: bulk
X-No-Archive: yes
List-Id: Zsh Workers List <zsh-workers.zsh.org>
List-Post: <mailto:zsh-workers@zsh.org>
List-Help: <mailto:zsh-workers-help@zsh.org>
X-Seq: 33369
Received: (qmail 24082 invoked from network); 6 Oct 2014 14:58:16 -0000
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on f.primenet.com.au
X-Spam-Level: 
X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,URIBL_RHS_DOB
	autolearn=ham version=3.3.2
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=nSZ/9pYPDScn5yUR37jIWucKFgC21dE3mZojkuLbEVE=;
        b=TVrtxMi1CJnxO2uP8qhtiRIYAyoYskFjieAl/BFlhEShElePl581bofHBuBV8HbzeR
         9gIlEW6PvS/i9n+ZqQGDua6hueRMnVxdZtc1Ked4aMKGtJYju5UZoi3e2O/atoBu5qSV
         UYdKbZMdDKezxVWBxtUvJXZ1l/qMMMyAYqm4ZaUknd6PSLENjp8sb+wDmi+4s6WfL6oS
         /0vNKbtqTeQD4xaImlOUqmA19GeOW7hphAEHL81vLsFqHuPNhf5ldBDAYantmCnJyHG1
         8bVGTzBkhEOb8mebPCucDoSXD1Q//UFG5SJptHZRwx27i/tPYd4ayv4egq3czC4Rov/M
         qsfQ==
MIME-Version: 1.0
X-Received: by 10.50.4.9 with SMTP id g9mr21983626igg.42.1412607491643; Mon,
 06 Oct 2014 07:58:11 -0700 (PDT)
In-Reply-To: <20141006150900.4df5e556@pwslap01u.europe.root.pri>
References: <CAHYJk3QeCiKGuohbduaFa9cct48oL4c2+weEQKsWpr91EM_YkQ@mail.gmail.com>
	<20141006150900.4df5e556@pwslap01u.europe.root.pri>
Date: Mon, 6 Oct 2014 16:58:11 +0200
Message-ID: <CAHYJk3SX=bs4iMAWnX0ajHD1Zj6wp+_rj4FOQsT-CbYt2jfvJg@mail.gmail.com>
Subject: Re: Buffer overflow with long fd numbers in redirects
From: Mikael Magnusson <mikachu@gmail.com>
To: Peter Stephenson <p.stephenson@samsung.com>
Cc: zsh workers <zsh-workers@zsh.org>
Content-Type: text/plain; charset=UTF-8

On 6 October 2014 16:09, Peter Stephenson <p.stephenson@samsung.com> wrote:
> On Mon, 06 Oct 2014 16:00:44 +0200
> Mikael Magnusson <mikachu@gmail.com> wrote:
>> Obviously anything over 999 will not fit in fdstr[]. I just checked
>> and it appears we do not use snprintf anywhere, is this for any
>> particular reason?
>
> I think the shell's been around longer than snprintf has been
> widespread.  It will need checking in configure and variant code; the
> latter makes the shell less safe overall.
>
>> The patch below just changes the array to [64], it
>> should be some time before any system uses a 256-bit type for fds. If
>> you guys have another preference for solving this, let me know
>
> Shouldn't DIGBUFSIZE work?
>
> pws

Ah, I was unaware of such a thing. I'll commit it with that instead
then, thanks!

-- 
Mikael Magnusson