Skip to content

Comments

Fix stack overflow in: inotifytools_replace_filename#104

Merged
ericcurtin merged 1 commit intoinotify-tools:masterfrom
jankratochvil:stack
Jan 27, 2020
Merged

Fix stack overflow in: inotifytools_replace_filename#104
ericcurtin merged 1 commit intoinotify-tools:masterfrom
jankratochvil:stack

Conversation

@jankratochvil
Copy link
Contributor

@jankratochvil jankratochvil commented Aug 15, 2019 

/var/cache/dnf/fedora-modular-42f5060c2cfa4ffa/ MOVED_TO,ISDIR repodata
*** stack smashing detected ***: <unknown> terminated
% #0  0x0000ffffa6d08c90 in raise () from /usr/lib64/libc.so.6
% #1  0x0000ffffa6cf6aa8 in abort () from /usr/lib64/libc.so.6
% #2  0x0000ffffa6d42acc in __libc_message () from /usr/lib64/libc.so.6
% #3  0x0000ffffa6db4f54 in __fortify_fail_abort () from /usr/lib64/libc.so.6
% #4  0x0000ffffa6db4f08 in __stack_chk_fail () from /usr/lib64/libc.so.6
% #5  0x0000ffffa6e4f958 in inotifytools_replace_filename (oldname=<optimized out>, newname=<optimized out>) at inotifytools.c:866
% #6  0x0000aaaab1b5de98 in main (argc=<optimized out>, argv=<optimized out>) at inotifywait.c:389

A simple fix would be:

	char *names[2+(sizeof(int)+sizeof(char*)-1)/sizeof(char*)];

A similar fix is in:

	inotify-tools_3.14-8.debian/debian/patches/0006-Fix-buffer-overrun-in-inotifytools.c.patch

I find the attached struct for callback data as a more clean and standard
solution.

@jankratochvil
Fix stack overflow in: inotifytools_replace_filename
cecbd5f 
```
/var/cache/dnf/fedora-modular-42f5060c2cfa4ffa/ MOVED_TO,ISDIR repodata
*** stack smashing detected ***: <unknown> terminated
% #0  0x0000ffffa6d08c90 in raise () from /usr/lib64/libc.so.6
% inotify-tools#1  0x0000ffffa6cf6aa8 in abort () from /usr/lib64/libc.so.6
% inotify-tools#2  0x0000ffffa6d42acc in __libc_message () from /usr/lib64/libc.so.6
% inotify-tools#3  0x0000ffffa6db4f54 in __fortify_fail_abort () from /usr/lib64/libc.so.6
% inotify-tools#4  0x0000ffffa6db4f08 in __stack_chk_fail () from /usr/lib64/libc.so.6
% inotify-tools#5  0x0000ffffa6e4f958 in inotifytools_replace_filename (oldname=<optimized out>, newname=<optimized out>) at inotifytools.c:866
% inotify-tools#6  0x0000aaaab1b5de98 in main (argc=<optimized out>, argv=<optimized out>) at inotifywait.c:389
```

A simple fix would be:
```
	char *names[2+(sizeof(int)+sizeof(char*)-1)/sizeof(char*)];
```

A similar fix is in:
```
	inotify-tools_3.14-8.debian/debian/patches/0006-Fix-buffer-overrun-in-inotifytools.c.patch
```

I find the attached struct for callback data as a more clean and standard
solution.
@jankratochvil jankratochvil mentioned this pull request Aug 15, 2019
Closed
@cyc1ingsir cyc1ingsir mentioned this pull request Dec 1, 2019
Closed
ericcurtin
ericcurtin approved these changes Jan 27, 2020
View reviewed changes
Copy link
Member

@ericcurtin ericcurtin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work, much more typesafe!

@ericcurtin ericcurtin merged commit ec484ca into inotify-tools:master Jan 27, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ericcurtin ericcurtin ericcurtin approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jankratochvil @ericcurtin