| b.liu | e958203 | 2025-04-17 19:18:16 +0800 | [diff] [blame] | 1 | From 8f600f2df293d539e9e9137f6f82faa1633b97c1 Mon Sep 17 00:00:00 2001 |
| 2 | From: Paul Eggert <eggert@cs.ucla.edu> |
| 3 | Date: Sat, 17 Dec 2022 20:56:29 -0800 |
| 4 | Subject: [PATCH] sed: fix symlink bufsize readlink check |
| 5 | |
| 6 | Problem reported by Hauke Mehrtens. |
| 7 | * sed/utils.c (follow_symlink): Fix typo when checking size of |
| 8 | second and later symlink, when that symlink is so large that it |
| 9 | does not fit into the buffer. Although the bug is not a buffer |
| 10 | overflow, it does cause sed to mishandle the symlink. |
| 11 | * testsuite/follow-symlinks.sh: Test for the bug. |
| 12 | --- |
| 13 | sed/utils.c | 2 +- |
| 14 | testsuite/follow-symlinks.sh | 13 +++++++++++++ |
| 15 | 3 files changed, 18 insertions(+), 1 deletion(-) |
| 16 | |
| 17 | --- a/sed/utils.c |
| 18 | +++ b/sed/utils.c |
| 19 | @@ -345,7 +345,7 @@ follow_symlink (const char *fname) |
| 20 | while ((linklen = (buf_used < buf_size |
| 21 | ? readlink (fn, buf + buf_used, buf_size - buf_used) |
| 22 | : 0)) |
| 23 | - == buf_size) |
| 24 | + == buf_size - buf_used) |
| 25 | { |
| 26 | buf = xpalloc (buf, &buf_size, 1, SSIZE_IDX_MAX, 1); |
| 27 | if (num_links) |
| 28 | --- a/testsuite/follow-symlinks.sh |
| 29 | +++ b/testsuite/follow-symlinks.sh |
| 30 | @@ -73,4 +73,17 @@ compare_ exp-la-abs out-la-abs || fail=1 |
| 31 | ln -s la-loop la-loop || framework_failure_ |
| 32 | sed --follow-symlinks -i s/a/b/ la-loop && fail=1 |
| 33 | |
| 34 | +# symlink of length 128 |
| 35 | +long=d/ |
| 36 | +for i in 2 3 4 5 6 7; do |
| 37 | + long=$long$long |
| 38 | +done |
| 39 | +dir=${long%/d/} |
| 40 | +file=$dir/xx |
| 41 | +mkdir -p $dir && |
| 42 | +echo x >$file && |
| 43 | +ln -s $file yy && |
| 44 | +ln -s yy xx || framework_failure_ |
| 45 | +sed -i --follow-symlinks s/x/y/ xx || fail=1 |
| 46 | + |
| 47 | Exit $fail |