#567 memory overflow caused by `basedir regex'

None
closed
nobody
None
1
2014-06-17
2014-06-10
Takao Shimayoshi
No

Problem:
If you set `basedir regex' some regular expression, it can cause memory overflow.

Cause:
The function getvolbypath() in libatalk/util/netatalk_conf.c assumes the length of matched string is the same as that of the regular expression. However, this is not always true.

Solution:
An attached patch fixes this problem.

Discussion

  • I couldn't attach a patch...
    The patch is the following.

    --- netatalk-3.1.2/libatalk/util/netatalk_conf.c.orig   2014-06-03 14:40:44.000000000 +0900
    +++ netatalk-3.1.2/libatalk/util/netatalk_conf.c        2014-06-10 18:09:46.003670031 +0900
    @@ -1682,7 +1682,7 @@
         strlcat(tmpbuf, "/", MAXPATHLEN);
    
         /* (5) */
    -    p = path + strlen(basedir);
    +    p = path + match[0].rm_eo - match[0].rm_so;
         while (*p == '/')
             p++;
         EC_NULL_LOG( user = strdup(p) );
    
     
    Last edit: Takao Shimayoshi 2014-06-10
  • Ralph Böhme
    Ralph Böhme
    2014-06-11

    Haven't tested your patch, but looks good, will merge for next 3.1 series update.

    Thanks for contributing!

     
  • Ralph Böhme
    Ralph Böhme
    2014-06-17

    • status: open --> closed
    • Group: -->