netatalk / Bugs / #567 memory overflow caused by `basedir regex'

#567 memory overflow caused by `basedir regex'

Milestone: None

Status: closed

Owner: nobody

Labels: None

Priority: 1

Updated: 2014-06-17

Created: 2014-06-10

Creator: Takao Shimayoshi

Private: No

Problem:
If you set `basedir regex' some regular expression, it can cause memory overflow.

Cause:
The function getvolbypath() in libatalk/util/netatalk_conf.c assumes the length of matched string is the same as that of the regular expression. However, this is not always true.

Solution:
An attached patch fixes this problem.

Discussion

I couldn't attach a patch...
The patch is the following.

--- netatalk-3.1.2/libatalk/util/netatalk_conf.c.orig   2014-06-03 14:40:44.000000000 +0900
+++ netatalk-3.1.2/libatalk/util/netatalk_conf.c        2014-06-10 18:09:46.003670031 +0900
@@ -1682,7 +1682,7 @@
     strlcat(tmpbuf, "/", MAXPATHLEN);

     /* (5) */
-    p = path + strlen(basedir);
+    p = path + match[0].rm_eo - match[0].rm_so;
     while (*p == '/')
         p++;
     EC_NULL_LOG( user = strdup(p) );

Last edit: Takao Shimayoshi 2014-06-10

Ralph Böhme - 2014-06-11

Haven't tested your patch, but looks good, will merge for next 3.1 series update.

Thanks for contributing!

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Ralph Böhme - 2014-06-17

Fixed for 3.1.3 in [48434418007f625f292b16c99ee0dd7f9fcb1416].

Related

Commit: [484344]

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Ralph Böhme - 2014-06-17

status: open --> closed

Group: -->
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

memory overflow caused by `basedir regex'

Group

Searches

Help

#567 memory overflow caused by `basedir regex'

Discussion

Related