[sudo-workers] Bug in lbuf_append_quoted
Daniel Kopecek
dkopecek at redhat.com
Mon Aug 12 09:25:03 MDT 2013
On Mon, 12 Aug 2013 17:20:58 +0200
Daniel Kopecek <dkopecek at redhat.com> wrote:
> Hello,
> I've found a bug in lbuf_append_quoted, here's the diff:
>
> --- lbuf.c~ 2012-09-18 15:56:28.000000000 +0200
> +++ lbuf.c 2013-08-12 17:01:02.335470715 +0200
> -100,7 +100,7 @@
> if (lbuf->len + (len * 2) + 1 >= lbuf->size) {
> do {
> lbuf->size += 256;
> - } while (lbuf->len + len + 1 >= lbuf->size);
> + } while (lbuf->len + (len * 2) + 1 >= lbuf->size);
> lbuf->buf = erealloc(lbuf->buf, lbuf->size);
> }
> if (*fmt == '%') {
>
> it might cause a lbuf->size < lbuf->len condition in between
> lbuf_append* calls which in turn causes a realloc backtrace/abort...
>
> Dan K.
> ____________________________________________________________
> sudo-workers mailing list <sudo-workers at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-workers
Oops, sorry for the noise.
http://www.sudo.ws/repos/sudo/rev/6283ee562ef4 fixed that.
Dan K.
More information about the sudo-workers
mailing list