0001520: Incorrect usage of strncat in coreutils/stat.c

BusyBox Bug and Patch Tracking

Viewing Issue Simple Details [ Jump to Notes ]

[ View Advanced ] [ Issue History ] [ Print ]

Category

Severity

Reproducibility

Date Submitted

Last Update

0001520

[BusyBox] Security

minor

always

10-04-07 00:19

10-05-07 13:32

Reporter

d3z

View Status

public

Assigned To

BusyBox

Priority

normal

Resolution

fixed

Status

closed

Product Version

svn

Summary

0001520: Incorrect usage of strncat in coreutils/stat.c

Description

coreutils/stat.c contains numerous instances of 'strncat' that are incorrect.

strncat(pformat, "s", buf_len);

should instead read something like:

strncat(pformat, "s", buf_len-strlen(pformat)-1);

This could cause a buffer overflow if the buffer size computations were incorrect.

Additional Information

Attached Files

Relationships

Notes
(0002812) vda 10-05-07 13:32	Can be replaced by plain strcat, we do have enough buffer space there. Fixed in svn, thanks. function old new delta printfs - 28 +28 strcatc - 26 +26 human_time 41 44 +3 print_it 229 219 -10 buf 30 - -30 print_statfs 420 358 -62 print_stat 1089 921 -168 ------------------------------------------------------------------------------ (add/remove: 2/1 grow/shrink: 1/3 up/down: 57/-270) Total: -213 bytes text data bss dec hex filename 771105 1029 9552 781686 bed76 busybox_old 770892 1029 9520 781441 bec81 busybox_unstripped

Issue History
Date Modified	Username	Field	Change
10-04-07 00:19	d3z	New Issue
10-04-07 00:19	d3z	Status	new => assigned
10-04-07 00:19	d3z	Assigned To	=> BusyBox
10-05-07 13:32	vda	Status	assigned => closed
10-05-07 13:32	vda	Note Added: 0002812
10-05-07 13:32	vda	Resolution	open => fixed