[BusyBox 0004644]: tar memory errors when called w/ incorrect arguments

bugs at busybox.net bugs at busybox.net
Thu Aug 21 06:45:31 UTC 2008


A NOTE has been added to this issue. 
====================================================================== 
http://busybox.net/bugs/view.php?id=4644 
====================================================================== 
Reported By:                cristic
Assigned To:                BusyBox
====================================================================== 
Project:                    BusyBox
Issue ID:                   4644
Category:                   Other
Reproducibility:            always
Severity:                   minor
Priority:                   normal
Status:                     assigned
====================================================================== 
Date Submitted:             08-18-2008 18:51 PDT
Last Modified:              08-20-2008 23:45 PDT
====================================================================== 
Summary:                    tar memory errors when called w/ incorrect arguments
Description: 
Test cases:

$./tar tf_ /
tar: can't open �N�NOOO/O5OFOMO^OgOxO�O�O�O': No such file or
directory

$ ./tar tfx /
tar: can't open '       ��x     ��x     �x     �x     �x    
/�x     5�x    F�x      M�x     ^�x     g�x     x�x    
��x     ��x     ��x     ': No such file or directory

This should be rejected by tar, as in GNU tar:
$ tar tf_ /
tar: invalid option -- _
Try `tar --help' or `tar --usage' for more information.

tar tfx /
tar: You may not specify more than one `-Acdtrux' option
Try `tar --help' or `tar --usage' for more information.


The problem is that when getopt32 is called at tar.c:835, tar_filename 
is set incorrectly, and later invalid memory is read from tar_filename,
as
on line tar.c:931 (if (LONE_DASH(tar_filename)) ...)

Thanks,
Cristian

====================================================================== 

---------------------------------------------------------------------- 
 vda - 08-19-08 15:10  
---------------------------------------------------------------------- 
Does not happen to me on current svn. 

---------------------------------------------------------------------- 
 cristic - 08-20-08 23:45  
---------------------------------------------------------------------- 
Yes, it looks like this got fixed by the recent changes
to the code, most likely the ones to getopt32.  I think 
it's fine to close it now. 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
08-18-08 18:51  cristic        New Issue                                    
08-18-08 18:51  cristic        Status                   new => assigned     
08-18-08 18:51  cristic        Assigned To               => BusyBox         
08-19-08 15:10  vda            Note Added: 0010524                          
08-20-08 23:45  cristic        Note Added: 0010574                          
======================================================================




More information about the busybox-cvs mailing list