[uClibc-cvs] [uClibc 0000335]: potential null pointer access in glob_pattern_p() and extra byte in "/"

bugs at busybox.net bugs at busybox.net
Tue Jul 12 17:28:32 UTC 2005


A NOTE has been added to this issue. 
====================================================================== 
http://busybox.net/bugs/view.php?id=335 
====================================================================== 
Reported By:                wmq
Assigned To:                uClibc
====================================================================== 
Project:                    uClibc
Issue ID:                   335
Category:                   Architecture Specific
Reproducibility:            always
Severity:                   minor
Priority:                   normal
Status:                     assigned
====================================================================== 
Date Submitted:             07-11-2005 10:13 PDT
Last Modified:              07-12-2005 10:28 PDT
====================================================================== 
Summary:                    potential null pointer access in glob_pattern_p()
and extra byte in "/"
Description: 
1. glob_pattern_p():
 potential null pointer access when P++ which caused ftp server terminates
the ftp client.
2. when list "/" in ftp, due to prefix_array() doesn't set the "/?" to
"/",  the ftp client will be terminated because the root directory doesn't
exist.
====================================================================== 

---------------------------------------------------------------------- 
 vapier - 07-11-05 18:43  
---------------------------------------------------------------------- 
yeah, glibc had this in their updated glob.c:
        case '\\':
        if (quote && p[1] != '\0')
            ++p;
        break;

so i've committed this 

---------------------------------------------------------------------- 
 vapier - 07-11-05 20:11  
---------------------------------------------------------------------- 
glibc uses this:
      qsort ((__ptr_t) &pglob->gl_pathv[oldcount],
         pglob->gl_pathc + pglob->gl_offs - oldcount,

but you use this:
    qsort ((__ptr_t) &pglob->gl_pathv[oldcount + pglob->gl_offs],
      pglob->gl_pathc - oldcount - pglob->gl_offs, 

---------------------------------------------------------------------- 
 wmq - 07-12-05 10:28  
---------------------------------------------------------------------- 
I changed the qsort call long time ago, so I don't remember clearly. try
using "ls *" in ftp client and see the difference. 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
07-11-05 10:13  wmq            New Issue                                    
07-11-05 10:13  wmq            File Added: glob.c.mod                       
07-11-05 18:43  vapier         Note Added: 0000279                          
07-11-05 20:11  vapier         Note Added: 0000280                          
07-12-05 10:28  wmq            Note Added: 0000282                          
======================================================================




More information about the uClibc-cvs mailing list