!38 sed: fix symlink bufsize readlink check

From: @kouwq Reviewed-by: @dillon_chen Signed-off-by: @dillon_chen
2024-05-08 05:52:52 +00:00 · 2024-05-08 05:52:52 +00:00 · 1773e8e47c
commit 1773e8e47c
parent cb0f6906e2 5534c63c62
2 changed files with 81 additions and 1 deletions
--- a/backport-sed-fix-symlink-bufsize-readlink-check.patch
+++ b/backport-sed-fix-symlink-bufsize-readlink-check.patch
@ -0,0 +1,73 @@
+From 8f600f2df293d539e9e9137f6f82faa1633b97c1 Mon Sep 17 00:00:00 2001
+From: Paul Eggert <eggert@cs.ucla.edu>
+Date: Sat, 17 Dec 2022 20:56:29 -0800
+Subject: [PATCH] sed: fix symlink bufsize readlink check
+
+Problem reported by Hauke Mehrtens.
+* sed/utils.c (follow_symlink): Fix typo when checking size of
+second and later symlink, when that symlink is so large that it
+does not fit into the buffer.  Although the bug is not a buffer
+overflow, it does cause sed to mishandle the symlink.
+* testsuite/follow-symlinks.sh: Test for the bug.
+---
+ NEWS                         |  8 ++++++++
+ sed/utils.c                  |  2 +-
+ testsuite/follow-symlinks.sh | 13 +++++++++++++
+ 3 files changed, 22 insertions(+), 1 deletion(-)
+
+diff --git a/NEWS b/NEWS
+index b3db3bc..85a8db9 100644
+--- a/NEWS
+++ b/NEWS
+@@ -1,5 +1,13 @@
+ GNU sed NEWS                                    -*- outline -*-
+ 
+* Noteworthy changes in release ?.? (????-??-??) [?]
+
+** Bug fixes
+
+  'sed --follow-symlinks -i' no longer mishandles an operand that is a
+  short symbolic link to a long symbolic link to a file.
+  [bug introduced in sed 4.9]
+
+ * Noteworthy changes in release 4.9 (2022-11-06) [stable]
+ 
+ ** Bug fixes
+diff --git a/sed/utils.c b/sed/utils.c
+index 2952e8b..1ccda42 100644
+--- a/sed/utils.c
+++ b/sed/utils.c
+@@ -346,7 +346,7 @@ follow_symlink (const char *fname)
+       while ((linklen = (buf_used < buf_size
+                          ? readlink (fn, buf + buf_used, buf_size - buf_used)
+                          : 0))
+-             == buf_size)
+             == buf_size - buf_used)
+         {
+           buf = xpalloc (buf, &buf_size, 1, SSIZE_IDX_MAX, 1);
+           if (num_links)
+diff --git a/testsuite/follow-symlinks.sh b/testsuite/follow-symlinks.sh
+index 880a80e..c418804 100644
+--- a/testsuite/follow-symlinks.sh
+++ b/testsuite/follow-symlinks.sh
+@@ -73,4 +73,17 @@ compare_ exp-la-abs out-la-abs || fail=1
+ ln -s la-loop la-loop || framework_failure_
+ sed --follow-symlinks -i s/a/b/ la-loop && fail=1
+ 
+# symlink of length 128
+long=d/
+for i in 2 3 4 5 6 7; do
+  long=$long$long
+done
+dir=${long%/d/}
+file=$dir/xx
+mkdir -p $dir &&
+echo x >$file &&
+ln -s $file yy &&
+ln -s yy xx || framework_failure_
+sed -i --follow-symlinks s/x/y/ xx || fail=1
+
+ Exit $fail
+-- 
+2.23.0
+
--- a/sed.spec
+++ b/sed.spec
@ -1,6 +1,6 @@
 Name:	 sed
 Version: 4.9
-Release: 3
+Release: 4
 Summary: non-interactive command-line text editor

 License: GPLv3+
@ -8,6 +8,7 @@ URL:	 https://www.gnu.org/software/sed/
 Source0: http://ftp.gnu.org/gnu/sed/%{name}-%{version}.tar.xz

 Patch1:  backport-sed-c-flag.patch
+Patch2:  backport-sed-fix-symlink-bufsize-readlink-check.patch

 BuildRequires: gzip automake autoconf gcc
 BuildRequires: glibc-devel libselinux-devel libacl-devel perl-Getopt-Long
@ -52,6 +53,12 @@ make check
 %{_mandir}/man1/*.1.gz

 %changelog
+* Tue Apr 30 2024 kouwenqi <kouwenqi@kylinos.cn> - 4.9-4
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:fix symlink bufsize readlink check
+
 * Sun Apr 23 2023 zhangruifang <zhangruifang1@h-partners.com> - 4.9-3
 - Type:enhancement
 - ID:NA