packages/sed
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!38 sed: fix symlink bufsize readlink check

Browse Source 
From: @kouwq 
Reviewed-by: @dillon_chen 
Signed-off-by: @dillon_chen
This commit is contained in:
openeuler-ci-bot 2024-05-08 05:52:52 +00:00 committed by Gitee
commit 1773e8e47c
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 81 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
backport-sed-fix-symlink-bufsize-readlink-check.patch Normal file
View File

@ -0,0 +1,73 @@
From 8f600f2df293d539e9e9137f6f82faa1633b97c1 Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Sat, 17 Dec 2022 20:56:29 -0800
Subject: [PATCH] sed: fix symlink bufsize readlink check
Problem reported by Hauke Mehrtens.
* sed/utils.c (follow_symlink): Fix typo when checking size of
second and later symlink, when that symlink is so large that it
does not fit into the buffer. Although the bug is not a buffer
overflow, it does cause sed to mishandle the symlink.
* testsuite/follow-symlinks.sh: Test for the bug.
---
NEWS | 8 ++++++++
sed/utils.c | 2 +-
testsuite/follow-symlinks.sh | 13 +++++++++++++
3 files changed, 22 insertions(+), 1 deletion(-)
diff --git a/NEWS b/NEWS
index b3db3bc..85a8db9 100644
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,13 @@
GNU sed NEWS -*- outline -*-
+* Noteworthy changes in release ?.? (????-??-??) [?]
+
+** Bug fixes
+
+ 'sed --follow-symlinks -i' no longer mishandles an operand that is a
+ short symbolic link to a long symbolic link to a file.
+ [bug introduced in sed 4.9]
+
* Noteworthy changes in release 4.9 (2022-11-06) [stable]
** Bug fixes
diff --git a/sed/utils.c b/sed/utils.c
index 2952e8b..1ccda42 100644
--- a/sed/utils.c
+++ b/sed/utils.c
@@ -346,7 +346,7 @@ follow_symlink (const char *fname)
while ((linklen = (buf_used < buf_size
? readlink (fn, buf + buf_used, buf_size - buf_used)
: 0))
- == buf_size)
+ == buf_size - buf_used)
{
buf = xpalloc (buf, &buf_size, 1, SSIZE_IDX_MAX, 1);
if (num_links)
diff --git a/testsuite/follow-symlinks.sh b/testsuite/follow-symlinks.sh
index 880a80e..c418804 100644
--- a/testsuite/follow-symlinks.sh
+++ b/testsuite/follow-symlinks.sh
@@ -73,4 +73,17 @@ compare_ exp-la-abs out-la-abs || fail=1
ln -s la-loop la-loop || framework_failure_
sed --follow-symlinks -i s/a/b/ la-loop && fail=1
+# symlink of length 128
+long=d/
+for i in 2 3 4 5 6 7; do
+ long=$long$long
+done
+dir=${long%/d/}
+file=$dir/xx
+mkdir -p $dir &&
+echo x >$file &&
+ln -s $file yy &&
+ln -s yy xx || framework_failure_
+sed -i --follow-symlinks s/x/y/ xx || fail=1
+
Exit $fail
--
2.23.0

9
sed.spec
View File

@ -1,6 +1,6 @@
Name: sed Name: sed
Version: 4.9 Version: 4.9
Release: 3 Release: 4
Summary: non-interactive command-line text editor Summary: non-interactive command-line text editor
License: GPLv3+ License: GPLv3+
@ -8,6 +8,7 @@ URL: https://www.gnu.org/software/sed/
Source0: http://ftp.gnu.org/gnu/sed/%{name}-%{version}.tar.xz Source0: http://ftp.gnu.org/gnu/sed/%{name}-%{version}.tar.xz
Patch1: backport-sed-c-flag.patch Patch1: backport-sed-c-flag.patch
Patch2: backport-sed-fix-symlink-bufsize-readlink-check.patch
BuildRequires: gzip automake autoconf gcc BuildRequires: gzip automake autoconf gcc
BuildRequires: glibc-devel libselinux-devel libacl-devel perl-Getopt-Long BuildRequires: glibc-devel libselinux-devel libacl-devel perl-Getopt-Long
@ -52,6 +53,12 @@ make check
%{_mandir}/man1/*.1.gz %{_mandir}/man1/*.1.gz
%changelog %changelog
* Tue Apr 30 2024 kouwenqi <kouwenqi@kylinos.cn> - 4.9-4
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:fix symlink bufsize readlink check
* Sun Apr 23 2023 zhangruifang <zhangruifang1@h-partners.com> - 4.9-3 * Sun Apr 23 2023 zhangruifang <zhangruifang1@h-partners.com> - 4.9-3
- Type:enhancement - Type:enhancement
- ID:NA - ID:NA