[patch] fix heap-buffer-overflow in custom_canonicalize_pathname()

[mc-butler]

Important

This issue was migrated from Trac:

Origin	https://midnight-commander.org/ticket/3437
Reporter	and

fix heap-buffer-overflow in lib/utilunix.c:custom_canonicalize_pathname()
only use strncmp when path has enough room (greater then url_delim_len size)
overflow happen when path = './'

(found by AddressSanitizer)

==7448==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000079d6f at pc 0x000000458ebe bp 0x7fffc02b6580 sp 0x7fffc02b5d38
READ of size 1 at 0x602000079d6f thread T0

#0 0x458ebd in interceptor_strncmp (/tmp/portage/app-misc/mc-9999/work/mc-9999/src/mc+0x458ebd)
#1 0x644312 in custom_canonicalize_pathname /tmp/portage/app-misc/mc-9999/work/mc-9999/lib/utilunix.c:897:20
#2 0x64594f in mc_build_filenamev /tmp/portage/app-misc/mc-9999/work/mc-9999/lib/utilunix.c:1335:13
#3 0x645fc1 in mc_build_filename /tmp/portage/app-misc/mc-9999/work/mc-9999/lib/utilunix.c:1373:11
#4 0x5e07a0 in vfs_canon /tmp/portage/app-misc/mc-9999/work/mc-9999/lib/vfs/path.c:159:21
#5 0x5e064a in vfs_path_from_str_flags /tmp/portage/app-misc/mc-9999/work/mc-9999/lib/vfs/path.c:736:16
#6 0x7c036b in panel_operate /tmp/portage/app-misc/mc-9999/work/mc-9999/src/filemanager/file.c:2725:22
#7 0x79c4ce in rename_cmd /tmp/portage/app-misc/mc-9999/work/mc-9999/src/filemanager/cmd.c:810:9
#8 0x5a43e2 in midnight_execute_cmd /tmp/portage/app-misc/mc-9999/work/mc-9999/src/filemanager/midnight.c:1312:9
#9 0x519607 in buttonbar_callback /tmp/portage/app-misc/mc-9999/work/mc-9999/lib/widget/buttonbar.c:172:42
#10 0x5307d5 in dlg_try_hotkey /tmp/portage/app-misc/mc-9999/work/mc-9999/lib/widget/dialog.c:465:23
#11 0x52efba in dlg_key_event /tmp/portage/app-misc/mc-9999/work/mc-9999/lib/widget/dialog.c:510:19
#12 0x52f906 in frontend_dlg_run /tmp/portage/app-misc/mc-9999/work/mc-9999/lib/widget/dialog.c:571:9
#13 0x52f525 in dlg_run /tmp/portage/app-misc/mc-9999/work/mc-9999/lib/widget/dialog.c:1268:5
#14 0x59fc1a in do_nc /tmp/portage/app-misc/mc-9999/work/mc-9999/src/filemanager/midnight.c:1763:9
#15 0x4fa648 in main /tmp/portage/app-misc/mc-9999/work/mc-9999/src/main.c:418:21
#16 0x7f5d3f202133 in libc_start_main (/lib64/libc.so.6+0x20133)
#17 0x44eff6 in _start (/tmp/portage/app-misc/mc-9999/work/mc-9999/src/mc+0x44eff6)

Signed-off-by: Andreas Mohr <​and@gmx.li>

Note

Original attachments:

• mc-3437-fix-overflow-custom_canonicalize_pathname.patch (raw) by and on Apr 6, 2015 at 13:49 UTC

[mc-butler]

Changed by and on Apr 6, 2015 at 13:49 UTC

• Attachment mc-3437-fix-overflow-custom_canonicalize_pathname.patch (raw) added

[mc-butler]

Changed by andrew_b (@aborodin) on Apr 11, 2015 at 10:10 UTC

• Blocked by set to #3420

[mc-butler]

Changed by andrew_b (@aborodin) on May 3, 2015 at 16:52 UTC

• Blocked by #3420 deleted

[mc-butler]

Changed by andrew_b (@aborodin) on May 3, 2015 at 17:04 UTC (comment 3)

• Milestone changed from Future Releases to 4.8.15
• Status changed from new to closed
• Votes set to committed-master
• Resolution set to fixed

Thanks!
Applied as [4821259].