diff options
| author | Jim Meyering <meyering@redhat.com> | 2008-03-27 12:18:25 +0100 |
|---|---|---|
| committer | Jim Meyering <meyering@redhat.com> | 2008-03-27 13:32:38 +0100 |
| commit | b58a8b4ef588ec8a365b920d12e27fdd71aa48d1 (patch) | |
| tree | 319fa5c7f3b3636f953271dca93f9a9b29c0b124 /src | |
| parent | 6743f8113658189cdc3d169616569e733403ee54 (diff) | |
| download | coreutils-b58a8b4ef588ec8a365b920d12e27fdd71aa48d1.tar.xz | |
paste -d\\: avoid heap overrun for backslash at end of delim list
* src/paste.c: Include "quotearg.h".
(collapse_escapes): Handle backslash-escaped backslash explicitly.
Handle unescaped backslash at end of string by returning nonzero,
rather than by overrunning memory.
(main): Diagnose an invalid delimiter list -- carefully.
Reported by Cristian Cadar, Daniel Dunbar and Dawson Engler.
* tests/misc/paste-no-nl (delim-bs): Add a test to demonstrate the
heap-smashing capability.
(delim-bs2): Prior to coreutils-5.1.2, this bug was a little harder
to demonstrate: it would corrupt a first-argument containing e.g., \b
* NEWS: Mention the bug fix.
* tests/misc/Makefile.am (TESTS): Reflect renaming.
* tests/misc/paste: Rename from paste-no-nl.
Signed-off-by: Jim Meyering <meyering@redhat.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/paste.c | 34 |
1 files changed, 30 insertions, 4 deletions
diff --git a/src/paste.c b/src/paste.c index 3cb84cf5e..20d695333 100644 --- a/src/paste.c +++ b/src/paste.c @@ -1,5 +1,5 @@ /* paste - merge lines of files - Copyright (C) 1997-2005 Free Software Foundation, Inc. + Copyright (C) 1997-2005, 2008 Free Software Foundation, Inc. Copyright (C) 1984 David M. Ihnat This program is free software: you can redistribute it and/or modify @@ -42,6 +42,7 @@ #include <sys/types.h> #include "system.h" #include "error.h" +#include "quotearg.h" /* The official name of this program (e.g., no `g' prefix). */ #define PROGRAM_NAME "paste" @@ -79,12 +80,17 @@ static struct option const longopts[] = /* Set globals delims and delim_end. Copy STRPTR to DELIMS, converting backslash representations of special characters in STRPTR to their actual values. The set of possible backslash characters has been expanded beyond - that recognized by the Unix version. */ + that recognized by the Unix version. + Return 0 upon success. + If the string ends in an odd number of backslashes, ignore the + final backslash and return nonzero. */ -static void +static int collapse_escapes (char const *strptr) { char *strout = xstrdup (strptr); + bool backslash_at_end = false; + delims = strout; while (*strptr) @@ -123,6 +129,14 @@ collapse_escapes (char const *strptr) *strout++ = '\v'; break; + case '\\': + *strout++ = '\\'; + break; + + case '\0': + backslash_at_end = true; + goto done; + default: *strout++ = *strptr; break; @@ -130,7 +144,11 @@ collapse_escapes (char const *strptr) strptr++; } } + + done:; + delim_end = strout; + return backslash_at_end ? 1 : 0; } /* Report a write error and exit. */ @@ -481,7 +499,15 @@ main (int argc, char **argv) if (optind == argc) argv[argc++] = "-"; - collapse_escapes (delim_arg); + if (collapse_escapes (delim_arg)) + { + /* Don't use the default quoting style, because that would double the + number of displayed backslashes, making the diagnostic look bogus. */ + set_quoting_style (NULL, escape_quoting_style); + error (EXIT_FAILURE, 0, + _("delimiter list ends with an unescaped backslash: %s"), + quotearg_colon (delim_arg)); + } if (!serial_merge) ok = paste_parallel (argc - optind, &argv[optind]); |