From b58a8b4ef588ec8a365b920d12e27fdd71aa48d1 Mon Sep 17 00:00:00 2001 From: Jim Meyering Date: Thu, 27 Mar 2008 12:18:25 +0100 Subject: paste -d\\: avoid heap overrun for backslash at end of delim list * src/paste.c: Include "quotearg.h". (collapse_escapes): Handle backslash-escaped backslash explicitly. Handle unescaped backslash at end of string by returning nonzero, rather than by overrunning memory. (main): Diagnose an invalid delimiter list -- carefully. Reported by Cristian Cadar, Daniel Dunbar and Dawson Engler. * tests/misc/paste-no-nl (delim-bs): Add a test to demonstrate the heap-smashing capability. (delim-bs2): Prior to coreutils-5.1.2, this bug was a little harder to demonstrate: it would corrupt a first-argument containing e.g., \b * NEWS: Mention the bug fix. * tests/misc/Makefile.am (TESTS): Reflect renaming. * tests/misc/paste: Rename from paste-no-nl. Signed-off-by: Jim Meyering --- tests/misc/paste | 74 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) create mode 100755 tests/misc/paste (limited to 'tests/misc/paste') diff --git a/tests/misc/paste b/tests/misc/paste new file mode 100755 index 000000000..ab923a22a --- /dev/null +++ b/tests/misc/paste @@ -0,0 +1,74 @@ +#!/bin/sh +# -*- perl -*- +# Test paste. + +# Copyright (C) 2003, 2005, 2007-2008 Free Software Foundation, Inc. + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +: ${srcdir=.} +. $srcdir/../require-perl + +me=`echo $0|sed 's,.*/,,'` +exec $PERL -w -I$srcdir/.. -MCoreutils -M"CuTmpdir qw($me)" -- - <<\EOF +#/ +require 5.003; +use strict; + +(my $program_name = $0) =~ s|.*/||; + +# Turn off localization of executable's ouput. +@ENV{qw(LANGUAGE LANG LC_ALL)} = ('C') x 3; + +my $prog = 'paste'; +my $msg = "$prog: delimiter list ends with an unescaped backslash: "; + +my @Tests = + ( + # Ensure that paste properly handles files lacking a final newline. + ['no-nl-1', {IN=>"a"}, {IN=>"b"}, {OUT=>"a\tb\n"}], + ['no-nl-2', {IN=>"a\n"}, {IN=>"b"}, {OUT=>"a\tb\n"}], + ['no-nl-3', {IN=>"a"}, {IN=>"b\n"}, {OUT=>"a\tb\n"}], + ['no-nl-4', {IN=>"a\n"}, {IN=>"b\n"}, {OUT=>"a\tb\n"}], + + # Same as above, but with a two lines in each input file and + # the addition of the -d option to make SPACE be the output delimiter. + ['no-nla1', '-d" "', {IN=>"1\na"}, {IN=>"2\nb"}, {OUT=>"1 2\na b\n"}], + ['no-nla2', '-d" "', {IN=>"1\na\n"}, {IN=>"2\nb"}, {OUT=>"1 2\na b\n"}], + ['no-nla3', '-d" "', {IN=>"1\na"}, {IN=>"2\nb\n"}, {OUT=>"1 2\na b\n"}], + ['no-nla4', '-d" "', {IN=>"1\na\n"}, {IN=>"2\nb\n"}, {OUT=>"1 2\na b\n"}], + + # Specifying a delimiter with a trailing backslash would overrun a + # malloc'd buffer. + ['delim-bs1', q!-d'\'!, {IN=>{'a'x50=>''}}, {EXIT => 1}, + # We print a single backslash into the expected output, so need four + # (two, each escaped) here. + {ERR => $msg . q!\\\\! . "\n"} ], + + # Prior to coreutils-5.1.2, this sort of abuse would make paste + # scribble on command-line arguments. With paste from coreutils-5.1.0, + # this example would mangle the first file name argument, if it contains + # accepted backslash-escapes: + # $ paste -d\\ '123\b\b\b.....@' 2>&1 |cat -A + # paste: 23^H^H^H.....@...@: No such file or directory$ + ['delim-bs2', q!-d'\'!, {IN=>{'123\b\b\b.....@'=>''}}, {EXIT => 1}, + {ERR => $msg . q!\\\\! . "\n"} ], + ); + +my $save_temps = $ENV{DEBUG}; +my $verbose = $ENV{VERBOSE}; + +my $fail = run_tests ($program_name, $prog, \@Tests, $save_temps, $verbose); +exit $fail; +EOF -- cgit v1.2.3-54-g00ecf