]>
git.ipfire.org Git - thirdparty/util-linux.git/commit
lib/path: fix possible out of boundary access
If fgets reads from a file starting with a NUL byte in ul_path_cpuparse,
then the check for newline leads to an out of boundary access.
Proof of Concept (compile with --enable-asan):
1. Prepare /tmp/poc with required files
```
$ install -d /tmp/poc/sys/devices/system/cpu
$ dd if=/dev/zero of=/tmp/poc/sys/devices/system/cpu/possible bs=1 count=1
$ install -D /dev/null /tmp/poc/proc/cpuinfo
```
2. Run lscpu with sysroot option
```
$ lscpu --sysroot /tmp/poc
=================================================================
==78238==ERROR: AddressSanitizer: heap-buffer-overflow
```
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>