From: Samanta Navarro <ferivoz@riseup.net>
Date: Wed, 4 Nov 2020 11:32:00 +0000 (+0000)
Subject: whereis: fix out of boundary read
X-Git-Tag: v2.37-rc1~396^2~7
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=cd4142f7c3757f3337c20a971b98c673e68a66a1;p=thirdparty%2Futil-linux.git

whereis: fix out of boundary read

If whereis encounters a short file name then an out of boundary
read can occur.

Signed-off-by: Samanta Navarro <ferivoz@riseup.net>
---

diff --git a/misc-utils/whereis.c b/misc-utils/whereis.c
index 7a28a2c356..bc53a984a0 100644
--- a/misc-utils/whereis.c
+++ b/misc-utils/whereis.c
@@ -398,13 +398,13 @@ static int filename_equal(const char *cp, const char *dp)
 
 	if (dp[0] == 's' && dp[1] == '.' && filename_equal(cp, dp + 2))
 		return 1;
-	if (!strcmp(dp + i - 2, ".Z"))
+	if (i > 1 && !strcmp(dp + i - 2, ".Z"))
 		i -= 2;
-	else if (!strcmp(dp + i - 3, ".gz"))
+	else if (i > 2 && !strcmp(dp + i - 3, ".gz"))
 		i -= 3;
-	else if (!strcmp(dp + i - 3, ".xz"))
+	else if (i > 2 && !strcmp(dp + i - 3, ".xz"))
 		i -= 3;
-	else if (!strcmp(dp + i - 4, ".bz2"))
+	else if (i > 3 && !strcmp(dp + i - 4, ".bz2"))
 		i -= 4;
 	while (*cp && *dp && *cp == *dp)
 		cp++, dp++, i--;