bin/95175: bsdtar core dump on non-existing symlink
Jin Guojun (DSD staff)
jin at george.lbl.gov
Fri Mar 31 23:10:22 UTC 2006
>Number: 95175
>Category: bin
>Synopsis: bsdtar core dump on non-existing symlink
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Mar 31 23:10:19 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: Jin Guojun (DSD staff)
>Release: FreeBSD 6.0-RELEASE i386
>Organization:
>Environment:
System: FreeBSD 6.0-RELEASE FreeBSD
FreeBSD 6.0 and 6.1-BETA4
>Description:
using command "tar -ch " to do archive. If there is empty
(non existing) symlink, tar will coredump due to no NULL pointer
checking.
>How-To-Repeat:
cd /tmp
mkdir test
ln -s /mnt/onwhere test
tar -chf /dev/null test
coredump ...
>Fix:
This happens in function write_hierarchy()
in /usr/src/usr.bin/tar/write.c file:
case 'L':
/* 'L': Do descend through a symlink to dir. */
/* 'L': Archive symlink to file as file. */
L 631 lst = tree_current_stat(tree);
break;
default:
...
L650 if (new_enough(bsdtar, name, lst)) {
write_entry(bsdtar, a, lst, name,
tree_current_pathlen(tree),
tree_current_access_path(tree));
}
-------------
Line 631 returns NULL to lst when the symlink points to non existing file
or directory. This is then passed to all codes at block start L650.
None of this routines check if the argument "lst" is NULL.
Eventually, it coredump in write_entry() function when *st (passed from lst)
is referenced.
lst must be checked before line 650 and proper branch needs to be taken
when lst is NULL (should be treated as regular symlink).
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list