]> Dogcows Code - chaz/tar/commitdiff
Fix eventual memory override and fd exhaustion in create.c
authorSergey Poznyakoff <gray@gnu.org.ua>
Mon, 8 Mar 2010 10:27:23 +0000 (12:27 +0200)
committerSergey Poznyakoff <gray@gnu.org.ua>
Mon, 8 Mar 2010 10:27:23 +0000 (12:27 +0200)
Both bugs reported by Kamil Dudka.

* src/create.c (check_exclusion_tags): Do not keep
pointer to a location within tagname: it may change
after xrealloc. Use byte offset instead.
(dump_file0): Close fd before returning without
dumping the directory.

src/create.c

index 209e428ef820fac8f5d51dec4fe2c7b40f84896d..c69d3406a1c859b52afd2695b9136e1bd9885b9a 100644 (file)
@@ -79,7 +79,7 @@ check_exclusion_tags (const char *dirname, const char **tag_file_name)
   struct exclusion_tag *tag;
   size_t dlen = strlen (dirname);
   int addslash = !ISSLASH (dirname[dlen-1]);
-  char *nptr = NULL;
+  size_t noff = 0;
   
   for (tag = exclusion_tags; tag; tag = tag->next)
     {
@@ -90,14 +90,14 @@ check_exclusion_tags (const char *dirname, const char **tag_file_name)
          tagname = xrealloc (tagname, tagsize);
        }
 
-      if (!nptr)
+      if (noff == 0)
        {
          strcpy (tagname, dirname);
-         nptr = tagname + dlen;
+         noff = dlen;
          if (addslash)
-           *nptr++ = '/';
+           tagname[noff++] = '/';
        }
-      strcpy (nptr, tag->name);
+      strcpy (tagname + noff, tag->name);
       if (access (tagname, F_OK) == 0
          && (!tag->predicate || tag->predicate (tagname)))
        {
@@ -1591,6 +1591,8 @@ dump_file0 (struct tar_stat_info *st, const char *p,
            {
              exclusion_tag_warning (st->orig_file_name, tag_file_name,
                                     _("directory not dumped"));
+             if (fd >= 0)
+               close (fd);
              return;
            }
          
This page took 0.025592 seconds and 4 git commands to generate.