[libiberty] Fix read buffer overflow in split_directories

Message ID 20191128211059.1979123-1-tim.ruehsen@gmx.de
State New
Headers show
Series
  • [libiberty] Fix read buffer overflow in split_directories
Related show

Commit Message

Tim Rühsen Nov. 28, 2019, 9:10 p.m.
An empty name param leads to read buffer overflow in
function split_directories.

* libiberty/make-relative-prefix.c (split_directories):
  Return early on empty name.
---
 libiberty/ChangeLog              | 7 +++++++
 libiberty/make-relative-prefix.c | 3 +++
 2 files changed, 10 insertions(+)

--
2.24.0

Comments

Ian Lance Taylor via gcc-patches Nov. 30, 2019, 1:12 a.m. | #1
On Thu, Nov 28, 2019 at 1:11 PM Tim Rühsen <tim.ruehsen@gmx.de> wrote:
>

> An empty name param leads to read buffer overflow in

> function split_directories.

>

> * libiberty/make-relative-prefix.c (split_directories):

>   Return early on empty name.

> ---

>  libiberty/ChangeLog              | 7 +++++++

>  libiberty/make-relative-prefix.c | 3 +++

>  2 files changed, 10 insertions(+)

>

> diff --git a/libiberty/ChangeLog b/libiberty/ChangeLog

> index b516903d94..b7e24d11ef 100644

> --- a/libiberty/ChangeLog

> +++ b/libiberty/ChangeLog

> @@ -1,3 +1,10 @@

> +2019-11-28  Tim Ruehsen  <tim.ruehsen@gmx.de>

> +

> +       Fix read buffer overflow in split_directories

> +

> +       * make-relative-prefix.c (split_directories):

> +       Return early on empty 'name'

> +


This is OK.

Thanks.

Ian
Jeff Law Dec. 6, 2019, 10:20 p.m. | #2
On Thu, 2019-11-28 at 22:10 +0100, Tim Rühsen wrote:
> An empty name param leads to read buffer overflow in

> function split_directories.

> 

> * libiberty/make-relative-prefix.c (split_directories):

>   Return early on empty name.

> ---

>  libiberty/ChangeLog              | 7 +++++++

>  libiberty/make-relative-prefix.c | 3 +++

>  2 files changed, 10 insertions(+)

> 

> diff --git a/libiberty/ChangeLog b/libiberty/ChangeLog

> index b516903d94..b7e24d11ef 100644

> --- a/libiberty/ChangeLog

> +++ b/libiberty/ChangeLog

> @@ -1,3 +1,10 @@

> +2019-11-28  Tim Ruehsen  <tim.ruehsen@gmx.de>

> +

> +       Fix read buffer overflow in split_directories

> +

> +       * make-relative-prefix.c (split_directories):

> +       Return early on empty 'name'

> +

THanks.  Installed on the trunk.
jeff

Patch

diff --git a/libiberty/ChangeLog b/libiberty/ChangeLog
index b516903d94..b7e24d11ef 100644
--- a/libiberty/ChangeLog
+++ b/libiberty/ChangeLog
@@ -1,3 +1,10 @@ 
+2019-11-28  Tim Ruehsen  <tim.ruehsen@gmx.de>
+
+	Fix read buffer overflow in split_directories
+
+	* make-relative-prefix.c (split_directories):
+	Return early on empty 'name'
+
 2019-11-16  Tim Ruehsen  <tim.ruehsen@gmx.de>

 	Fix write buffer overflow in cplus_demangle()
diff --git a/libiberty/make-relative-prefix.c b/libiberty/make-relative-prefix.c
index ec0b0ee749..2ff2af8a59 100644
--- a/libiberty/make-relative-prefix.c
+++ b/libiberty/make-relative-prefix.c
@@ -122,6 +122,9 @@  split_directories (const char *name, int *ptr_num_dirs)
   const char *p, *q;
   int ch;

+  if (!*name)
+    return NULL;
+
   /* Count the number of directories.  Special case MSDOS disk names as part
      of the initial directory.  */
   p = name;