-$Id: CHANGES,v 1.44 2000/02/26 01:35:48 stelian Exp $
+$Id: CHANGES,v 1.45 2000/03/01 10:16:05 stelian Exp $
Changes between versions 0.4b14 and 0.4b15 (released ?????????????????)
=======================================================================
1. Added a prompt command in interactive restore mode. Thanks
to Andreas Dilger <adilger@home.com> for the patch.
+2. Fixed a buffer overflow problem in dump (caused by
+ not checking the size of the filesystem parameter).
+ Thanks to Kim Yong-jun <loveyou@hackerslab.org> for
+ reporting this on Bugtraq (and to several dump users
+ who forwarded me his mail).
+
Changes between versions 0.4b13 and 0.4b14 (released February 10, 2000)
=======================================================================
-$Id: THANKS,v 1.22 2000/02/26 01:35:48 stelian Exp $
+$Id: THANKS,v 1.23 2000/03/01 10:16:05 stelian Exp $
Dump and restore were written by the people of the CSRG at the University
of California, Berkeley.
Daniel Veillard Daniel.Veillard@imag.fr
Jason Venner jason@idiom.com
Christian Weisgerber naddy@mips.rhein-neckar.de
+Kim Yong-jun loveyou@hackerslab.org
* Remy Card <card@Linux.EU.Org>, 1994-1997
* Stelian Pop <pop@cybercable.fr>, 1999-2000
*
- * $Id: dump.h,v 1.11 2000/02/26 01:35:48 stelian Exp $
+ * $Id: dump.h,v 1.12 2000/03/01 10:16:05 stelian Exp $
*/
/*-
#define MAXINOPB (MAXBSIZE / sizeof(struct dinode))
#define MAXNINDIR (MAXBSIZE / sizeof(daddr_t))
-#ifndef NAME_MAX
-#define NAME_MAX 255
-#endif
-
/*
* Dump maps used to describe what is to be dumped.
*/
* All calculations done in 0.1" units!
*/
char *disk; /* name of the disk file */
-char tape[NAME_MAX]; /* name of the tape file */
+char tape[MAXPATHLEN]; /* name of the tape file */
char *tapeprefix; /* prefix of the tape file */
char *dumpdates; /* name of the file containing dump date information*/
char lastlevel; /* dump level of previous dump */
* a linked list, and then (eventually) arrayified.
*/
struct dumpdates {
- char dd_name[NAME_MAX+3];
+ char dd_name[MAXPATHLEN+3];
char dd_level;
time_t dd_ddate;
};
#ifndef lint
static const char rcsid[] =
- "$Id: itime.c,v 1.9 2000/01/21 10:17:41 stelian Exp $";
+ "$Id: itime.c,v 1.10 2000/03/01 10:16:05 stelian Exp $";
#endif /* not lint */
#include <sys/param.h>
/* device name */
if ( NULL == (tok = strsep( &tbuf, " ")) )
return(-1);
- if ( strlen(tok) > NAME_MAX )
+ if ( strlen(tok) > MAXPATHLEN )
return(-1);
strcpy(ddp->dd_name, tok);
#ifndef lint
static const char rcsid[] =
- "$Id: main.c,v 1.16 2000/02/26 01:35:48 stelian Exp $";
+ "$Id: main.c,v 1.17 2000/03/01 10:16:05 stelian Exp $";
#endif /* not lint */
#include <sys/param.h>
ino_t maxino;
#ifdef __linux__
errcode_t retval;
- char directory[NAME_MAX];
- char pathname[NAME_MAX];
+ char directory[MAXPATHLEN];
+ char pathname[MAXPATHLEN];
#endif
time_t tnow;
char labelstr[LBLSIZE];
exit(X_STARTUP);
}
disk = *argv++;
+ if (strlen(disk) > MAXPATHLEN) {
+ (void)fprintf(stderr, "Disk or filesystem name too long: %s\n", disk);
+ exit(X_STARTUP);
+ }
argc--;
if (argc >= 1) {
(void)fprintf(stderr, "Unknown arguments to dump:");
}
if (Mflag)
- snprintf(tape, NAME_MAX, "%s%03d", tapeprefix, tapeno + 1);
+ snprintf(tape, MAXPATHLEN, "%s%03d", tapeprefix, tapeno + 1);
else
- strncpy(tape, tapeprefix, NAME_MAX);
- tape[NAME_MAX - 1] = '\0';
+ strncpy(tape, tapeprefix, MAXPATHLEN);
+ tape[MAXPATHLEN - 1] = '\0';
if (!sizest) {
#ifndef lint
static const char rcsid[] =
- "$Id: tape.c,v 1.13 2000/02/26 01:35:48 stelian Exp $";
+ "$Id: tape.c,v 1.14 2000/03/01 10:16:05 stelian Exp $";
#endif /* not lint */
#ifdef __linux__
*/
tapeno++; /* current tape sequence */
if (Mflag) {
- snprintf(tape, NAME_MAX, "%s%03d", tapeprefix, tapeno);
- tape[NAME_MAX - 1] = '\0';
+ snprintf(tape, MAXPATHLEN, "%s%03d", tapeprefix, tapeno);
+ tape[MAXPATHLEN - 1] = '\0';
msg("Dumping volume %d on %s\n", tapeno, tape);
}
else if (nexttape || strchr(tapeprefix, ',')) {
nexttape = p + 1;
} else
nexttape = NULL;
- strncpy(tape, tapeprefix, NAME_MAX);
- tape[NAME_MAX - 1] = '\0';
+ strncpy(tape, tapeprefix, MAXPATHLEN);
+ tape[MAXPATHLEN - 1] = '\0';
msg("Dumping volume %d on %s\n", tapeno, tape);
}
#ifdef RDUMP
#ifndef lint
static const char rcsid[] =
- "$Id: dirs.c,v 1.8 2000/02/10 09:42:32 stelian Exp $";
+ "$Id: dirs.c,v 1.9 2000/03/01 10:16:05 stelian Exp $";
#endif /* not lint */
#include <sys/param.h>
if ((dp->d_reclen & 0x3) != 0 ||
dp->d_reclen > i ||
dp->d_reclen < DIRSIZ(0, dp) ||
- dp->d_namlen > NAME_MAX) {
+ dp->d_namlen > MAXNAMLEN) {
Vprintf(stdout, "Mangled directory: ");
if ((dp->d_reclen & 0x3) != 0)
Vprintf(stdout,
Vprintf(stdout,
"reclen less than DIRSIZ (%d < %d) ",
dp->d_reclen, DIRSIZ(0, dp));
- if (dp->d_namlen > NAME_MAX)
+ if (dp->d_namlen > MAXNAMLEN)
Vprintf(stdout,
"reclen name too big (%d > %d) ",
- dp->d_namlen, NAME_MAX);
+ dp->d_namlen, MAXNAMLEN);
Vprintf(stdout, "\n");
loc += i;
continue;
#ifndef lint
static const char rcsid[] =
- "$Id: symtab.c,v 1.7 2000/01/21 10:17:41 stelian Exp $";
+ "$Id: symtab.c,v 1.8 2000/03/01 10:16:05 stelian Exp $";
#endif /* not lint */
/*
#define STRTBLINCR (sizeof(struct strhdr))
#define allocsize(size) (((size) + 1 + STRTBLINCR - 1) & ~(STRTBLINCR - 1))
-static struct strhdr strtblhdr[allocsize(NAME_MAX) / STRTBLINCR];
+static struct strhdr strtblhdr[allocsize(MAXNAMLEN) / STRTBLINCR];
/*
* Allocate space for a name. It first looks to see if it already
#ifndef lint
static const char rcsid[] =
- "$Id: tape.c,v 1.11 2000/01/21 10:17:41 stelian Exp $";
+ "$Id: tape.c,v 1.12 2000/03/01 10:16:05 stelian Exp $";
#endif /* not lint */
#include <sys/param.h>
static long fssize = MAXBSIZE;
static int mt = -1;
static int pipein = 0;
-static char magtape[NAME_MAX];
-static char magtapeprefix[NAME_MAX];
+static char magtape[MAXPATHLEN];
+static char magtapeprefix[MAXPATHLEN];
static int blkcnt;
static int numtrec;
static char *tapebuf;
}
setuid(getuid()); /* no longer need or want root privileges */
if (Mflag) {
- strncpy(magtapeprefix, source, NAME_MAX);
- magtapeprefix[NAME_MAX-1] = '\0';
- snprintf(magtape, NAME_MAX, "%s%03d", source, 1);
+ strncpy(magtapeprefix, source, MAXPATHLEN);
+ magtapeprefix[MAXPATHLEN-1] = '\0';
+ snprintf(magtape, MAXPATHLEN, "%s%03d", source, 1);
}
else
- strncpy(magtape, source, NAME_MAX);
- magtape[NAME_MAX - 1] = '\0';
+ strncpy(magtape, source, MAXPATHLEN);
+ magtape[MAXPATHLEN - 1] = '\0';
}
void
}
closemt();
if (Mflag) {
- snprintf(magtape, NAME_MAX, "%s%03ld", magtapeprefix, newvol);
- magtape[NAME_MAX - 1] = '\0';
+ snprintf(magtape, MAXPATHLEN, "%s%03ld", magtapeprefix, newvol);
+ magtape[MAXPATHLEN - 1] = '\0';
}
if (!Mflag || haderror) {
haderror = 0;
git.wh0rd.org / dump.git / commitdiff
