From keramida@ceid.upatras.gr  Tue May 28 15:53:05 2002
Return-Path: <keramida@ceid.upatras.gr>
Received: from mailsrv.otenet.gr (mailsrv.otenet.gr [195.170.0.5])
	by hub.freebsd.org (Postfix) with ESMTP id B494F37B405
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 28 May 2002 15:53:03 -0700 (PDT)
Received: from hades.hell.gr (patr530-b188.otenet.gr [212.205.244.196])
	by mailsrv.otenet.gr (8.12.3/8.12.3) with ESMTP id g4SMr0cE011388
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 29 May 2002 01:53:01 +0300 (EEST)
Received: from hades.hell.gr (hades [127.0.0.1])
	by hades.hell.gr (8.12.3/8.12.3) with ESMTP id g4SMqLQb057714
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 29 May 2002 01:52:21 +0300 (EEST)
	(envelope-from charon@hades.hell.gr)
Received: (from charon@localhost)
	by hades.hell.gr (8.12.3/8.12.3/Submit) id g4SMqK8n057710;
	Wed, 29 May 2002 01:52:20 +0300 (EEST)
	(envelope-from charon)
Message-Id: <200205282252.g4SMqK8n057710@hades.hell.gr>
Date: Wed, 29 May 2002 01:52:20 +0300 (EEST)
From: Giorgos Keramidas <keramida@freebsd.org>
Reply-To: Giorgos Keramidas <keramida@freebsd.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: Add a check for MAXPATHLEN to cp(1).
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         38671
>Category:       bin
>Synopsis:       Add a check for MAXPATHLEN to cp(1).
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Tue May 28 16:00:09 PDT 2002
>Closed-Date:    Tue May 28 18:39:23 PDT 2002
>Last-Modified:  Tue May 28 18:39:23 PDT 2002
>Originator:     Giorgos Keramidas
>Release:        FreeBSD 5.0-CURRENT i386
>Organization:
>Environment:

System: FreeBSD hades.hell.gr 5.0-CURRENT FreeBSD 5.0-CURRENT #0:
Mon May 27 23:54:32 EEST 2002 root@hades.hell.gr:/usr/obj/usr/src/sys/HECATE i386

>Description:

The following patch has been merged from NetBSD.  Their version of
cp(1) always checks the destination pathname to make sure it doesn't
exceed MAXPATHLEN.

>How-To-Repeat:
>Fix:

%%%
Index: cp.c
===================================================================
RCS file: /home/ncvs/src/bin/cp/cp.c,v
retrieving revision 1.35
diff -u -r1.35 cp.c
--- cp.c	17 May 2002 12:24:19 -0000	1.35
+++ cp.c	28 May 2002 21:25:22 -0000
@@ -172,6 +172,8 @@
 
 	/* Save the target base in "to". */
 	target = argv[--argc];
+	if (strlen(target) > MAXPATHLEN)
+		errx(1, "%s: name too long", target);
 	if (strlcpy(to.p_path, target, sizeof(to.p_path)) >= sizeof(to.p_path))
 		errx(1, "%s: name too long", target);
 	to.p_end = to.p_path + strlen(to.p_path);
@@ -290,6 +292,14 @@
                  * source name to the target name.
                  */
 		if (type != FILE_TO_FILE) {
+			if ((curr->fts_namelen +
+			    to.target_end - to.p_path + 1) > MAXPATHLEN) {
+				warnx("%s/%s: name too long (not copied)",
+				    to.p_path, curr->fts_name);
+				rval = 1;
+				continue;
+			}
+
 			/*
 			 * Need to remember the roots of traversals to create
 			 * correct pathnames.  If there's a directory being
%%%
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: keramida 
State-Changed-When: Tue May 28 18:38:13 PDT 2002 
State-Changed-Why:  
Enlightened by bde in private mail. 
The FreeBSD version of cp does this already. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=38671 
>Unformatted:
