Bug 7058

Summary: ash will get segfault if the expend pathname length exceed 2048.
Product: Busybox Reporter: frank chen <frank.chen2>
Component: OtherAssignee: unassigned
Status: RESOLVED FIXED    
Severity: minor CC: busybox-cvs
Priority: P5    
Version: 1.22.x   
Target Milestone: ---   
Hardware: PC   
OS: Linux   
Host: Target:
Build:
Attachments: use 4096 buffer size, and check the expend before doing it.
recheck the code, this seems better
another check
here is the corrent one

Description frank chen 2014-04-23 20:20:09 UTC 
Created attachment 5360 [details]
use 4096 buffer size, and check the expend before doing it.

The setup:
using perl under ash.

while true; do mkdir `perl -e 'print "A" x 255'`; cd A* || break; done
cd (to the top root directory)

issue:
ls A*/A*/A*/A*/A*/A*/A*/A*/A*  (deep 9, which pathname is more than 8x256)

shell will die for segfault.

I have the fix for us, which our PATH_MAX is 4096.
Comment 1 frank chen 2014-04-25 12:40:39 UTC 
Created attachment 5366 [details]
recheck the code, this seems better
Comment 2 frank chen 2014-05-19 15:09:07 UTC 
Created attachment 5390 [details]
another check
Comment 3 frank chen 2014-05-19 15:17:42 UTC 
Created attachment 5396 [details]
here is the corrent one
Comment 4 Ron Yorston 2020-01-25 11:28:01 UTC 
Fixed by commit d5f5045b43 (ash: expand: Fix buffer overflow in expandmeta). The first release containing this commit is 1.29.0.