Subject: Re: bin/36725: fsplit segfaults when user doesnt have correct permissions
To: None <gnats-admin@netbsd.org, netbsd-bugs@netbsd.org,>
From: John Nemeth <jnemeth@victoria.tc.ca>
List: netbsd-bugs
Date: 08/03/2007 07:45:01
The following reply was made to PR bin/36725; it has been noted by GNATS.

From: jnemeth@victoria.tc.ca (John Nemeth)
To: gnats-bugs@NetBSD.org, netbsd-bugs@NetBSD.org
Cc: 
Subject: Re: bin/36725: fsplit segfaults when user doesnt have correct permissions
Date: Fri, 3 Aug 2007 00:41:48 -0700

 On Nov 18,  9:07am, new.security@gmail.com wrote:
 }
 } >Number:         36725
 } >Synopsis:       fsplit segfaults when user doesnt have correct permissions
 } >Description:
 } When you run fsplit without any arguments in a directory that you do not have writing permissions in it will segfault because it is trying to write  a file without checking if you have the correct permissions.
 
      Eyeballing the code and experimenting demonstrates that it doesn't
 matter if you supply an argument or not.
 
 } >How-To-Repeat:
 } run fsplit in a directory you do not have write permissions in.
 } >Fix:
 } Index: fsplit.c
 } ===================================================================
 } RCS file: /cvsroot/src/usr.bin/fsplit/fsplit.c,v
 } retrieving revision 1.11
 } diff -u -r1.11 fsplit.c
 } --- fsplit.c    30 Oct 2004 17:27:28 -0000      1.11
 } +++ fsplit.c    2 Aug 2007 16:21:39 -0000
 } @@ -147,8 +147,15 @@
 }                         exit(1);
 }                 }
 }         }
 } -       else
 } +       else {
 } +               if((access(".", W_OK)) !=0) {
 } +                       fprintf(stderr, "Incorrent access user cannot write to directory\n");
 } +                       exit(1);
 } +               }
 } +
 }                 ifp = stdin;
 } +       }
 } +
 }      for(;;) {
 }         /* look for a temp file that doesn't correspond to an existing file */
 }         get_name(x, 3);
 
      This patch is not in any way an improvement.  There is no error
 checking anywhere in the code.  The file that it is trying to open
 could be at the end of a symbolic link and this patch doesn't cover
 that case.  Also, there are other reasons besides lack of write
 permission in the directory that the fopen() could fail.  As mentioned
 above, it doesn't matter if an argument is supplied, so even if the
 patch was correct, it is in the wrong place.  Finally, any of the other
 operations could fail for any number of reasons.  The program needs a
 major overhaul and needs to have error checking added to all file
 operations.
 
 }-- End of excerpt from new.security@gmail.com