From a52926f6d3cd2520419c60d4f81a410d33d6d970 Mon Sep 17 00:00:00 2001
From: Simon Xu <xu.simon@oracle.com>
Date: Mon, 20 Aug 2018 20:31:26 +0800
Subject: [PATCH 098/103] Fix potential command line buffer overflow

parted terminates with 'stack smashing detected' when fed with a long command
line argument, and segfaults when the argument is long enough:

root # /sbin/parted /dev/sda $(perl -e 'print "a"x265')
*** stack smashing detected ***: /sbin/parted terminated
...
Aborted

root # /sbin/parted /dev/sda $(perl -e 'print "a"x328')
*** stack smashing detected ***: /sbin/parted terminated
...
Command History:
Segmentation fault

parted should be able to detect it and exit with error and usage messages.
This also makes command line buffer overflow exploit more possible.  Fix it by
adding length check in the condition of the for loop where command line
arguments are copied.

Signed-off-by: Simon Xu <xu.simon@oracle.com>
Signed-off-by: Brian C. Lane <bcl@redhat.com>
---
 parted/ui.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/parted/ui.c b/parted/ui.c
index 4f42b7c..d421768 100644
--- a/parted/ui.c
+++ b/parted/ui.c
@@ -728,7 +728,7 @@ command_line_push_line (const char* line, int multi_word)
                         line++;
 
                 i = 0;
-                for (; *line; line++) {
+                for (; *line && i < sizeof (this_word) - 1; line++) {
                         if (*line == ' ' && !quoted) {
                                 if (multi_word)
                                         break;
-- 
2.17.2