Hopefully this is the correct place to report this; I recently found a buffer overflow bug in the "fsck" command-line utility on an old version of the tool. Today I checked out the e2fsprogs master and compiled it on my x86-64 ubuntu 16.04 machine and confirmed the bug still exists. I have been able to produce the bug on multiple machines with a command-line like: fsck -t AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA /dev/sda Which results in a message: "*** buffer overflow detected ***: fsck terminated" I believe the bug stems from fsck.c, execute() line 448. Relevant code follows: 438 char *s, *argv[80], prog[80]; 439 int argc, i; 440 struct fsck_instance *inst, *p; 441 pid_t pid; 442 443 inst = malloc(sizeof(struct fsck_instance)); 444 if (!inst) 445 return ENOMEM; 446 memset(inst, 0, sizeof(struct fsck_instance)); 447 -->448 sprintf(prog, "fsck.%s", type); Note that the sprintf() call does no bounds checking of the "type" argument (which is a string that comes from the command line) and that "prog" is only 80 bytes in size. Please let me know if you need anything else or would prefer a patch (and what format is preferred). Thanks, Brenan
