Hopefully this is the correct place to report this; I recently found a buffer overflow bug in the "fsck" command-line utility on an old version of the tool. Today I checked out the e2fsprogs master and compiled it on my x86-64 ubuntu 16.04 machine and confirmed the bug still exists. I have been able to produce the bug on multiple machines with a command-line like: fsck -t AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA /dev/sda Which results in a message: "*** buffer overflow detected ***: fsck terminated" I believe the bug stems from fsck.c, execute() line 448. Relevant code follows: 438 char *s, *argv[80], prog[80]; 439 int argc, i; 440 struct fsck_instance *inst, *p; 441 pid_t pid; 442 443 inst = malloc(sizeof(struct fsck_instance)); 444 if (!inst) 445 return ENOMEM; 446 memset(inst, 0, sizeof(struct fsck_instance)); 447 448 sprintf(prog, "fsck.%s", type); Note that the sprintf() call does no bounds checking of the "type" argument and that "prog" is only 80 bytes in size. Please let me know if you need anything else or would prefer a patch (and what format is preferred). Thanks, Brenan
