[Boost-bugs] [Boost C++ Libraries] #13133: copy_file does not check file type, can fill disk or hang program if used on certain file types

Subject: [Boost-bugs] [Boost C++ Libraries] #13133: copy_file does not check file type, can fill disk or hang program if used on certain file types
From: Boost C++ Libraries (noreply_at_[hidden])
Date: 2017-07-24 21:12:14

• Next message: Boost C++ Libraries: "[Boost-bugs] [Boost C++ Libraries] #13134: Warnings about the use of 0 as null pointer constant."
• Previous message: Boost C++ Libraries: "Re: [Boost-bugs] [Boost C++ Libraries] #13047: Program crash after calling boost::filesystem::exists"

#13133: copy_file does not check file type, can fill disk or hang program if used
on certain file types
----------------------------------+-------------------------
 Reporter: Ryan Patton <rjp2@…> | Owner: Beman Dawes
     Type: Bugs | Status: new
Milestone: To Be Determined | Component: filesystem
  Version: Boost 1.63.0 | Severity: Problem
 Keywords: copy_file |
----------------------------------+-------------------------
 Boost’s copy_file method, when passed non-regular files, can fill up the
 user’s disk space or hang the program.

 The copy_file method does not check file type before it begins copying,
 which can lead to unspecified behavior if the user tries to copy a non-
 regular (type) file. As only regular files can be properly copied by
 reading and writing their contents, trying to copy non-regular files in
 this way can cause problems. For example:
 - Trying to copy a symlink to the character device /dev/urandom with
 copy_file will copy random data into the output file indefinitely, quickly
 filling up the user’s disk.
 - Trying to copy a FIFO type file with copy_file will result in the
 program hanging indefinitely if left unattended.

 This problem can be fixed without too much work by checking the result of
 the post-open stat call to check that a regular file was opened. I have
 written up a patch, which I submitted a pull-request for (#48).
 This problem was found as part of an effort to detect and deal with
 â€œenvironmental” bugs in popular applications (for more information, check
 out https://works-everywhere.org). It was found using a tool that detects
 situations where an application fails to correctly handle unusual
 environmental conditions such as files having an unexpected file type.

-- 
Ticket URL: <https://svn.boost.org/trac10/boost/ticket/13133>
Boost C++ Libraries <http://www.boost.org/>
Boost provides free peer-reviewed portable C++ source libraries.

• Next message: Boost C++ Libraries: "[Boost-bugs] [Boost C++ Libraries] #13134: Warnings about the use of 0 as null pointer constant."
• Previous message: Boost C++ Libraries: "Re: [Boost-bugs] [Boost C++ Libraries] #13047: Program crash after calling boost::filesystem::exists"

This archive was generated by hypermail 2.1.7 : 2017-07-24 21:17:10 UTC