Program Crashes Upon Malicious Action
daknob opened this issue · 3 comments
daknob commented
One can cause turnin
to crash by turning in a proper file and upon requesting confirmation of the files remove the file or change its name. There will be further investigation because it is believed this can cause out of bounds read/write.
zakkak commented
It does not crash. Tar fails and turnin catches the error. Allthough a more friendly message would indeed be nice.
daknob commented
Triggering this method can cause weird behavior from turnin
. More specifically, the following errors have been encountered (conditions unknown):
- The symlink
user9999.tgz
does not point to the latest file. - The binary
turnin
turned in an empty tar file. (I have no idea how this happened)
zakkak commented
I am not able to reproduce!