[OpenWrt-Devel] fstools: mkdev: Avoid out of bounds read
diff mbox series

Message ID 20190902203244.3104-1-hauke@hauke-m.de
State Under Review
Delegated to: Hauke Mehrtens
Headers show
Series
  • [OpenWrt-Devel] fstools: mkdev: Avoid out of bounds read
Related show

Commit Message

Hauke Mehrtens Sept. 2, 2019, 8:32 p.m. UTC
readlink() truncates and does not null terminate the string when more
bytes would be written than available. Just increase the char array by
one and assume that there is a problem when all bytes are needed.

Coverity: #1330087, #1329991
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
---
 libblkid-tiny/mkdev.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

Rafał Miłecki Sept. 3, 2019, 3:55 a.m. UTC | #1
On Mon, 2 Sep 2019 at 22:33, Hauke Mehrtens <hauke@hauke-m.de> wrote:
> readlink() truncates and does not null terminate the string when more
> bytes would be written than available. Just increase the char array by
> one and assume that there is a problem when all bytes are needed.
>
> Coverity: #1330087, #1329991
> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

Minor comment:
That "fstools: " prefix is redundant. As for marking a PATCH I suggest
something like
[PATCH fstools]

Patch
diff mbox series

diff --git a/libblkid-tiny/mkdev.c b/libblkid-tiny/mkdev.c
index a35722b..e8ce841 100644
--- a/libblkid-tiny/mkdev.c
+++ b/libblkid-tiny/mkdev.c
@@ -31,7 +31,7 @@ 
 
 #include <syslog.h>
 
-static char buf[PATH_MAX];
+static char buf[PATH_MAX + 1];
 static char buf2[PATH_MAX];
 static unsigned int mode = 0600;
 
@@ -66,7 +66,7 @@  static void find_devs(bool block)
 
 		strcpy(path, dp->d_name);
 		len = readlink(buf2, buf, sizeof(buf));
-		if (len <= 0)
+		if (len <= 0 || len == sizeof(buf))
 			continue;
 
 		buf[len] = 0;