| Message ID | 20190902203244.3104-1-hauke@hauke-m.de |
|---|---|
| State | Accepted |
| Delegated to: | Hauke Mehrtens |
| Headers | show |
| Series | [OpenWrt-Devel] fstools: mkdev: Avoid out of bounds read | expand |
On Mon, 2 Sep 2019 at 22:33, Hauke Mehrtens <hauke@hauke-m.de> wrote: > readlink() truncates and does not null terminate the string when more > bytes would be written than available. Just increase the char array by > one and assume that there is a problem when all bytes are needed. > > Coverity: #1330087, #1329991 > Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Minor comment: That "fstools: " prefix is redundant. As for marking a PATCH I suggest something like [PATCH fstools]
diff --git a/libblkid-tiny/mkdev.c b/libblkid-tiny/mkdev.c index a35722b..e8ce841 100644 --- a/libblkid-tiny/mkdev.c +++ b/libblkid-tiny/mkdev.c @@ -31,7 +31,7 @@ #include <syslog.h> -static char buf[PATH_MAX]; +static char buf[PATH_MAX + 1]; static char buf2[PATH_MAX]; static unsigned int mode = 0600; @@ -66,7 +66,7 @@ static void find_devs(bool block) strcpy(path, dp->d_name); len = readlink(buf2, buf, sizeof(buf)); - if (len <= 0) + if (len <= 0 || len == sizeof(buf)) continue; buf[len] = 0;
readlink() truncates and does not null terminate the string when more bytes would be written than available. Just increase the char array by one and assume that there is a problem when all bytes are needed. Coverity: #1330087, #1329991 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> --- libblkid-tiny/mkdev.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)