lib/path: fix crash, pathbuf overflow

author Ruediger Meier <ruediger.meier@ga-group.nl>

Tue, 27 Jun 2017 18:32:52 +0000 (20:32 +0200)

committer Ruediger Meier <ruediger.meier@ga-group.nl>

Tue, 27 Jun 2017 19:39:35 +0000 (21:39 +0200)
author Ruediger Meier <ruediger.meier@ga-group.nl>
Tue, 27 Jun 2017 18:32:52 +0000 (20:32 +0200)
committer Ruediger Meier <ruediger.meier@ga-group.nl>
Tue, 27 Jun 2017 19:39:35 +0000 (21:39 +0200)
diff --git a/include/path.h b/include/path.h

index 45da692f8169e929cb4214c5f9ea49add12f2d24..11c3367596e4f4e96de0fa1fb857d7b0cf2dced7 100644 (file)
--- a/include/path.h
+++ b/include/path.h
@@ -27,7 +27,11 @@ extern cpu_set_t *path_read_cpuset(int, const char *path, ...)
                               __attribute__ ((__format__ (__printf__, 2, 3)));
  extern cpu_set_t *path_read_cpulist(int, const char *path, ...)
                                __attribute__ ((__format__ (__printf__, 2, 3)));
-extern void path_set_prefix(const char *);
+
+/* Returns: 0 on success, sets errno on error. */
+extern int path_set_prefix(const char *)
+                       __attribute__((warn_unused_result));
+
  #endif /* HAVE_CPU_SET_T */
  
  #endif /* UTIL_LINUX_PATH_H */
diff --git a/lib/path.c b/lib/path.c

index 1a623bc6d673f4b2e7a266a1c808e1df74fbeeae..eaa6d881c60638d8dc399c60dc53baa1f74ab992 100644 (file)
--- a/lib/path.c
+++ b/lib/path.c
@@ -244,12 +244,18 @@ path_read_cpulist(int maxcpus, const char *path, ...)
         return set;
  }
  
-void
+int
  path_set_prefix(const char *prefix)
  {
-       prefixlen = strlen(prefix);
-       strncpy(pathbuf, prefix, sizeof(pathbuf));
-       pathbuf[sizeof(pathbuf) - 1] = '\0';
+       size_t len = strlen(prefix);
+
+       if (len >= sizeof(pathbuf) - 1) {
+               errno = ENAMETOOLONG;
+               return -1;
+       }
+       prefixlen = len;
+       strcpy(pathbuf, prefix);
+       return 0;
  }
  
  #endif /* HAVE_CPU_SET_T */
diff --git a/sys-utils/lscpu.c b/sys-utils/lscpu.c

index 424b9de0ee405651d421ba8dc69f2032df0a51aa..f6e47277eae87054899e1a2b4f209cd0f25494c0 100644 (file)
--- a/sys-utils/lscpu.c
+++ b/sys-utils/lscpu.c
@@ -2148,7 +2148,8 @@ int main(int argc, char *argv[])
                         mod->mode = c == 'p' ? OUTPUT_PARSABLE : OUTPUT_READABLE;
                         break;
                 case 's':
-                       path_set_prefix(optarg);
+                       if(path_set_prefix(optarg))
+                               err(EXIT_FAILURE, _("invalid argument to %s"), "--sysroot");
                         mod->system = SYSTEM_SNAPSHOT;
                         break;
                 case 'x':
diff --git a/sys-utils/lsmem.c b/sys-utils/lsmem.c

index 04e7d20be214aabea7db6d0996d33a948a373906..e1ee5a5ce0c516558131c3024f41097904057e08 100644 (file)
--- a/sys-utils/lsmem.c
+++ b/sys-utils/lsmem.c
@@ -470,7 +470,8 @@ int main(int argc, char **argv)
                         lsmem->want_summary = 0;
                         break;
                 case 's':
-                       path_set_prefix(optarg);
+                       if(path_set_prefix(optarg))
+                               err(EXIT_FAILURE, _("invalid argument to %s"), "--sysroot");
                         break;
                 case 'V':
                         printf(UTIL_LINUX_VERSION);
author	Ruediger Meier <ruediger.meier@ga-group.nl>
	Tue, 27 Jun 2017 18:32:52 +0000 (20:32 +0200)
committer	Ruediger Meier <ruediger.meier@ga-group.nl>
	Tue, 27 Jun 2017 19:39:35 +0000 (21:39 +0200)
include/path.h		patch \| blob \| blame \| history
lib/path.c		patch \| blob \| blame \| history
sys-utils/lscpu.c		patch \| blob \| blame \| history
sys-utils/lsmem.c		patch \| blob \| blame \| history