From 53d3a99cccf08016eff0351884e7e86a658dffd6 Mon Sep 17 00:00:00 2001 From: Lucas De Marchi Date: Mon, 8 Aug 2016 11:42:52 -0300 Subject: [PATCH] libkmod: fix use of strcpy We were not checking if there was sufficient space in the buffer. --- libkmod/libkmod-config.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/libkmod/libkmod-config.c b/libkmod/libkmod-config.c index 57fbe378..19f56a71 100644 --- a/libkmod/libkmod-config.c +++ b/libkmod/libkmod-config.c @@ -844,15 +844,20 @@ int kmod_config_new(struct kmod_ctx *ctx, struct kmod_config **p_config, config->ctx = ctx; for (; list != NULL; list = kmod_list_remove(list)) { - char fn[PATH_MAX]; + char buf[PATH_MAX]; + const char *fn = buf; struct conf_file *cf = list->data; int fd; - if (cf->is_single) - strcpy(fn, cf->path); - else - snprintf(fn, sizeof(fn),"%s/%s", cf->path, - cf->name); + if (cf->is_single) { + fn = cf->path; + } else if (snprintf(buf, sizeof(buf), "%s/%s", + cf->path, cf->name) >= (int)sizeof(buf)) { + ERR(ctx, "Error parsing %s/%s: path too long\n", + cf->path, cf->name); + free(cf); + continue; + } fd = open(fn, O_RDONLY|O_CLOEXEC); DBG(ctx, "parsing file '%s' fd=%d\n", fn, fd); -- 2.47.3