From: Miklos Szeredi Date: Wed, 3 Nov 2010 04:25:45 +0000 (-0400) Subject: Verify in ttyname() that the symlink is valid. X-Git-Tag: glibc-2.12.2~56 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b200942785ca025f73c3153ccdac7dec5b40656c;p=thirdparty%2Fglibc.git Verify in ttyname() that the symlink is valid. (cherry picked from commit 0e516e0e14f2f9783a21cd1727bc53776341f857) --- diff --git a/ChangeLog b/ChangeLog index 7590fd59214..77cd729ba77 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +2010-11-03 Ulrich Drepper + + [BZ #12167] + * sysdeps/unix/sysv/linux/ttyname.c (ttyname): Recognize new mangling + of inacessible symlinks. Verify result of symlink before returning it. + * sysdeps/unix/sysv/linux/ttyname_r.c (__ttyname_r): Likewise. + Patch mostly by Miklos Szeredi . + 2010-10-20 Andreas Krebbel Ulrich Drepper diff --git a/sysdeps/unix/sysv/linux/ttyname.c b/sysdeps/unix/sysv/linux/ttyname.c index 69af6adc651..6cec3a90130 100644 --- a/sysdeps/unix/sysv/linux/ttyname.c +++ b/sysdeps/unix/sysv/linux/ttyname.c @@ -1,4 +1,5 @@ -/* Copyright (C) 1991,92,93,1996-2002,2006,2009 Free Software Foundation, Inc. +/* Copyright (C) 1991-1993,1996-2002,2006,2009,2010 + Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or @@ -131,6 +132,9 @@ ttyname (int fd) if (__builtin_expect (__tcgetattr (fd, &term) < 0, 0)) return NULL; + if (__fxstat64 (_STAT_VER, fd, &st) < 0) + return NULL; + /* We try using the /proc filesystem. */ *_fitoa_word (fd, __stpcpy (procname, "/proc/self/fd/"), 10, 0) = '\0'; @@ -161,13 +165,32 @@ ttyname (int fd) { if ((size_t) len >= buflen) return NULL; + +#define UNREACHABLE_LEN strlen ("(unreachable)") + if (len > UNREACHABLE_LEN + && memcmp (ttyname_buf, "(unreachable)", UNREACHABLE_LEN) == 0) + { + memmove (ttyname_buf, ttyname_buf + UNREACHABLE_LEN, + len - UNREACHABLE_LEN); + len -= UNREACHABLE_LEN; + } + /* readlink need not terminate the string. */ ttyname_buf[len] = '\0'; - return ttyname_buf; - } - if (__fxstat64 (_STAT_VER, fd, &st) < 0) - return NULL; + /* Verify readlink result, fall back on iterating through devices. */ + if (ttyname_buf[0] == '/' + && __xstat64 (_STAT_VER, ttyname_buf, &st1) == 0 +#ifdef _STATBUF_ST_RDEV + && S_ISCHR (st1.st_mode) + && st1.st_rdev == st.st_rdev +#else + && st1.st_ino == st.st_ino + && st1.st_dev == st.st_dev +#endif + ) + return ttyname_buf; + } if (__xstat64 (_STAT_VER, "/dev/pts", &st1) == 0 && S_ISDIR (st1.st_mode)) { diff --git a/sysdeps/unix/sysv/linux/ttyname_r.c b/sysdeps/unix/sysv/linux/ttyname_r.c index cef8624dc69..2fa7503471b 100644 --- a/sysdeps/unix/sysv/linux/ttyname_r.c +++ b/sysdeps/unix/sysv/linux/ttyname_r.c @@ -1,4 +1,5 @@ -/* Copyright (C) 1991,92,93,1995-2001,2003,2006 Free Software Foundation, Inc. +/* Copyright (C) 1991-1993,1995-2001,2003,2006,2010 + Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or @@ -122,6 +123,9 @@ __ttyname_r (int fd, char *buf, size_t buflen) if (__builtin_expect (__tcgetattr (fd, &term) < 0, 0)) return errno; + if (__fxstat64 (_STAT_VER, fd, &st) < 0) + return errno; + /* We try using the /proc filesystem. */ *_fitoa_word (fd, __stpcpy (procname, "/proc/self/fd/"), 10, 0) = '\0'; @@ -145,12 +149,30 @@ __ttyname_r (int fd, char *buf, size_t buflen) #endif , 1)) { +#define UNREACHABLE_LEN strlen ("(unreachable)") + if (ret > UNREACHABLE_LEN + && memcmp (buf, "(unreachable)", UNREACHABLE_LEN) == 0) + { + memmove (buf, buf + UNREACHABLE_LEN, ret - UNREACHABLE_LEN); + ret -= UNREACHABLE_LEN; + } + + /* readlink need not terminate the string. */ buf[ret] = '\0'; - return 0; - } - if (__fxstat64 (_STAT_VER, fd, &st) < 0) - return errno; + /* Verify readlink result, fall back on iterating through devices. */ + if (buf[0] == '/' + && __xstat64 (_STAT_VER, buf, &st1) == 0 +#ifdef _STATBUF_ST_RDEV + && S_ISCHR (st1.st_mode) + && st1.st_rdev == st.st_rdev +#else + && st1.st_ino == st.st_ino + && st1.st_dev == st.st_dev +#endif + ) + return 0; + } /* Prepare the result buffer. */ memcpy (buf, "/dev/pts/", sizeof ("/dev/pts/"));