Re: [PATCH] symlink name and possible overflow in create_node()

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Johannes Erdfelt <johannes@erdfelt.com>
To: linux-hotplug@vger.kernel.org
Subject: Re: [PATCH] symlink name and possible overflow in create_node()
Date: Tue, 17 Feb 2004 19:22:21 +0000	[thread overview]
Message-ID: <20040217192221.GR16632@sventech.com> (raw)
In-Reply-To: <20040217190010.GA9773@suse.de>

On Tue, Feb 17, 2004, Olaf Hering <olh@suse.de> wrote:
> the filename array might overflow if I interpret the strncat man page correctly.
> 
> --- ./udev-add.c~       2004-02-16 22:58:24.000000000 +0100
> +++ ./udev-add.c        2004-02-17 19:56:56.000000000 +0100
> @@ -146,7 +146,7 @@ static int create_node(struct udevice *d
>         int tail;
> 
>         strncpy(filename, udev_root, sizeof(filename));
> -       strncat(filename, dev->name, sizeof(filename));
> +       strncat(filename, dev->name, sizeof(filename) - strlen(filename));
> 
>         switch (dev->type) {
>         case 'b':

strncpy/strncat don't null terminate strings if it hits the maximum
size. Looks like all of those calls need some code explicitly null
terminate the strings as well.

	strncpy(filename, udev_root, sizeof(filename));
	filename[sizeof(filename) - 1] = 0;
	strncat(filename, dev->name, sizeof(filename) - strlen(filename));
	filename[sizeof(filename) - 1] = 0;

Otherwise, it could cause strange behaviour when the strings are
actually used.

JE



-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id\x1356&alloc_id438&op=click
_______________________________________________
Linux-hotplug-devel mailing list  http://linux-hotplug.sourceforge.net
Linux-hotplug-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-hotplug-devel

next prev parent reply	other threads:[~2004-02-17 19:22 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-02-17 19:00 [PATCH] symlink name and possible overflow in create_node() Olaf Hering
2004-02-17 19:22 ` Johannes Erdfelt [this message]
2004-02-17 19:47 ` Kay Sievers
2004-02-18  8:27 ` John L. Fjellstad
2004-02-18 10:08 ` Kay Sievers
2004-02-18 11:03 ` John L. Fjellstad

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20040217192221.GR16632@sventech.com \
    --to=johannes@erdfelt.com \
    --cc=linux-hotplug@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.