All of lore.kernel.org
 help / color / mirror / Atom feed
From: Kay Sievers <kay.sievers@vrfy.org>
To: linux-hotplug@vger.kernel.org
Subject: [PATCH] udev - safer string handling - part two
Date: Thu, 26 Feb 2004 00:31:00 +0000	[thread overview]
Message-ID: <20040226003100.GA27025@vrfy.org> (raw)

[-- Attachment #1: Type: text/plain, Size: 555 bytes --]

As promised, here is the next round. We provide in addition to the
already used macros:

  strfieldcpy(to, from)
  strfieldcat(to, from)

the corresponding friends, if the size of the target is not known and
must be provided by the caller:

  strnfieldcpy(to, from, maxsize)
  strnfieldcat(to, from, maxsize)

and switch nearly all possibly unsafe users of strcat(), strncat(),
strcpy() and strncpy() to these safer macros.

The last known remaining issue seems the use of sprintf() and
snprintf(). I will take on it later today or tomorrow.

thanks,
Kay

[-- Attachment #2: 05-stringfield-next-round.patch --]
[-- Type: text/plain, Size: 4202 bytes --]

diff -Nru a/namedev.c b/namedev.c
--- a/namedev.c	Thu Feb 26 01:26:53 2004
+++ b/namedev.c	Thu Feb 26 01:26:53 2004
@@ -209,7 +209,9 @@
 	return -1;
 }
 
-static void apply_format(struct udevice *udev, unsigned char *string, struct sysfs_class_device *class_dev, struct sysfs_device *sysfs_device)
+static void apply_format(struct udevice *udev, char *string, size_t maxsize,
+			 struct sysfs_class_device *class_dev,
+			 struct sysfs_device *sysfs_device)
 {
 	char temp[NAME_SIZE];
 	char temp1[NAME_SIZE];
@@ -245,19 +247,19 @@
 		case 'b':
 			if (strlen(udev->bus_id) == 0)
 				break;
-			strcat(pos, udev->bus_id);
+			strnfieldcat(pos, udev->bus_id, maxsize);
 			dbg("substitute bus_id '%s'", udev->bus_id);
 			break;
 		case 'k':
 			if (strlen(udev->kernel_name) == 0)
 				break;
-			strcat(pos, udev->kernel_name);
+			strnfieldcat(pos, udev->kernel_name, maxsize);
 			dbg("substitute kernel name '%s'", udev->kernel_name);
 			break;
 		case 'n':
 			if (strlen(udev->kernel_number) == 0)
 				break;
-			strcat(pos, udev->kernel_number);
+			strnfieldcat(pos, udev->kernel_number, maxsize);
 			dbg("substitute kernel number '%s'", udev->kernel_number);
 				break;
 		case 'm':
@@ -287,11 +289,11 @@
 					}
 				}
 				if (pos3) {
-					strcat(pos, pos3);
+					strnfieldcat(pos, pos3, maxsize);
 					dbg("substitute part of result string '%s'", pos3);
 				}
 			} else {
-				strcat(pos, udev->program_result);
+				strnfieldcat(pos, udev->program_result, maxsize);
 				dbg("substitute result string '%s'", udev->program_result);
 			}
 			break;
@@ -302,20 +304,20 @@
 					dbg("sysfa attribute '%s' not found", attr);
 					break;
 				}
-				strcpy(pos, tmpattr->value);
+				strnfieldcpy(pos, tmpattr->value, maxsize);
 				dbg("substitute sysfs value '%s'", tmpattr->value);
 			} else {
 				dbg("missing attribute");
 			}
 			break;
 		case '%':
-			strcat(pos, "%");
+			strnfieldcat(pos, "%", maxsize);
 			break;
 		default:
 			dbg("unknown substitution type '%%%c'", c);
 			break;
 		}
-		strcat(pos, tail);
+		strnfieldcat(pos, tail, maxsize);
 	}
 }
 
@@ -452,7 +454,7 @@
 				strncpy(value, buffer, len);
 				pos = value + strlen(value)-1;
 				if (pos[0] == '\n')
-				pos[0] = '\0';
+					pos[0] = '\0';
 				dbg("result is '%s'", value);
 			}
 		}
@@ -724,7 +726,8 @@
 		/* execute external program */
 		if (dev->program[0] != '\0') {
 			dbg("check " FIELD_PROGRAM);
-			apply_format(udev, dev->program, class_dev, sysfs_device);
+			apply_format(udev, dev->program, sizeof(dev->program),
+				     class_dev, sysfs_device);
 			if (execute_program(dev->program, udev->program_result, NAME_SIZE) != 0) {
 				dbg(FIELD_PROGRAM " returned nozero");
 				goto try_parent;
@@ -816,8 +819,10 @@
 
 found:
 	/* substitute placeholder */
-	apply_format(udev, udev->name, class_dev, sysfs_device);
-	apply_format(udev, udev->symlink, class_dev, sysfs_device);
+	apply_format(udev, udev->name, sizeof(udev->name),
+		     class_dev, sysfs_device);
+	apply_format(udev, udev->symlink, sizeof(udev->symlink),
+		     class_dev, sysfs_device);
 	udev->partitions = dev->partitions;
 done:
 	perm = find_perm(udev->name);
diff -Nru a/udev.h b/udev.h
--- a/udev.h	Thu Feb 26 01:26:53 2004
+++ b/udev.h	Thu Feb 26 01:26:53 2004
@@ -64,7 +64,19 @@
 #define strfieldcat(to, from) \
 do { \
 	to[sizeof(to)-1] = '\0'; \
-	strncat(to, from, sizeof(to) - strlen(to) -1); \
+	strncat(to, from, sizeof(to) - strlen(to)-1); \
+} while (0)
+
+#define strnfieldcpy(to, from, maxsize) \
+do { \
+	to[maxsize-1] = '\0'; \
+	strncpy(to, from, maxsize-1); \
+} while (0)
+
+#define strnfieldcat(to, from, maxsize) \
+do { \
+	to[maxsize-1] = '\0'; \
+	strncat(to, from, maxsize - strlen(to)-1); \
 } while (0)
 
 extern int udev_add_device(char *path, char *subsystem, int fake);
diff -Nru a/udev_config.c b/udev_config.c
--- a/udev_config.c	Thu Feb 26 01:26:53 2004
+++ b/udev_config.c	Thu Feb 26 01:26:53 2004
@@ -81,7 +81,7 @@
 #define set_var(_name, _var)				\
 	if (strcasecmp(variable, _name) == 0) {		\
 		dbg_parse("%s = '%s'", _name, value);	\
-		strncpy(_var, value, sizeof(_var));	\
+		strnfieldcpy(_var, value, sizeof(_var));\
 	}
 
 #define set_bool(_name, _var)				\

             reply	other threads:[~2004-02-26  0:31 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-02-26  0:31 Kay Sievers [this message]
2004-02-26  2:22 ` [PATCH] udev - safer string handling - part three Kay Sievers
2004-02-26  4:26 ` [PATCH] udev - safer string handling - part four Kay Sievers
2004-02-26 20:56 ` [PATCH] udev - safer string handling - part two Greg KH
2004-02-26 20:56 ` [PATCH] udev - safer string handling - part three Greg KH
2004-02-26 20:57 ` [PATCH] udev - safer string handling - part four Greg KH
2004-02-26 22:42 ` Kay Sievers
2004-03-18 14:24 ` [PATCH] udev - safer string handling - part three Harald Hoyer
2004-03-18 14:39 ` Kay Sievers
2004-03-18 15:01 ` Harald Hoyer
2004-03-26 22:41 ` Kay Sievers
2004-03-29  8:09 ` Harald Hoyer

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20040226003100.GA27025@vrfy.org \
    --to=kay.sievers@vrfy.org \
    --cc=linux-hotplug@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.