From: Ville Nuorvala <vnuorval@tcs.hut.fi>
To: bluez-devel@lists.sourceforge.net
Subject: [Bluez-devel] [PATCH] Fix infinite loops in textfile.c
Date: Fri, 09 Sep 2005 19:52:18 +0300 [thread overview]
Message-ID: <4321BDC2.70404@tcs.hut.fi> (raw)
[-- Attachment #1: Type: text/plain, Size: 573 bytes --]
Hi,
both textfile_put() and textfile_get() go into inifinite loops if a
string matching the search key is found anywhere except at the beginning
of a line.
Both functions may also get false positive matches if the search key
forms a substring of some other key in the same file.
The attached patch fixes both problems, but I can split it up into two
separate parts if you wish.
Regards,
Ville
--
Ville Nuorvala
Research Assistant,
Laboratory for Theoretical Computer Science,
Helsinki University of Technology
email: vnuorval@tcs.hut.fi, phone: +358 (0)9 451 5257
[-- Attachment #2: infinite_loop.patch --]
[-- Type: text/x-patch, Size: 1710 bytes --]
Index: common/textfile.c
===================================================================
RCS file: /cvsroot/bluez/utils/common/textfile.c,v
retrieving revision 1.7
diff -u -r1.7 textfile.c
--- common/textfile.c 7 Sep 2005 17:31:56 -0000 1.7
+++ common/textfile.c 9 Sep 2005 15:31:10 -0000
@@ -113,6 +113,15 @@
return err;
}
+static inline char *find_key(char *map, char *key, size_t len)
+{
+ char *off = strstr(map, key);
+
+ while (off && ((off > map && *(off - 1) != '\r' && *(off - 1) != '\n') || *(off + len) != ' '))
+ off = strstr(off + len, key);
+ return off;
+}
+
int textfile_put(char *pathname, char *key, char *value)
{
struct stat st;
@@ -148,7 +157,7 @@
goto unlock;
}
- off = strstr(map, key);
+ off = find_key(map, key, strlen(key));
if (!off) {
munmap(map, size);
pos = lseek(fd, size, SEEK_SET);
@@ -156,18 +165,6 @@
goto unlock;
}
- if (off > map) {
- while (*(off - 1) != '\r' && *(off - 1) != '\n') {
- off = strstr(off, key);
- if (!off) {
- munmap(map, size);
- pos = lseek(fd, size, SEEK_SET);
- err = write_key_value(fd, key, value);
- goto unlock;
- }
- }
- }
-
base = off - map;
end = strpbrk(off, "\r\n");
@@ -254,29 +251,19 @@
goto unlock;
}
- off = strstr(map, key);
+ len = strlen(key);
+ off = find_key(map, key, len);
if (!off) {
err = EILSEQ;
goto unmap;
}
- if (off > map) {
- while (*(off - 1) != '\r' && *(off - 1) != '\n') {
- off = strstr(off, key);
- if (!off) {
- err = EILSEQ;
- goto unmap;
- }
- }
- }
-
end = strpbrk(off, "\r\n");
if (!end) {
err = EILSEQ;
goto unmap;
}
- len = strlen(key);
str = malloc(end - off - len);
if (!str) {
err = EILSEQ;
next reply other threads:[~2005-09-09 16:52 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-09-09 16:52 Ville Nuorvala [this message]
2005-09-10 9:43 ` [Bluez-devel] [PATCH] Fix infinite loops in textfile.c Marcel Holtmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4321BDC2.70404@tcs.hut.fi \
--to=vnuorval@tcs.hut.fi \
--cc=bluez-devel@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.