Re: [PATCH] fix segfault when lvm.conf is truncated.

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Zdenek Kabelac <zdenek.kabelac@gmail.com>
To: device-mapper development <dm-devel@redhat.com>
Cc: dongmao zhang <dmzhang@suse.com>
Subject: Re: [PATCH] fix segfault when lvm.conf is truncated.
Date: Tue, 05 Feb 2013 09:24:42 +0100	[thread overview]
Message-ID: <5110C1CA.1020002@gmail.com> (raw)
In-Reply-To: <1359537319-14106-1-git-send-email-dmzhang@suse.com>

Dne 30.1.2013 10:15, dongmao zhang napsal(a):
> When /etc/lvm/lvm.conf is truncated at the first '"' of a line, all LVM
> utilities crash with a segfault.
>
> The segfault only seems to occur if the last character is the first '"'
> (double quote) of a line. If you truncate it at any other point, lvm detects the
> error and report parse error
>
> lvm.conf ends like this.
>
> root#hexdump -C lvm.conf|tail
> 00000220  69 72 20 3d 20 22 2f 64  65 76 22 0a 0a 0a 20 20  |ir = "/dev"...  |
> 00000230  20 20 23 20 41 6e 20 61  72 72 61 79 20 6f 66 20  |  # An array of |
> 00000240  64 69 72 65 63 74 6f 72  69 65 73 20 74 68 61 74  |directories that|
> 00000250  20 63 6f 6e 74 61 69 6e  20 74 68 65 20 64 65 76  | contain the dev|
> 00000260  69 63 65 20 6e 6f 64 65  73 20 79 6f 75 20 77 69  |ice nodes you wi|
> 00000270  73 68 0a 20 20 20 20 23  20 74 6f 20 75 73 65 20  |sh.    # to use |
> 00000280  77 69 74 68 20 4c 56 4d  32 2e 0a 20 20 20 20 73  |with LVM2..  s|
> 00000290  63 61 6e 20 3d 20 5b 20  22 2f 78 22 2c 0a 20 20  |can = [ "/x",.  |
> 000002a0  20 20 20 20 20 20 20 20  20 20 20 22              | "|
>
> The fix is check p->tb and p->te in function _dup_tok. If in
> this situation, the len would be less than zero.
>
> Signed-off-by: dongmao zhang <dmzhang@suse.com>
> ---
>   libdm/libdm-config.c |    7 ++++++-
>   1 files changed, 6 insertions(+), 1 deletions(-)

Thanks for report.
Updated version committed upstream:

https://www.redhat.com/archives/lvm-devel/2013-February/msg00014.html

Zdenek

     prev parent reply	other threads:[~2013-02-05  8:24 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-01-30  9:15 [PATCH] fix segfault when lvm.conf is truncated dongmao zhang
2013-02-05  8:24 ` Zdenek Kabelac [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5110C1CA.1020002@gmail.com \
    --to=zdenek.kabelac@gmail.com \
    --cc=dm-devel@redhat.com \
    --cc=dmzhang@suse.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.