From mboxrd@z Thu Jan 1 00:00:00 1970 From: Kay Sievers Date: Tue, 24 Feb 2004 22:57:35 +0000 Subject: Re: [PATCH] udev fix another buffer overrun Message-Id: <1077663455.1200.3.camel@pim> List-Id: References: <200402242125.52122.mbuesch@freenet.de> In-Reply-To: <200402242125.52122.mbuesch@freenet.de> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: linux-hotplug@vger.kernel.org On Tue, 2004-02-24 at 21:26, Michael Buesch wrote: > Hi, > > This patch fixes just another possible buffer overrun > caused by the dangerous sprintf(). The name can only be 100 bytes long and partitionname is 255 long, so it's really theroretical. But I will look at it in the next round of string-patches thanks, Kay > --- udev-add.c.orig 2004-02-24 21:17:51.000000000 +0100 > +++ udev-add.c 2004-02-24 21:22:34.000000000 +0100 > @@ -210,9 +210,14 @@ > info("creating device partition nodes '%s[1-%i]'", filename, dev->partitions); > if (!fake) { > for (i = 1; i <= dev->partitions; i++) { > - sprintf(partitionname, "%s%i", filename, i); > - make_node(partitionname, dev->major, > - dev->minor + i, dev->mode, uid, gid); > + retval = snprintf(partitionname, sizeof(partitionname), > + "%s%i", filename, i); > + if (retval >= sizeof(partitionname)) { > + dbg("partitionname buffer too small"); > + } else { > + make_node(partitionname, dev->major, > + dev->minor + i, dev->mode, uid, gid); > + } > } > } > } ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id56&alloc_id438&op=click _______________________________________________ Linux-hotplug-devel mailing list http://linux-hotplug.sourceforge.net Linux-hotplug-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-hotplug-devel