From mboxrd@z Thu Jan 1 00:00:00 1970 From: Sergey Vlasov Date: Thu, 01 Feb 2007 15:06:18 +0000 Subject: [PATCH 0/3] Fix bugs in udev_rules_apply_format() Message-Id: <1170342381867-git-send-email-vsu@altlinux.ru> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: linux-hotplug@vger.kernel.org Hello! Here are fixes for several bugs in udev_rules_apply_format(): 1) fix handling of unknown format elements 2) don't overflow the buffer when truncating substituted string 3) do not process substituted value as format string Without these fixes (especially the last one) udev behaves strangely when substituting some values (due to reinterpretation of the substituted string as a format string, which may then abuse the first two bugs). The problem may be triggered, e.g., by attaching an USB storage device with a label containing '$' or '%' characters. Combined diffstat of all patches: udev_rules.c | 7 ++++++- 1 files changed, 6 insertions(+), 1 deletions(-) If you prefer, you may pull these changes from the following git repo and branch (based on release 104): git://git.altlinux.org/people/vsu/packages/udev.git alt-format-fixes (also available over http: and rsync:, but not really useful due to packing). -- Sergey Vlasov ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid0709&bid&3057&dat1642 _______________________________________________ Linux-hotplug-devel mailing list http://linux-hotplug.sourceforge.net Linux-hotplug-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-hotplug-devel