From mboxrd@z Thu Jan 1 00:00:00 1970 From: Kay Sievers Date: Tue, 17 Feb 2004 19:47:04 +0000 Subject: Re: [PATCH] symlink name and possible overflow in create_node() Message-Id: <20040217194704.GA7890@vrfy.org> List-Id: References: <20040217190010.GA9773@suse.de> In-Reply-To: <20040217190010.GA9773@suse.de> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: linux-hotplug@vger.kernel.org On Tue, Feb 17, 2004 at 11:22:21AM -0800, Johannes Erdfelt wrote: > On Tue, Feb 17, 2004, Olaf Hering wrote: > > the filename array might overflow if I interpret the strncat man page correctly. > > > > --- ./udev-add.c~ 2004-02-16 22:58:24.000000000 +0100 > > +++ ./udev-add.c 2004-02-17 19:56:56.000000000 +0100 > > @@ -146,7 +146,7 @@ static int create_node(struct udevice *d > > int tail; > > > > strncpy(filename, udev_root, sizeof(filename)); > > - strncat(filename, dev->name, sizeof(filename)); > > + strncat(filename, dev->name, sizeof(filename) - strlen(filename)); > > > > switch (dev->type) { > > case 'b': > > strncpy/strncat don't null terminate strings if it hits the maximum > size. Looks like all of those calls need some code explicitly null > terminate the strings as well. Oh, we have strfieldcpy() for this. Maybe we should have strfieldcat() too. Anyone, who wants to send a patch? :) thanks, Kay ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id56&alloc_id438&op=click _______________________________________________ Linux-hotplug-devel mailing list http://linux-hotplug.sourceforge.net Linux-hotplug-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-hotplug-devel