From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Buesch <mbuesch@freenet.de>
Date: Tue, 24 Feb 2004 20:26:01 +0000
Subject: [PATCH] udev fix another buffer overrun
Message-Id: <200402242125.52122.mbuesch@freenet.de>
List-Id: <linux-hotplug.vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: linux-hotplug@vger.kernel.org

Hi,

This patch fixes just another possible buffer overrun
caused by the dangerous sprintf().

--- udev-add.c.orig	2004-02-24 21:17:51.000000000 +0100
+++ udev-add.c	2004-02-24 21:22:34.000000000 +0100
@@ -210,9 +210,14 @@
 		info("creating device partition nodes '%s[1-%i]'", filename, dev->partitions);
 		if (!fake) {
 			for (i = 1; i <= dev->partitions; i++) {
-				sprintf(partitionname, "%s%i", filename, i);
-				make_node(partitionname, dev->major,
-					  dev->minor + i, dev->mode, uid, gid);
+				retval = snprintf(partitionname, sizeof(partitionname),
+						  "%s%i", filename, i);
+				if (retval >= sizeof(partitionname)) {
+					dbg("partitionname buffer too small");
+				} else {
+					make_node(partitionname, dev->major,
+						  dev->minor + i, dev->mode, uid, gid);
+				}
 			}
 		}
 	}

--
Regards Michael Buesch  [ http://www.tuxsoft.de.vu ]



-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id56&alloc_id438&op=click
_______________________________________________
Linux-hotplug-devel mailing list  http://linux-hotplug.sourceforge.net
Linux-hotplug-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-hotplug-devel