linux-hotplug.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Kay Sievers <kay.sievers@vrfy.org>
To: linux-hotplug@vger.kernel.org
Subject: [PATCH] udev - safer string handling - part two
Date: Thu, 26 Feb 2004 00:31:00 +0000	[thread overview]
Message-ID: <20040226003100.GA27025@vrfy.org> (raw)

[-- Attachment #1: Type: text/plain, Size: 555 bytes --]

As promised, here is the next round. We provide in addition to the
already used macros:

  strfieldcpy(to, from)
  strfieldcat(to, from)

the corresponding friends, if the size of the target is not known and
must be provided by the caller:

  strnfieldcpy(to, from, maxsize)
  strnfieldcat(to, from, maxsize)

and switch nearly all possibly unsafe users of strcat(), strncat(),
strcpy() and strncpy() to these safer macros.

The last known remaining issue seems the use of sprintf() and
snprintf(). I will take on it later today or tomorrow.

thanks,
Kay

[-- Attachment #2: 05-stringfield-next-round.patch --]
[-- Type: text/plain, Size: 4202 bytes --]

diff -Nru a/namedev.c b/namedev.c
--- a/namedev.c	Thu Feb 26 01:26:53 2004
+++ b/namedev.c	Thu Feb 26 01:26:53 2004
@@ -209,7 +209,9 @@
 	return -1;
 }
 
-static void apply_format(struct udevice *udev, unsigned char *string, struct sysfs_class_device *class_dev, struct sysfs_device *sysfs_device)
+static void apply_format(struct udevice *udev, char *string, size_t maxsize,
+			 struct sysfs_class_device *class_dev,
+			 struct sysfs_device *sysfs_device)
 {
 	char temp[NAME_SIZE];
 	char temp1[NAME_SIZE];
@@ -245,19 +247,19 @@
 		case 'b':
 			if (strlen(udev->bus_id) == 0)
 				break;
-			strcat(pos, udev->bus_id);
+			strnfieldcat(pos, udev->bus_id, maxsize);
 			dbg("substitute bus_id '%s'", udev->bus_id);
 			break;
 		case 'k':
 			if (strlen(udev->kernel_name) == 0)
 				break;
-			strcat(pos, udev->kernel_name);
+			strnfieldcat(pos, udev->kernel_name, maxsize);
 			dbg("substitute kernel name '%s'", udev->kernel_name);
 			break;
 		case 'n':
 			if (strlen(udev->kernel_number) == 0)
 				break;
-			strcat(pos, udev->kernel_number);
+			strnfieldcat(pos, udev->kernel_number, maxsize);
 			dbg("substitute kernel number '%s'", udev->kernel_number);
 				break;
 		case 'm':
@@ -287,11 +289,11 @@
 					}
 				}
 				if (pos3) {
-					strcat(pos, pos3);
+					strnfieldcat(pos, pos3, maxsize);
 					dbg("substitute part of result string '%s'", pos3);
 				}
 			} else {
-				strcat(pos, udev->program_result);
+				strnfieldcat(pos, udev->program_result, maxsize);
 				dbg("substitute result string '%s'", udev->program_result);
 			}
 			break;
@@ -302,20 +304,20 @@
 					dbg("sysfa attribute '%s' not found", attr);
 					break;
 				}
-				strcpy(pos, tmpattr->value);
+				strnfieldcpy(pos, tmpattr->value, maxsize);
 				dbg("substitute sysfs value '%s'", tmpattr->value);
 			} else {
 				dbg("missing attribute");
 			}
 			break;
 		case '%':
-			strcat(pos, "%");
+			strnfieldcat(pos, "%", maxsize);
 			break;
 		default:
 			dbg("unknown substitution type '%%%c'", c);
 			break;
 		}
-		strcat(pos, tail);
+		strnfieldcat(pos, tail, maxsize);
 	}
 }
 
@@ -452,7 +454,7 @@
 				strncpy(value, buffer, len);
 				pos = value + strlen(value)-1;
 				if (pos[0] == '\n')
-				pos[0] = '\0';
+					pos[0] = '\0';
 				dbg("result is '%s'", value);
 			}
 		}
@@ -724,7 +726,8 @@
 		/* execute external program */
 		if (dev->program[0] != '\0') {
 			dbg("check " FIELD_PROGRAM);
-			apply_format(udev, dev->program, class_dev, sysfs_device);
+			apply_format(udev, dev->program, sizeof(dev->program),
+				     class_dev, sysfs_device);
 			if (execute_program(dev->program, udev->program_result, NAME_SIZE) != 0) {
 				dbg(FIELD_PROGRAM " returned nozero");
 				goto try_parent;
@@ -816,8 +819,10 @@
 
 found:
 	/* substitute placeholder */
-	apply_format(udev, udev->name, class_dev, sysfs_device);
-	apply_format(udev, udev->symlink, class_dev, sysfs_device);
+	apply_format(udev, udev->name, sizeof(udev->name),
+		     class_dev, sysfs_device);
+	apply_format(udev, udev->symlink, sizeof(udev->symlink),
+		     class_dev, sysfs_device);
 	udev->partitions = dev->partitions;
 done:
 	perm = find_perm(udev->name);
diff -Nru a/udev.h b/udev.h
--- a/udev.h	Thu Feb 26 01:26:53 2004
+++ b/udev.h	Thu Feb 26 01:26:53 2004
@@ -64,7 +64,19 @@
 #define strfieldcat(to, from) \
 do { \
 	to[sizeof(to)-1] = '\0'; \
-	strncat(to, from, sizeof(to) - strlen(to) -1); \
+	strncat(to, from, sizeof(to) - strlen(to)-1); \
+} while (0)
+
+#define strnfieldcpy(to, from, maxsize) \
+do { \
+	to[maxsize-1] = '\0'; \
+	strncpy(to, from, maxsize-1); \
+} while (0)
+
+#define strnfieldcat(to, from, maxsize) \
+do { \
+	to[maxsize-1] = '\0'; \
+	strncat(to, from, maxsize - strlen(to)-1); \
 } while (0)
 
 extern int udev_add_device(char *path, char *subsystem, int fake);
diff -Nru a/udev_config.c b/udev_config.c
--- a/udev_config.c	Thu Feb 26 01:26:53 2004
+++ b/udev_config.c	Thu Feb 26 01:26:53 2004
@@ -81,7 +81,7 @@
 #define set_var(_name, _var)				\
 	if (strcasecmp(variable, _name) == 0) {		\
 		dbg_parse("%s = '%s'", _name, value);	\
-		strncpy(_var, value, sizeof(_var));	\
+		strnfieldcpy(_var, value, sizeof(_var));\
 	}
 
 #define set_bool(_name, _var)				\

             reply	other threads:[~2004-02-26  0:31 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-02-26  0:31 Kay Sievers [this message]
2004-02-26  2:22 ` [PATCH] udev - safer string handling - part three Kay Sievers
2004-02-26  4:26 ` [PATCH] udev - safer string handling - part four Kay Sievers
2004-02-26 20:56 ` [PATCH] udev - safer string handling - part two Greg KH
2004-02-26 20:56 ` [PATCH] udev - safer string handling - part three Greg KH
2004-02-26 20:57 ` [PATCH] udev - safer string handling - part four Greg KH
2004-02-26 22:42 ` Kay Sievers
2004-03-18 14:24 ` [PATCH] udev - safer string handling - part three Harald Hoyer
2004-03-18 14:39 ` Kay Sievers
2004-03-18 15:01 ` Harald Hoyer
2004-03-26 22:41 ` Kay Sievers
2004-03-29  8:09 ` Harald Hoyer

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20040226003100.GA27025@vrfy.org \
    --to=kay.sievers@vrfy.org \
    --cc=linux-hotplug@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).