From: Arun Bhanu <arun@codemovers.org>
To: linux-hotplug@vger.kernel.org
Subject: [PATCH] udev - read long lines from config files overflow fix
Date: Sat, 04 Sep 2004 17:08:54 +0000 [thread overview]
Message-ID: <20040904170854.GA12270@spock.enterprise> (raw)
A line containing more than 255 characters in any of the config files -
*.rules, *.permissions or udev.conf - causes udevstart to segfault while
reading them. To reproduce, put a comment line longer than 255
characters in any of the above files.
The following patch against udev-030 fixes it.
--Arun
Signed-off-by: Arun Bhanu <arun@codemovers.org>
diff -Nru a/klibc_fixups.c b/klibc_fixups.c
--- a/klibc_fixups.c 2004-07-10 01:59:09.000000000 +0800
+++ b/klibc_fixups.c 2004-09-04 22:39:13.871843632 +0800
@@ -41,7 +41,7 @@
static unsigned long get_id_by_name(const char *uname, const char *dbfile)
{
unsigned long id = -1;
- char line[255];
+ char line[MAXLINE_LEN+1];
char *buf;
size_t bufsize;
size_t cur;
@@ -50,6 +50,7 @@
char *name;
char *idstr;
char *tail;
+ size_t linelen;
if (file_map(dbfile, &buf, &bufsize) = 0) {
dbg("reading '%s' as db file", dbfile);
@@ -64,8 +65,9 @@
while (1) {
count = buf_get_line(buf, bufsize, cur);
- strncpy(line, buf + cur, count);
- line[count] = '\0';
+ linelen = (count > MAXLINE_LEN) ? MAXLINE_LEN : count;
+ strncpy(line, buf + cur, linelen);
+ line[linelen] = '\0';
pos = line;
cur += count+1;
diff -Nru a/namedev_parse.c b/namedev_parse.c
--- a/namedev_parse.c 2004-07-10 01:59:09.000000000 +0800
+++ b/namedev_parse.c 2004-09-04 22:11:07.567200904 +0800
@@ -144,7 +144,7 @@
static int namedev_parse_rules(char *filename)
{
- char line[255];
+ char line[MAXLINE_LEN+1];
int lineno;
char *temp;
char *temp2;
@@ -157,6 +157,7 @@
int program_given = 0;
int retval = 0;
struct config_device dev;
+ size_t linelen;
if (file_map(filename, &buf, &bufsize) = 0) {
dbg("reading '%s' as rules file", filename);
@@ -171,8 +172,9 @@
while (1) {
count = buf_get_line(buf, bufsize, cur);
- strncpy(line, buf + cur, count);
- line[count] = '\0';
+ linelen = (count > MAXLINE_LEN) ? MAXLINE_LEN : count;
+ strncpy(line, buf + cur, linelen);
+ line[linelen] = '\0';
temp = line;
lineno++;
@@ -324,7 +326,7 @@
static int namedev_parse_permissions(char *filename)
{
- char line[255];
+ char line[MAXLINE_LEN+1];
char *temp;
char *temp2;
char *buf;
@@ -333,6 +335,7 @@
size_t count;
int retval = 0;
struct perm_device dev;
+ size_t linelen;
if (file_map(filename, &buf, &bufsize) = 0) {
dbg("reading '%s' as permissions file", filename);
@@ -346,8 +349,9 @@
while (1) {
count = buf_get_line(buf, bufsize, cur);
- strncpy(line, buf + cur, count);
- line[count] = '\0';
+ linelen = (count > MAXLINE_LEN) ? MAXLINE_LEN : count;
+ strncpy(line, buf + cur, linelen);
+ line[linelen] = '\0';
temp = line;
cur += count+1;
diff -Nru a/udev.h b/udev.h
--- a/udev.h 2004-07-10 01:59:10.000000000 +0800
+++ b/udev.h 2004-09-04 03:18:33.000000000 +0800
@@ -36,6 +36,7 @@
#define ACTION_SIZE 30
#define DEVPATH_SIZE 255
#define SUBSYSTEM_SIZE 30
+#define MAXLINE_LEN 255
/* length of public data */
#define UDEVICE_LEN (offsetof(struct udevice, bus_id))
diff -Nru a/udev_config.c b/udev_config.c
--- a/udev_config.c 2004-07-10 01:59:09.000000000 +0800
+++ b/udev_config.c 2004-09-04 22:25:38.462804648 +0800
@@ -127,7 +127,7 @@
static int parse_config_file(void)
{
- char line[255];
+ char line[MAXLINE_LEN+1];
char *temp;
char *variable;
char *value;
@@ -137,6 +137,7 @@
size_t count;
int lineno;
int retval = 0;
+ size_t linelen;
if (file_map(udev_config_filename, &buf, &bufsize) = 0) {
dbg("reading '%s' as config file", udev_config_filename);
@@ -151,8 +152,9 @@
while (1) {
count = buf_get_line(buf, bufsize, cur);
- strncpy(line, buf + cur, count);
- line[count] = '\0';
+ linelen = (count > MAXLINE_LEN) ? MAXLINE_LEN : count;
+ strncpy(line, buf + cur, linelen);
+ line[linelen] = '\0';
temp = line;
lineno++;
-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47&alloc_id\x10808&op=click
_______________________________________________
Linux-hotplug-devel mailing list http://linux-hotplug.sourceforge.net
Linux-hotplug-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-hotplug-devel
next reply other threads:[~2004-09-04 17:08 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-09-04 17:08 Arun Bhanu [this message]
2004-09-04 21:12 ` [PATCH] udev - read long lines from config files overflow fix Kay Sievers
2004-09-05 18:28 ` Arun Bhanu
2004-09-05 18:51 ` Kay Sievers
2004-09-10 20:03 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040904170854.GA12270@spock.enterprise \
--to=arun@codemovers.org \
--cc=linux-hotplug@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).