From mboxrd@z Thu Jan 1 00:00:00 1970 From: Arun Bhanu Date: Sat, 04 Sep 2004 17:08:54 +0000 Subject: [PATCH] udev - read long lines from config files overflow fix Message-Id: <20040904170854.GA12270@spock.enterprise> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: linux-hotplug@vger.kernel.org A line containing more than 255 characters in any of the config files - *.rules, *.permissions or udev.conf - causes udevstart to segfault while reading them. To reproduce, put a comment line longer than 255 characters in any of the above files. The following patch against udev-030 fixes it. --Arun Signed-off-by: Arun Bhanu diff -Nru a/klibc_fixups.c b/klibc_fixups.c --- a/klibc_fixups.c 2004-07-10 01:59:09.000000000 +0800 +++ b/klibc_fixups.c 2004-09-04 22:39:13.871843632 +0800 @@ -41,7 +41,7 @@ static unsigned long get_id_by_name(const char *uname, const char *dbfile) { unsigned long id = -1; - char line[255]; + char line[MAXLINE_LEN+1]; char *buf; size_t bufsize; size_t cur; @@ -50,6 +50,7 @@ char *name; char *idstr; char *tail; + size_t linelen; if (file_map(dbfile, &buf, &bufsize) = 0) { dbg("reading '%s' as db file", dbfile); @@ -64,8 +65,9 @@ while (1) { count = buf_get_line(buf, bufsize, cur); - strncpy(line, buf + cur, count); - line[count] = '\0'; + linelen = (count > MAXLINE_LEN) ? MAXLINE_LEN : count; + strncpy(line, buf + cur, linelen); + line[linelen] = '\0'; pos = line; cur += count+1; diff -Nru a/namedev_parse.c b/namedev_parse.c --- a/namedev_parse.c 2004-07-10 01:59:09.000000000 +0800 +++ b/namedev_parse.c 2004-09-04 22:11:07.567200904 +0800 @@ -144,7 +144,7 @@ static int namedev_parse_rules(char *filename) { - char line[255]; + char line[MAXLINE_LEN+1]; int lineno; char *temp; char *temp2; @@ -157,6 +157,7 @@ int program_given = 0; int retval = 0; struct config_device dev; + size_t linelen; if (file_map(filename, &buf, &bufsize) = 0) { dbg("reading '%s' as rules file", filename); @@ -171,8 +172,9 @@ while (1) { count = buf_get_line(buf, bufsize, cur); - strncpy(line, buf + cur, count); - line[count] = '\0'; + linelen = (count > MAXLINE_LEN) ? MAXLINE_LEN : count; + strncpy(line, buf + cur, linelen); + line[linelen] = '\0'; temp = line; lineno++; @@ -324,7 +326,7 @@ static int namedev_parse_permissions(char *filename) { - char line[255]; + char line[MAXLINE_LEN+1]; char *temp; char *temp2; char *buf; @@ -333,6 +335,7 @@ size_t count; int retval = 0; struct perm_device dev; + size_t linelen; if (file_map(filename, &buf, &bufsize) = 0) { dbg("reading '%s' as permissions file", filename); @@ -346,8 +349,9 @@ while (1) { count = buf_get_line(buf, bufsize, cur); - strncpy(line, buf + cur, count); - line[count] = '\0'; + linelen = (count > MAXLINE_LEN) ? MAXLINE_LEN : count; + strncpy(line, buf + cur, linelen); + line[linelen] = '\0'; temp = line; cur += count+1; diff -Nru a/udev.h b/udev.h --- a/udev.h 2004-07-10 01:59:10.000000000 +0800 +++ b/udev.h 2004-09-04 03:18:33.000000000 +0800 @@ -36,6 +36,7 @@ #define ACTION_SIZE 30 #define DEVPATH_SIZE 255 #define SUBSYSTEM_SIZE 30 +#define MAXLINE_LEN 255 /* length of public data */ #define UDEVICE_LEN (offsetof(struct udevice, bus_id)) diff -Nru a/udev_config.c b/udev_config.c --- a/udev_config.c 2004-07-10 01:59:09.000000000 +0800 +++ b/udev_config.c 2004-09-04 22:25:38.462804648 +0800 @@ -127,7 +127,7 @@ static int parse_config_file(void) { - char line[255]; + char line[MAXLINE_LEN+1]; char *temp; char *variable; char *value; @@ -137,6 +137,7 @@ size_t count; int lineno; int retval = 0; + size_t linelen; if (file_map(udev_config_filename, &buf, &bufsize) = 0) { dbg("reading '%s' as config file", udev_config_filename); @@ -151,8 +152,9 @@ while (1) { count = buf_get_line(buf, bufsize, cur); - strncpy(line, buf + cur, count); - line[count] = '\0'; + linelen = (count > MAXLINE_LEN) ? MAXLINE_LEN : count; + strncpy(line, buf + cur, linelen); + line[linelen] = '\0'; temp = line; lineno++; ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47&alloc_id808&op=click _______________________________________________ Linux-hotplug-devel mailing list http://linux-hotplug.sourceforge.net Linux-hotplug-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-hotplug-devel