* Re: [PATCH] udev - read long lines from config files overflow fix
2004-09-04 17:08 [PATCH] udev - read long lines from config files overflow fix Arun Bhanu
@ 2004-09-04 21:12 ` Kay Sievers
2004-09-05 18:28 ` Arun Bhanu
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: Kay Sievers @ 2004-09-04 21:12 UTC (permalink / raw)
To: linux-hotplug
[-- Attachment #1: Type: text/plain, Size: 1027 bytes --]
On Sun, Sep 05, 2004 at 01:08:54AM +0800, Arun Bhanu wrote:
> A line containing more than 255 characters in any of the config files -
> *.rules, *.permissions or udev.conf - causes udevstart to segfault while
> reading them. To reproduce, put a comment line longer than 255
> characters in any of the above files.
>
> The following patch against udev-030 fixes it.
Cool, a real bug :)
Thanks, for the patch. I think it would be better to skip lenghth exceeding
lines instead of cutting it and continue. While looking at it I restructured
the buffer reading logic a bit and fixed another stupid bug.
o Lines with a exceeding length are skipped.
o we now skip empty lines, comment lines and leading whitespace before
we copy over our line string to parse.
o Fix for another bug. If we don't find any valuable key in a line, we
need to skip this line completely and not assume that this is a ignore
rule.
o Send line parsing errors to log, as nobody will ever notice it without
recompilation of udev
Thanks,
Kay
[-- Attachment #2: udev-line-bug-01.patch --]
[-- Type: text/plain, Size: 8190 bytes --]
===== klibc_fixups.c 1.10 vs edited =====
--- 1.10/klibc_fixups.c 2004-05-21 06:12:37 +02:00
+++ edited/klibc_fixups.c 2004-09-04 23:03:30 +02:00
@@ -41,8 +41,9 @@
static unsigned long get_id_by_name(const char *uname, const char *dbfile)
{
unsigned long id = -1;
- char line[255];
+ char line[LINE_SIZE];
char *buf;
+ char *bufline;
size_t bufsize;
size_t cur;
size_t count;
@@ -59,18 +60,18 @@ static unsigned long get_id_by_name(cons
}
/* loop through the whole file */
-
cur = 0;
- while (1) {
+ while (cur < bufsize) {
count = buf_get_line(buf, bufsize, cur);
+ bufline = &buf[cur];
+ cur += count+1;
+
+ if (count >= LINE_SIZE)
+ continue;
- strncpy(line, buf + cur, count);
+ strncpy(line, bufline, count);
line[count] = '\0';
pos = line;
-
- cur += count+1;
- if (cur > bufsize)
- break;
/* get name */
name = strsep(&pos, ":");
===== namedev_parse.c 1.34 vs edited =====
--- 1.34/namedev_parse.c 2004-03-25 14:10:52 +01:00
+++ edited/namedev_parse.c 2004-09-04 22:24:14 +02:00
@@ -58,7 +58,7 @@ void dump_config_dev(struct config_devic
{
dbg_parse("name='%s', symlink='%s', bus='%s', place='%s', id='%s', "
"sysfs_file[0]='%s', sysfs_value[0]='%s', "
- "kernel='%s', program='%s', result='%s'",
+ "kernel='%s', program='%s', result='%s'"
"owner='%s', group='%s', mode=%#o",
dev->name, dev->symlink, dev->bus, dev->place, dev->id,
dev->sysfs_pair[0].file, dev->sysfs_pair[0].value,
@@ -144,7 +144,8 @@ static char *get_key_attribute(char *str
static int namedev_parse_rules(char *filename)
{
- char line[255];
+ char line[LINE_SIZE];
+ char *bufline;
int lineno;
char *temp;
char *temp2;
@@ -155,6 +156,7 @@ static int namedev_parse_rules(char *fil
size_t cur;
size_t count;
int program_given = 0;
+ int valid;
int retval = 0;
struct config_device dev;
@@ -168,35 +170,39 @@ static int namedev_parse_rules(char *fil
/* loop through the whole file */
cur = 0;
lineno = 0;
- while (1) {
+ while (cur < bufsize) {
count = buf_get_line(buf, bufsize, cur);
-
- strncpy(line, buf + cur, count);
- line[count] = '\0';
- temp = line;
- lineno++;
-
+ bufline = &buf[cur];
cur += count+1;
- if (cur > bufsize)
- break;
-
- dbg_parse("read '%s'", temp);
+ lineno++;
- /* eat the whitespace */
- while (isspace(*temp))
- ++temp;
+ if (count >= LINE_SIZE) {
+ info("line too long, rule skipped %s, line %d",
+ filename, lineno);
+ continue;
+ }
/* empty line? */
- if ((*temp == '\0') || (*temp == '\n'))
+ if (bufline[0] == '\0' || bufline[0] == '\n')
continue;
+ /* eat the whitespace */
+ while (isspace(bufline[0]))
+ bufline++;
+
/* see if this is a comment */
- if (*temp == COMMENT_CHARACTER)
+ if (bufline[0] == COMMENT_CHARACTER)
continue;
- memset(&dev, 0x00, sizeof(struct config_device));
+ strncpy(line, bufline, count);
+ line[count] = '\0';
+ dbg_parse("read '%s'", line);
/* get all known keys */
+ memset(&dev, 0x00, sizeof(struct config_device));
+ temp = line;
+ valid = 0;
+
while (1) {
retval = parse_get_pair(&temp, &temp2, &temp3);
if (retval)
@@ -204,16 +210,19 @@ static int namedev_parse_rules(char *fil
if (strcasecmp(temp2, FIELD_BUS) == 0) {
strfieldcpy(dev.bus, temp3);
+ valid = 1;
continue;
}
if (strcasecmp(temp2, FIELD_ID) == 0) {
strfieldcpy(dev.id, temp3);
+ valid = 1;
continue;
}
if (strcasecmp(temp2, FIELD_PLACE) == 0) {
strfieldcpy(dev.place, temp3);
+ valid = 1;
continue;
}
@@ -238,54 +247,62 @@ static int namedev_parse_rules(char *fil
}
strfieldcpy(pair->file, attr);
strfieldcpy(pair->value, temp3);
+ valid = 1;
}
continue;
}
if (strcasecmp(temp2, FIELD_KERNEL) == 0) {
strfieldcpy(dev.kernel, temp3);
+ valid = 1;
continue;
}
if (strcasecmp(temp2, FIELD_PROGRAM) == 0) {
program_given = 1;
strfieldcpy(dev.program, temp3);
+ valid = 1;
continue;
}
if (strcasecmp(temp2, FIELD_RESULT) == 0) {
strfieldcpy(dev.result, temp3);
+ valid = 1;
continue;
}
if (strncasecmp(temp2, FIELD_NAME, sizeof(FIELD_NAME)-1) == 0) {
attr = get_key_attribute(temp2 + sizeof(FIELD_NAME)-1);
- if (attr != NULL)
- if (strcasecmp(attr, ATTR_PARTITIONS) == 0) {
+ if (attr != NULL && strcasecmp(attr, ATTR_PARTITIONS) == 0) {
dbg_parse("creation of partition nodes requested");
dev.partitions = PARTITIONS_COUNT;
}
strfieldcpy(dev.name, temp3);
+ valid = 1;
continue;
}
if (strcasecmp(temp2, FIELD_SYMLINK) == 0) {
strfieldcpy(dev.symlink, temp3);
+ valid = 1;
continue;
}
if (strcasecmp(temp2, FIELD_OWNER) == 0) {
strfieldcpy(dev.owner, temp3);
+ valid = 1;
continue;
}
if (strcasecmp(temp2, FIELD_GROUP) == 0) {
strfieldcpy(dev.group, temp3);
+ valid = 1;
continue;
}
if (strcasecmp(temp2, FIELD_MODE) == 0) {
dev.mode = strtol(temp3, NULL, 8);
+ valid = 1;
continue;
}
@@ -293,16 +310,20 @@ static int namedev_parse_rules(char *fil
goto error;
}
+ /* skip line if not any valid key was found */
+ if (!valid)
+ goto error;
+
/* simple plausibility checks for given keys */
if ((dev.sysfs_pair[0].file[0] == '\0') ^
(dev.sysfs_pair[0].value[0] == '\0')) {
- dbg("inconsistency in " FIELD_SYSFS " key");
+ info("inconsistency in " FIELD_SYSFS " key");
goto error;
}
if ((dev.result[0] != '\0') && (program_given == 0)) {
- dbg(FIELD_RESULT " is only useful when "
- FIELD_PROGRAM " is called in any rule before");
+ info(FIELD_RESULT " is only useful when "
+ FIELD_PROGRAM " is called in any rule before");
goto error;
}
@@ -313,8 +334,8 @@ static int namedev_parse_rules(char *fil
dbg("add_config_dev returned with error %d", retval);
continue;
error:
- dbg("%s:%d:%d: parse error, rule skipped",
- filename, lineno, temp - line);
+ info("parse error %s, line %d:%d, rule skipped",
+ filename, lineno, temp - line);
}
}
@@ -324,7 +345,8 @@ error:
static int namedev_parse_permissions(char *filename)
{
- char line[255];
+ char line[LINE_SIZE];
+ char *bufline;
char *temp;
char *temp2;
char *buf;
@@ -333,6 +355,7 @@ static int namedev_parse_permissions(cha
size_t count;
int retval = 0;
struct perm_device dev;
+ int lineno;
if (file_map(filename, &buf, &bufsize) == 0) {
dbg("reading '%s' as permissions file", filename);
@@ -343,34 +366,39 @@ static int namedev_parse_permissions(cha
/* loop through the whole file */
cur = 0;
- while (1) {
+ lineno = 0;
+ while (cur < bufsize) {
count = buf_get_line(buf, bufsize, cur);
-
- strncpy(line, buf + cur, count);
- line[count] = '\0';
- temp = line;
-
+ bufline = &buf[cur];
cur += count+1;
- if (cur > bufsize)
- break;
-
- dbg_parse("read '%s'", temp);
+ lineno++;
- /* eat the whitespace at the beginning of the line */
- while (isspace(*temp))
- ++temp;
+ if (count >= LINE_SIZE) {
+ info("line too long, rule skipped %s, line %d",
+ filename, lineno);
+ continue;
+ }
/* empty line? */
- if ((*temp == '\0') || (*temp == '\n'))
+ if (bufline[0] == '\0' || bufline[0] == '\n')
continue;
+ /* eat the whitespace */
+ while (isspace(bufline[0]))
+ bufline++;
+
/* see if this is a comment */
- if (*temp == COMMENT_CHARACTER)
+ if (bufline[0] == COMMENT_CHARACTER)
continue;
- memset(&dev, 0x00, sizeof(dev));
+ strncpy(line, bufline, count);
+ line[count] = '\0';
+ dbg_parse("read '%s'", line);
/* parse the line */
+ memset(&dev, 0x00, sizeof(struct perm_device));
+ temp = line;
+
temp2 = strsep(&temp, ":");
if (!temp2) {
dbg("cannot parse line '%s'", line);
===== udev.h 1.58 vs edited =====
--- 1.58/udev.h 2004-08-05 00:43:58 +02:00
+++ edited/udev.h 2004-09-04 19:30:25 +02:00
@@ -37,6 +37,8 @@
#define DEVPATH_SIZE 255
#define SUBSYSTEM_SIZE 30
+#define LINE_SIZE 256
+
/* length of public data */
#define UDEVICE_LEN (offsetof(struct udevice, bus_id))
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: [PATCH] udev - read long lines from config files overflow fix
2004-09-04 17:08 [PATCH] udev - read long lines from config files overflow fix Arun Bhanu
2004-09-04 21:12 ` Kay Sievers
@ 2004-09-05 18:28 ` Arun Bhanu
2004-09-05 18:51 ` Kay Sievers
2004-09-10 20:03 ` Greg KH
3 siblings, 0 replies; 5+ messages in thread
From: Arun Bhanu @ 2004-09-05 18:28 UTC (permalink / raw)
To: linux-hotplug
Hi Kay,
On 23:12 Sat 04 Sep , Kay Sievers wrote:
> Cool, a real bug :)
> Thanks, for the patch. I think it would be better to skip lenghth exceeding
> lines instead of cutting it and continue. While looking at it I restructured
> the buffer reading logic a bit and fixed another stupid bug.
Thanks for the cleanup.
You may have overlooked the fix for udev_config.c(parsing udev.conf) in
your patch. So, I've adapted the fixes you applied to namedev_parse.c
to this file also.
Also, while 'eating' the whitespace the 'count' doesn't get decremented.
This leads strncpy to copy the number of whitespace minus 1 characters
from the next line. Minus 1 because it copies '\n' from the current
line.
while (isspace(bufline[0])) {
bufline++;
+ count--;
}
.
.
.
strncpy(line, bufline, count);
Included patch(against udev-030) contains the above fixes as well as
your fixes.
--Arun
Signed-off-by: Arun Bhanu <arun@codemovers.org>
diff -Nru a/klibc_fixups.c b/klibc_fixups.c
--- a/klibc_fixups.c 2004-07-10 01:59:09.000000000 +0800
+++ b/klibc_fixups.c 2004-09-05 17:41:34.000000000 +0800
@@ -41,8 +41,9 @@
static unsigned long get_id_by_name(const char *uname, const char *dbfile)
{
unsigned long id = -1;
- char line[255];
+ char line[LINE_SIZE];
char *buf;
+ char *bufline;
size_t bufsize;
size_t cur;
size_t count;
@@ -59,19 +60,19 @@
}
/* loop through the whole file */
-
cur = 0;
- while (1) {
+ while (cur < bufsize) {
count = buf_get_line(buf, bufsize, cur);
+ bufline = &buf[cur];
+ cur += count+1;
+
+ if (count >= LINE_SIZE)
+ continue;
- strncpy(line, buf + cur, count);
+ strncpy(line, bufline, count);
line[count] = '\0';
pos = line;
- cur += count+1;
- if (cur > bufsize)
- break;
-
/* get name */
name = strsep(&pos, ":");
if (name = NULL)
diff -Nru a/namedev_parse.c b/namedev_parse.c
--- a/namedev_parse.c 2004-07-10 01:59:09.000000000 +0800
+++ b/namedev_parse.c 2004-09-06 01:26:25.153941464 +0800
@@ -58,7 +58,7 @@
{
dbg_parse("name='%s', symlink='%s', bus='%s', place='%s', id='%s', "
"sysfs_file[0]='%s', sysfs_value[0]='%s', "
- "kernel='%s', program='%s', result='%s'",
+ "kernel='%s', program='%s', result='%s'"
"owner='%s', group='%s', mode=%#o",
dev->name, dev->symlink, dev->bus, dev->place, dev->id,
dev->sysfs_pair[0].file, dev->sysfs_pair[0].value,
@@ -144,7 +144,8 @@
static int namedev_parse_rules(char *filename)
{
- char line[255];
+ char line[LINE_SIZE];
+ char *bufline;
int lineno;
char *temp;
char *temp2;
@@ -155,6 +156,7 @@
size_t cur;
size_t count;
int program_given = 0;
+ int valid;
int retval = 0;
struct config_device dev;
@@ -168,35 +170,41 @@
/* loop through the whole file */
cur = 0;
lineno = 0;
- while (1) {
+ while (cur < bufsize) {
count = buf_get_line(buf, bufsize, cur);
-
- strncpy(line, buf + cur, count);
- line[count] = '\0';
- temp = line;
- lineno++;
-
+ bufline = &buf[cur];
cur += count+1;
- if (cur > bufsize)
- break;
-
- dbg_parse("read '%s'", temp);
+ lineno++;
- /* eat the whitespace */
- while (isspace(*temp))
- ++temp;
+ if (count >= LINE_SIZE) {
+ info("line too long, rule skipped %s, line %d",
+ filename, lineno);
+ continue;
+ }
/* empty line? */
- if ((*temp = '\0') || (*temp = '\n'))
+ if (bufline[0] = '\0' || bufline[0] = '\n')
continue;
+ /* eat the whitespace */
+ while (isspace(bufline[0])) {
+ bufline++;
+ count--;
+ }
+
/* see if this is a comment */
- if (*temp = COMMENT_CHARACTER)
+ if (bufline[0] = COMMENT_CHARACTER)
continue;
- memset(&dev, 0x00, sizeof(struct config_device));
+ strncpy(line, bufline, count);
+ line[count] = '\0';
+ dbg_parse("read '%s'", line);
/* get all known keys */
+ memset(&dev, 0x00, sizeof(struct config_device));
+ temp = line;
+ valid = 0;
+
while (1) {
retval = parse_get_pair(&temp, &temp2, &temp3);
if (retval)
@@ -204,16 +212,19 @@
if (strcasecmp(temp2, FIELD_BUS) = 0) {
strfieldcpy(dev.bus, temp3);
+ valid = 1;
continue;
}
if (strcasecmp(temp2, FIELD_ID) = 0) {
strfieldcpy(dev.id, temp3);
+ valid = 1;
continue;
}
if (strcasecmp(temp2, FIELD_PLACE) = 0) {
strfieldcpy(dev.place, temp3);
+ valid = 1;
continue;
}
@@ -238,54 +249,62 @@
}
strfieldcpy(pair->file, attr);
strfieldcpy(pair->value, temp3);
+ valid = 1;
}
continue;
}
if (strcasecmp(temp2, FIELD_KERNEL) = 0) {
strfieldcpy(dev.kernel, temp3);
+ valid = 1;
continue;
}
if (strcasecmp(temp2, FIELD_PROGRAM) = 0) {
program_given = 1;
strfieldcpy(dev.program, temp3);
+ valid = 1;
continue;
}
if (strcasecmp(temp2, FIELD_RESULT) = 0) {
strfieldcpy(dev.result, temp3);
+ valid = 1;
continue;
}
if (strncasecmp(temp2, FIELD_NAME, sizeof(FIELD_NAME)-1) = 0) {
attr = get_key_attribute(temp2 + sizeof(FIELD_NAME)-1);
- if (attr != NULL)
- if (strcasecmp(attr, ATTR_PARTITIONS) = 0) {
+ if (attr != NULL && strcasecmp(attr, ATTR_PARTITIONS) = 0) {
dbg_parse("creation of partition nodes requested");
dev.partitions = PARTITIONS_COUNT;
}
strfieldcpy(dev.name, temp3);
+ valid = 1;
continue;
}
if (strcasecmp(temp2, FIELD_SYMLINK) = 0) {
strfieldcpy(dev.symlink, temp3);
+ valid = 1;
continue;
}
if (strcasecmp(temp2, FIELD_OWNER) = 0) {
strfieldcpy(dev.owner, temp3);
+ valid = 1;
continue;
}
if (strcasecmp(temp2, FIELD_GROUP) = 0) {
strfieldcpy(dev.group, temp3);
+ valid = 1;
continue;
}
if (strcasecmp(temp2, FIELD_MODE) = 0) {
dev.mode = strtol(temp3, NULL, 8);
+ valid = 1;
continue;
}
@@ -293,16 +312,20 @@
goto error;
}
+ /* skip line if not any valid key was found */
+ if (!valid)
+ goto error;
+
/* simple plausibility checks for given keys */
if ((dev.sysfs_pair[0].file[0] = '\0') ^
(dev.sysfs_pair[0].value[0] = '\0')) {
- dbg("inconsistency in " FIELD_SYSFS " key");
+ info("inconsistency in " FIELD_SYSFS " key");
goto error;
}
if ((dev.result[0] != '\0') && (program_given = 0)) {
- dbg(FIELD_RESULT " is only useful when "
- FIELD_PROGRAM " is called in any rule before");
+ info(FIELD_RESULT " is only useful when "
+ FIELD_PROGRAM " is called in any rule before");
goto error;
}
@@ -313,8 +336,8 @@
dbg("add_config_dev returned with error %d", retval);
continue;
error:
- dbg("%s:%d:%d: parse error, rule skipped",
- filename, lineno, temp - line);
+ info("parse error %s, line %d:%d, rule skipped",
+ filename, lineno, temp - line);
}
}
@@ -324,7 +347,8 @@
static int namedev_parse_permissions(char *filename)
{
- char line[255];
+ char line[LINE_SIZE];
+ char *bufline;
char *temp;
char *temp2;
char *buf;
@@ -333,6 +357,7 @@
size_t count;
int retval = 0;
struct perm_device dev;
+ int lineno;
if (file_map(filename, &buf, &bufsize) = 0) {
dbg("reading '%s' as permissions file", filename);
@@ -343,34 +368,41 @@
/* loop through the whole file */
cur = 0;
- while (1) {
+ lineno = 0;
+ while (cur < bufsize) {
count = buf_get_line(buf, bufsize, cur);
-
- strncpy(line, buf + cur, count);
- line[count] = '\0';
- temp = line;
-
+ bufline = &buf[cur];
cur += count+1;
- if (cur > bufsize)
- break;
-
- dbg_parse("read '%s'", temp);
+ lineno++;
- /* eat the whitespace at the beginning of the line */
- while (isspace(*temp))
- ++temp;
+ if (count >= LINE_SIZE) {
+ info("line too long, rule skipped %s, line %d",
+ filename, lineno);
+ continue;
+ }
/* empty line? */
- if ((*temp = '\0') || (*temp = '\n'))
+ if (bufline[0] = '\0' || bufline[0] = '\n')
continue;
+ /* eat the whitespace */
+ while (isspace(bufline[0])) {
+ bufline++;
+ count--;
+ }
+
/* see if this is a comment */
- if (*temp = COMMENT_CHARACTER)
+ if (bufline[0] = COMMENT_CHARACTER)
continue;
- memset(&dev, 0x00, sizeof(dev));
+ strncpy(line, bufline, count);
+ line[count] = '\0';
+ dbg_parse("read '%s'", line);
/* parse the line */
+ memset(&dev, 0x00, sizeof(struct perm_device));
+ temp = line;
+
temp2 = strsep(&temp, ":");
if (!temp2) {
dbg("cannot parse line '%s'", line);
diff -Nru a/udev.h b/udev.h
--- a/udev.h 2004-07-10 01:59:10.000000000 +0800
+++ b/udev.h 2004-09-05 17:41:34.000000000 +0800
@@ -37,6 +37,8 @@
#define DEVPATH_SIZE 255
#define SUBSYSTEM_SIZE 30
+#define LINE_SIZE 256
+
/* length of public data */
#define UDEVICE_LEN (offsetof(struct udevice, bus_id))
diff -Nru a/udev_config.c b/udev_config.c
--- a/udev_config.c 2004-07-10 01:59:09.000000000 +0800
+++ b/udev_config.c 2004-09-06 01:26:57.346047520 +0800
@@ -127,7 +127,8 @@
static int parse_config_file(void)
{
- char line[255];
+ char line[LINE_SIZE];
+ char *bufline;
char *temp;
char *variable;
char *value;
@@ -148,32 +149,37 @@
/* loop through the whole file */
lineno = 0;
cur = 0;
- while (1) {
+ while (cur < bufsize) {
count = buf_get_line(buf, bufsize, cur);
-
- strncpy(line, buf + cur, count);
- line[count] = '\0';
- temp = line;
- lineno++;
-
+ bufline = &buf[cur];
cur += count+1;
- if (cur > bufsize)
- break;
-
- dbg_parse("read '%s'", temp);
+ lineno++;
- /* eat the whitespace at the beginning of the line */
- while (isspace(*temp))
- ++temp;
+ if (count >= LINE_SIZE) {
+ info("line too long, conf line skipped %s, line %d",
+ udev_config_filename, lineno);
+ continue;
+ }
/* empty line? */
- if (*temp = 0x00)
+ if (bufline[0] = '\0' || bufline[0] = '\n')
continue;
+ /* eat the whitespace */
+ while (isspace(bufline[0])) {
+ bufline++;
+ count--;
+ }
+
/* see if this is a comment */
- if (*temp = COMMENT_CHARACTER)
+ if (bufline[0] = COMMENT_CHARACTER)
continue;
+ strncpy(line, bufline, count);
+ line[count] = '\0';
+ temp = line;
+ dbg_parse("read '%s'", temp);
+
retval = parse_get_pair(&temp, &variable, &value);
if (retval != 0)
info("%s:%d:%Zd: error parsing '%s'",
-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47&alloc_id\x10808&op=click
_______________________________________________
Linux-hotplug-devel mailing list http://linux-hotplug.sourceforge.net
Linux-hotplug-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-hotplug-devel
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: [PATCH] udev - read long lines from config files overflow fix
2004-09-04 17:08 [PATCH] udev - read long lines from config files overflow fix Arun Bhanu
2004-09-04 21:12 ` Kay Sievers
2004-09-05 18:28 ` Arun Bhanu
@ 2004-09-05 18:51 ` Kay Sievers
2004-09-10 20:03 ` Greg KH
3 siblings, 0 replies; 5+ messages in thread
From: Kay Sievers @ 2004-09-05 18:51 UTC (permalink / raw)
To: linux-hotplug
On Mon, 2004-09-06 at 02:28 +0800, Arun Bhanu wrote:
> On 23:12 Sat 04 Sep , Kay Sievers wrote:
> > Cool, a real bug :)
> > Thanks, for the patch. I think it would be better to skip lenghth exceeding
> > lines instead of cutting it and continue. While looking at it I restructured
> > the buffer reading logic a bit and fixed another stupid bug.
> Thanks for the cleanup.
>
> You may have overlooked the fix for udev_config.c(parsing udev.conf) in
> your patch. So, I've adapted the fixes you applied to namedev_parse.c
> to this file also.
>
> Also, while 'eating' the whitespace the 'count' doesn't get decremented.
> This leads strncpy to copy the number of whitespace minus 1 characters
> from the next line. Minus 1 because it copies '\n' from the current
> line.
Huh, bad. Yeah, missed the first and broke the second, hope
nobody will drive a airplane with this software :)
Looks good, your patch! Many thanks,
Kay
-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47&alloc_id\x10808&op=click
_______________________________________________
Linux-hotplug-devel mailing list http://linux-hotplug.sourceforge.net
Linux-hotplug-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-hotplug-devel
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] udev - read long lines from config files overflow fix
2004-09-04 17:08 [PATCH] udev - read long lines from config files overflow fix Arun Bhanu
` (2 preceding siblings ...)
2004-09-05 18:51 ` Kay Sievers
@ 2004-09-10 20:03 ` Greg KH
3 siblings, 0 replies; 5+ messages in thread
From: Greg KH @ 2004-09-10 20:03 UTC (permalink / raw)
To: linux-hotplug
On Mon, Sep 06, 2004 at 02:28:11AM +0800, Arun Bhanu wrote:
> Hi Kay,
>
> On 23:12 Sat 04 Sep , Kay Sievers wrote:
> > Cool, a real bug :)
> > Thanks, for the patch. I think it would be better to skip lenghth exceeding
> > lines instead of cutting it and continue. While looking at it I restructured
> > the buffer reading logic a bit and fixed another stupid bug.
> Thanks for the cleanup.
>
> You may have overlooked the fix for udev_config.c(parsing udev.conf) in
> your patch. So, I've adapted the fixes you applied to namedev_parse.c
> to this file also.
>
> Also, while 'eating' the whitespace the 'count' doesn't get decremented.
> This leads strncpy to copy the number of whitespace minus 1 characters
> from the next line. Minus 1 because it copies '\n' from the current
> line.
>
> while (isspace(bufline[0])) {
> bufline++;
> + count--;
> }
> .
> .
> .
> strncpy(line, bufline, count);
>
> Included patch(against udev-030) contains the above fixes as well as
> your fixes.
Applied, thanks.
greg k-h
-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php
_______________________________________________
Linux-hotplug-devel mailing list http://linux-hotplug.sourceforge.net
Linux-hotplug-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-hotplug-devel
^ permalink raw reply [flat|nested] 5+ messages in thread