From: Peter Cordes <peter@cordes.ca>
To: Theodore Ts'o <tytso@mit.edu>
Cc: util-linux@vger.kernel.org, Hornseth_Brenan@bah.com
Subject: Re: [PATCH] fsck: use xasprintf to avoid buffer overruns with an insane fs type
Date: Fri, 16 Feb 2018 11:55:05 -0400 [thread overview]
Message-ID: <20180216155505.GL9479@cordes.ca> (raw)
In-Reply-To: <20180215200508.1466-1-tytso@mit.edu>
On Thu, Feb 15, 2018 at 03:05:08PM -0500, Theodore Ts'o wrote:
> This prevents a crash when running the command:
>
> fsck -t AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA /dev/sda
>
> Reported-by: Hornseth_Brenan@bah.com
> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
> ---
> disk-utils/fsck.c | 15 +++++++++------
> 1 file changed, 9 insertions(+), 6 deletions(-)
>
> diff --git a/disk-utils/fsck.c b/disk-utils/fsck.c
> index 58fd8ac59..8a07bc272 100644
> --- a/disk-utils/fsck.c
> +++ b/disk-utils/fsck.c
> @@ -544,20 +544,20 @@ static char *find_fsck(const char *type)
> {
> char *s;
> const char *tpl;
> - static char prog[256];
> + static char *prog = NULL;
You're allocating / freeing every time it's used, so it shouldn't be
static anymore.
It might be easier to just use snprintf to truncate long strings,
instead of introducing dynamic allocation which requires explicit
freeing. OTOH xasprintf makes it re-entrant / thread-safe, at the
cost of forcing the caller to care about memory management. (And at
the cost of efficiency: prog is allocated / freed inside the loop.)
> char *p = xstrdup(fsck_path);
>
> /* Are we looking for a program or just a type? */
> tpl = (strncmp(type, "fsck.", 5) ? "%s/fsck.%s" : "%s/%s");
>
> for(s = strtok(p, ":"); s; s = strtok(NULL, ":")) {
> - sprintf(prog, tpl, s, type);
> + xasprintf(&prog, tpl, s, type);
> if (access(prog, X_OK) == 0)
> break;
> + free(prog); prog = NULL;
> }
> free(p);
> -
> - return(s ? prog : NULL);
> + return(prog);
> }
--
#define X(x,y) x##y
Peter Cordes ; e-mail: X(peter@cor , des.ca)
"The gods confound the man who first found out how to distinguish the hours!
Confound him, too, who in this place set up a sundial, to cut and hack
my day so wretchedly into small pieces!" -- Plautus, 200 BC
next prev parent reply other threads:[~2018-02-16 15:55 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-15 20:05 [PATCH] fsck: use xasprintf to avoid buffer overruns with an insane fs type Theodore Ts'o
2018-02-16 9:54 ` Karel Zak
2018-02-16 15:55 ` Peter Cordes [this message]
2018-02-16 17:10 ` Theodore Ts'o
2018-02-16 18:08 ` Karel Zak
2018-02-17 0:29 ` Peter Cordes
2018-02-17 6:46 ` Theodore Ts'o
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180216155505.GL9479@cordes.ca \
--to=peter@cordes.ca \
--cc=Hornseth_Brenan@bah.com \
--cc=tytso@mit.edu \
--cc=util-linux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox