1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-10-30 06:25:25 +03:00

[PATCH] fix klibc's broken strlcpy/strlcat

udevinfo segfaults cause klibc's strlcpy writes behind the specified
size of the destination string. strlcat truncates the destination
string which is also not what you expect from a concatenation function.
This commit is contained in:
kay.sievers@vrfy.org 2005-03-27 12:39:12 +02:00 committed by Greg KH
parent 6276fdd2ab
commit 8a4c0c32f4
5 changed files with 38 additions and 32 deletions

View File

@ -16,9 +16,11 @@ size_t strlcat(char *dst, const char *src, size_t size)
q++;
bytes++;
}
if (bytes == size)
return (bytes + strlen(src));
while ( (ch = *p++) ) {
if ( bytes < size )
if ( bytes+1 < size )
*q++ = ch;
bytes++;

View File

@ -13,7 +13,7 @@ size_t strlcpy(char *dst, const char *src, size_t size)
char ch;
while ( (ch = *p++) ) {
if ( bytes < size )
if ( bytes+1 < size )
*q++ = ch;
bytes++;

View File

@ -171,7 +171,7 @@ static int parse_config_file(void)
if (bufline[0] == COMMENT_CHARACTER)
continue;
strlcpy(line, bufline, count);
strlcpy(line, bufline, count+1);
linepos = line;
retval = get_key(&linepos, &variable, &value);

View File

@ -116,37 +116,37 @@ static int parse_db_file(struct udevice *udev, const char *filename)
switch(bufline[0]) {
case 'P':
if (count > sizeof(udev->devpath))
count = sizeof(udev->devpath)-1;
strlcpy(udev->devpath, &bufline[2], count-2);
count = sizeof(udev->devpath);
strlcpy(udev->devpath, &bufline[2], count-1);
break;
case 'N':
if (count > sizeof(udev->name))
count = sizeof(udev->name)-1;
strlcpy(udev->name, &bufline[2], count-2);
count = sizeof(udev->name);
strlcpy(udev->name, &bufline[2], count-1);
break;
case 'M':
if (count > sizeof(line))
count = sizeof(line)-1;
strlcpy(line, &bufline[2], count-2);
count = sizeof(line);
strlcpy(line, &bufline[2], count-1);
sscanf(line, "%u:%u", &major, &minor);
udev->devt = makedev(major, minor);
break;
case 'S':
if (count > sizeof(line))
count = sizeof(line)-1;
strlcpy(line, &bufline[2], count-2);
if (count > sizeof(line))
count = sizeof(line);
strlcpy(line, &bufline[2], count-1);
name_list_add(&udev->symlink_list, line, 0);
break;
case 'A':
if (count > sizeof(line))
count = sizeof(line)-1;
strlcpy(line, &bufline[2], count-2);
if (count > sizeof(line))
count = sizeof(line);
strlcpy(line, &bufline[2], count-1);
udev->partitions = atoi(line);
break;
case 'R':
if (count > sizeof(line))
count = sizeof(line)-1;
strlcpy(line, &bufline[2], count-2);
if (count > sizeof(line))
count = sizeof(line);
strlcpy(line, &bufline[2], count-1);
udev->ignore_remove = atoi(line);
break;
}
@ -227,14 +227,14 @@ int udev_db_search_name(char *devpath, size_t len, const char *name)
switch(bufline[0]) {
case 'P':
if (count > sizeof(path))
count = sizeof(path)-1;
strlcpy(path, &bufline[2], count-2);
count = sizeof(path);
strlcpy(path, &bufline[2], count-1);
break;
case 'N':
case 'S':
if (count > sizeof(nodename))
count = sizeof(nodename)-1;
strlcpy(nodename, &bufline[2], count-2);
count = sizeof(nodename);
strlcpy(nodename, &bufline[2], count-1);
dbg("compare '%s' '%s'", nodename, name);
if (strcmp(nodename, name) == 0) {
strlcpy(devpath, path, len);
@ -302,13 +302,13 @@ int udev_db_dump_names(int (*handler_function)(const char *path, const char *nam
switch(bufline[0]) {
case 'P':
if (count > sizeof(path))
count = sizeof(path)-1;
strlcpy(path, &bufline[2], count-2);
count = sizeof(path);
strlcpy(path, &bufline[2], count-1);
break;
case 'N':
if (count > sizeof(nodename))
count = sizeof(nodename)-1;
strlcpy(nodename, &bufline[2], count-2);
count = sizeof(nodename);
strlcpy(nodename, &bufline[2], count-1);
break;
default:
continue;

View File

@ -36,11 +36,15 @@
#define __OWN_USERDB_PARSER__
#endif
#ifdef __GLIBC__
#define __OWN_STRLCPYCAT__
#endif
#ifdef USE_STATIC
#define __OWN_USERDB_PARSER__
#endif
#ifndef strlcpy
#ifdef __OWN_STRLCPYCAT__
size_t strlcpy(char *dst, const char *src, size_t size)
{
size_t bytes = 0;
@ -49,7 +53,7 @@ size_t strlcpy(char *dst, const char *src, size_t size)
char ch;
while ((ch = *p++)) {
if (bytes < size)
if (bytes+1 < size)
*q++ = ch;
bytes++;
}
@ -57,9 +61,7 @@ size_t strlcpy(char *dst, const char *src, size_t size)
*q = '\0';
return bytes;
}
#endif
#ifndef strlcat
size_t strlcat(char *dst, const char *src, size_t size)
{
size_t bytes = 0;
@ -71,9 +73,11 @@ size_t strlcat(char *dst, const char *src, size_t size)
q++;
bytes++;
}
if (bytes == size)
return (bytes + strlen(src));
while ((ch = *p++)) {
if (bytes < size)
if (bytes+1 < size)
*q++ = ch;
bytes++;
}
@ -81,7 +85,7 @@ size_t strlcat(char *dst, const char *src, size_t size)
*q = '\0';
return bytes;
}
#endif
#endif /* __OWN_STRLCPYCAT__ */
#ifndef __OWN_USERDB_PARSER__
#include <sys/types.h>