Artur Wojcik: Fix for buffer overflow defect in 'link'.
Martin F. Krafft
madduck at alioth.debian.org
Wed Jan 27 02:03:48 UTC 2010
Module: mdadm
Branch: upstream
Commit: 5a1920f2c26719d825521cfe6a2b78f4ff6eed99
URL: http://git.debian.org/?p=pkg-mdadm/mdadm.git;a=commit;h=5a1920f2c26719d825521cfe6a2b78f4ff6eed99
Author: Artur Wojcik <artur.wojcik at intel.com>
Date: Thu Dec 10 11:52:23 2009 -0700
Fix for buffer overflow defect in 'link'.
Potential buffer overflow of 'link' caused by user input may occur,
due to non null-terminated string 'link'.
Signed-off-by: Artur Wojcik <artur.wojcik at intel.com>
Signed-off-by: Dan Williams <dan.j.williams at intel.com>
---
platform-intel.c | 6 +++++-
1 files changed, 5 insertions(+), 1 deletions(-)
diff --git a/platform-intel.c b/platform-intel.c
index d568ca6..b21ff07 100644
--- a/platform-intel.c
+++ b/platform-intel.c
@@ -57,13 +57,17 @@ struct sys_dev *find_driver_devices(const char *bus, const char *driver)
if (!driver_dir)
return NULL;
for (de = readdir(driver_dir); de; de = readdir(driver_dir)) {
+ int n;
+
/* is 'de' a device? check that the 'subsystem' link exists and
* that its target matches 'bus'
*/
sprintf(path, "/sys/bus/%s/drivers/%s/%s/subsystem",
bus, driver, de->d_name);
- if (readlink(path, link, sizeof(link)) < 0)
+ n = readlink(path, link, sizeof(link));
+ if (n < 0 || n >= sizeof(link))
continue;
+ link[n] = '\0';
c = strrchr(link, '/');
if (!c)
continue;
More information about the pkg-mdadm-commits
mailing list