[OpenWrt-Devel] [PATCH fstools] block: validate amount of arguments for the "autofs" command

Rafał Miłecki zajec5 at gmail.com
Fri Dec 7 11:26:31 EST 2018


From: Rafał Miłecki <rafal at milecki.pl>

Using argv[3] without checking argc value could result in undefined
behavior. It could result in a crash or accessing a NULL that separates
argv from envp on UNIX.

Signed-off-by: Rafał Miłecki <rafal at milecki.pl>
---
 block.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/block.c b/block.c
index 8972fdf..1edc9b8 100644
--- a/block.c
+++ b/block.c
@@ -1189,8 +1189,12 @@ static int main_autofs(int argc, char **argv)
 				blockd_notify(pr->dev, m, pr);
 		}
 		return 0;
+	} else {
+		if (argc < 4)
+			return -EINVAL;
+
+		return mount_action(argv[2], argv[3], TYPE_AUTOFS);
 	}
-	return mount_action(argv[2], argv[3], TYPE_AUTOFS);
 }
 
 static int find_block_mtd(char *name, char *part, int plen)
-- 
2.13.7


_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel


More information about the openwrt-devel mailing list