[OpenWrt-Devel] [PATCH] fstools: mkdev: Avoid out of bounds read

Hauke Mehrtens hauke at hauke-m.de
Mon Sep 2 16:32:44 EDT 2019


readlink() truncates and does not null terminate the string when more
bytes would be written than available. Just increase the char array by
one and assume that there is a problem when all bytes are needed.

Coverity: #1330087, #1329991
Signed-off-by: Hauke Mehrtens <hauke at hauke-m.de>
---
 libblkid-tiny/mkdev.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libblkid-tiny/mkdev.c b/libblkid-tiny/mkdev.c
index a35722b..e8ce841 100644
--- a/libblkid-tiny/mkdev.c
+++ b/libblkid-tiny/mkdev.c
@@ -31,7 +31,7 @@
 
 #include <syslog.h>
 
-static char buf[PATH_MAX];
+static char buf[PATH_MAX + 1];
 static char buf2[PATH_MAX];
 static unsigned int mode = 0600;
 
@@ -66,7 +66,7 @@ static void find_devs(bool block)
 
 		strcpy(path, dp->d_name);
 		len = readlink(buf2, buf, sizeof(buf));
-		if (len <= 0)
+		if (len <= 0 || len == sizeof(buf))
 			continue;
 
 		buf[len] = 0;
-- 
2.20.1


_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel



More information about the openwrt-devel mailing list