[PATCH] Avoid buffer overflow on strncat usage
Simon Horman
horms at verge.net.au
Tue Feb 4 03:30:53 EST 2014
On Mon, Feb 03, 2014 at 06:54:52PM +0100, Dirk Müller wrote:
> strncat() does not want the total size but the maximum length.
>
> Signed-off-by: Dirk Mueller <dmueller at suse.com>
> ---
> kexec/fs2dt.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/kexec/fs2dt.c b/kexec/fs2dt.c
> index 73c1fb9..65a8b66 100644
> --- a/kexec/fs2dt.c
> +++ b/kexec/fs2dt.c
> @@ -649,8 +649,8 @@ static void putnode(void)
> goto no_debug;
> }
> strncpy(filename, "/proc/device-tree/", MAXPATH);
> - strncat(filename, buff, MAXPATH);
> - strncat(filename, "/compatible", MAXPATH);
> + strncat(filename, buff, MAXPATH-strlen(filename)-1);
> + strncat(filename, "/compatible", MAXPATH-strlen(filename)-1);
I don't think you need the -1 as filename will have a trailing '\0'
which is not counted in the return value of strlen()
Also, could you please put a space on each side of each '-'?
Thanks
> fd = open(filename, O_RDONLY);
> if (fd == -1) {
> printf("Unable to find %s printing from
> purgatory is diabled\n",
> --
> 1.8.4.1
>
> _______________________________________________
> kexec mailing list
> kexec at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/kexec
>
More information about the kexec
mailing list