|
 |
59ea72 |
From c1b78589cf042221e22a014332b195b2309cb178 Mon Sep 17 00:00:00 2001
|
|
|
59ea72 |
From: Jes Sorensen <jsorensen@fb.com>
|
|
|
59ea72 |
Date: Thu, 31 May 2018 13:11:21 -0400
|
|
|
59ea72 |
Subject: [RHEL7.5 PATCH 19/26] mdopen: fix gcc 8.1 string overflow error
|
|
|
59ea72 |
|
|
|
59ea72 |
We already cut symlinks longer than 1000, so rely on this calling
|
|
|
59ea72 |
readlink and error out if we are able to read more than 1000 bytes.
|
|
|
59ea72 |
|
|
|
59ea72 |
Signed-off-by: Jes Sorensen <jsorensen@fb.com>
|
|
|
59ea72 |
---
|
|
|
59ea72 |
mdopen.c | 8 +++++---
|
|
|
59ea72 |
1 file changed, 5 insertions(+), 3 deletions(-)
|
|
|
59ea72 |
|
|
|
59ea72 |
diff --git a/mdopen.c b/mdopen.c
|
|
|
59ea72 |
index 4ec13f5..98c54e4 100644
|
|
|
59ea72 |
--- a/mdopen.c
|
|
|
59ea72 |
+++ b/mdopen.c
|
|
|
59ea72 |
@@ -44,7 +44,7 @@ void make_parts(char *dev, int cnt)
|
|
|
59ea72 |
int nlen = strlen(dev) + 20;
|
|
|
59ea72 |
char *name;
|
|
|
59ea72 |
int dig = isdigit(dev[strlen(dev)-1]);
|
|
|
59ea72 |
- char orig[1024];
|
|
|
59ea72 |
+ char orig[1001];
|
|
|
59ea72 |
char sym[1024];
|
|
|
59ea72 |
int err;
|
|
|
59ea72 |
|
|
|
59ea72 |
@@ -58,8 +58,10 @@ void make_parts(char *dev, int cnt)
|
|
|
59ea72 |
minor_num = minor(stb.st_rdev);
|
|
|
59ea72 |
odig = -1;
|
|
|
59ea72 |
} else if (S_ISLNK(stb.st_mode)) {
|
|
|
59ea72 |
- int len = readlink(dev, orig, sizeof(orig));
|
|
|
59ea72 |
- if (len < 0 || len > 1000)
|
|
|
59ea72 |
+ int len;
|
|
|
59ea72 |
+
|
|
|
59ea72 |
+ len = readlink(dev, orig, sizeof(orig));
|
|
|
59ea72 |
+ if (len < 0 || len >= (int)sizeof(orig))
|
|
|
59ea72 |
return;
|
|
|
59ea72 |
orig[len] = 0;
|
|
|
59ea72 |
odig = isdigit(orig[len-1]);
|
|
|
59ea72 |
--
|
|
|
59ea72 |
2.7.4
|
|
|
59ea72 |
|