util_run_program(): fix possible buffer overflow #2

[elogind.git] / libudev / libudev-util-private.c

diff --git a/libudev/libudev-util-private.c b/libudev/libudev-util-private.c
index 5b5ecb1f503c788550b423e7722b6af223e4d6b6..e0670dbae5dcacb525e89db5e8c9eca5370f612d 100644 (file)
--- a/libudev/libudev-util-private.c
+++ b/libudev/libudev-util-private.c
@@ -30,15 +30,16 @@ int util_create_path(struct udev *udev, const char *path)
        char p[UTIL_PATH_SIZE];
        char *pos;
        struct stat stats;
-       int ret;
+       int err;
 
        util_strscpy(p, sizeof(p), path);
        pos = strrchr(p, '/');
-       if (pos == p || pos == NULL)
+       if (pos == NULL)
                return 0;
-
-       while (pos[-1] == '/')
+       while (pos != p && pos[-1] == '/')
                pos--;
+       if (pos == p)
+               return 0;
        pos[0] = '\0';
 
        dbg(udev, "stat '%s'\n", p);
@@ -50,15 +51,12 @@ int util_create_path(struct udev *udev, const char *path)
 
        dbg(udev, "mkdir '%s'\n", p);
        udev_selinux_setfscreatecon(udev, p, S_IFDIR|0755);
-       ret = mkdir(p, 0755);
-       udev_selinux_resetfscreatecon(udev);
-       if (ret == 0)
-               return 0;
-
-       if (errno == EEXIST)
+       err = mkdir(p, 0755);
+       if (err != 0 && errno == EEXIST)
                if (stat(p, &stats) == 0 && (stats.st_mode & S_IFMT) == S_IFDIR)
-                       return 0;
-       return -1;
+                       err = 0;
+       udev_selinux_resetfscreatecon(udev);
+       return err;
 }
 
 int util_delete_path(struct udev *udev, const char *path)
@@ -67,6 +65,9 @@ int util_delete_path(struct udev *udev, const char *path)
        char *pos;
        int retval;
 
+       if (path[0] == '/')
+               while(path[1] == '/')
+                       path++;
        util_strscpy(p, sizeof(p), path);
        pos = strrchr(p, '/');
        if (pos == p || pos == NULL)
@@ -154,9 +155,12 @@ gid_t util_lookup_group(struct udev *udev, const char *group)
        buf = NULL;
        gid = 0;
        for (;;) {
-               buf = realloc(buf, buflen);
-               if (!buf)
+               char *newbuf;
+
+               newbuf = realloc(buf, buflen);
+               if (!newbuf)
                        break;
+               buf = newbuf;
                errno = getgrnam_r(group, &grbuf, buf, buflen, &gr);
                if (gr != NULL) {
                        gid = gr->gr_gid;
@@ -238,7 +242,8 @@ int util_resolve_subsys_kernel(struct udev *udev, const char *string,
 }
 
 int util_run_program(struct udev *udev, const char *command, char **envp,
-                    char *result, size_t ressize, size_t *reslen)
+                    char *result, size_t ressize, size_t *reslen,
+                    const sigset_t *sigmask)
 {
        int status;
        int outpipe[2] = {-1, -1};
@@ -246,7 +251,7 @@ int util_run_program(struct udev *udev, const char *command, char **envp,
        pid_t pid;
        char arg[UTIL_PATH_SIZE];
        char program[UTIL_PATH_SIZE];
-       char *argv[(sizeof(arg) / 2) + 1];
+       char *argv[((sizeof(arg) + 1) / 2) + 1];
        int devnull;
        int i;
        int err = 0;
@@ -264,10 +269,14 @@ int util_run_program(struct udev *udev, const char *command, char **envp,
                                /* do not separate quotes */
                                pos++;
                                argv[i] = strsep(&pos, "\'");
-                               while (pos != NULL && pos[0] == ' ')
-                                       pos++;
+                               if (pos != NULL)
+                                       while (pos[0] == ' ')
+                                               pos++;
                        } else {
                                argv[i] = strsep(&pos, " ");
+                               if (pos != NULL)
+                                       while (pos[0] == ' ')
+                                               pos++;
                        }
                        dbg(udev, "arg[%i] '%s'\n", i, argv[i]);
                        i++;
@@ -326,6 +335,10 @@ int util_run_program(struct udev *udev, const char *command, char **envp,
                        dup2(errpipe[WRITE_END], STDERR_FILENO);
                        close(errpipe[WRITE_END]);
                }
+
+               if (sigmask)
+                       sigprocmask(SIG_BLOCK, sigmask, NULL);
+
                execve(argv[0], argv, envp);
                if (errno == ENOENT || errno == ENOTDIR) {
                        /* may be on a filesystem which is not mounted right now */