udevinfo segfaults cause klibc's strlcpy writes behind the specified
size of the destination string. strlcat truncates the destination
string which is also not what you expect from a concatenation function.
+ if (bytes == size)
+ return (bytes + strlen(src));
char ch;
while ( (ch = *p++) ) {
char ch;
while ( (ch = *p++) ) {
if (bufline[0] == COMMENT_CHARACTER)
continue;
if (bufline[0] == COMMENT_CHARACTER)
continue;
- strlcpy(line, bufline, count);
+ strlcpy(line, bufline, count+1);
linepos = line;
retval = get_key(&linepos, &variable, &value);
linepos = line;
retval = get_key(&linepos, &variable, &value);
switch(bufline[0]) {
case 'P':
if (count > sizeof(udev->devpath))
switch(bufline[0]) {
case 'P':
if (count > sizeof(udev->devpath))
- count = sizeof(udev->devpath)-1;
- strlcpy(udev->devpath, &bufline[2], count-2);
+ count = sizeof(udev->devpath);
+ strlcpy(udev->devpath, &bufline[2], count-1);
break;
case 'N':
if (count > sizeof(udev->name))
break;
case 'N':
if (count > sizeof(udev->name))
- count = sizeof(udev->name)-1;
- strlcpy(udev->name, &bufline[2], count-2);
+ count = sizeof(udev->name);
+ strlcpy(udev->name, &bufline[2], count-1);
break;
case 'M':
if (count > sizeof(line))
break;
case 'M':
if (count > sizeof(line))
- count = sizeof(line)-1;
- strlcpy(line, &bufline[2], count-2);
+ count = sizeof(line);
+ strlcpy(line, &bufline[2], count-1);
sscanf(line, "%u:%u", &major, &minor);
udev->devt = makedev(major, minor);
break;
case 'S':
sscanf(line, "%u:%u", &major, &minor);
udev->devt = makedev(major, minor);
break;
case 'S':
- if (count > sizeof(line))
- count = sizeof(line)-1;
- strlcpy(line, &bufline[2], count-2);
+ if (count > sizeof(line))
+ count = sizeof(line);
+ strlcpy(line, &bufline[2], count-1);
name_list_add(&udev->symlink_list, line, 0);
break;
case 'A':
name_list_add(&udev->symlink_list, line, 0);
break;
case 'A':
- if (count > sizeof(line))
- count = sizeof(line)-1;
- strlcpy(line, &bufline[2], count-2);
+ if (count > sizeof(line))
+ count = sizeof(line);
+ strlcpy(line, &bufline[2], count-1);
udev->partitions = atoi(line);
break;
case 'R':
udev->partitions = atoi(line);
break;
case 'R':
- if (count > sizeof(line))
- count = sizeof(line)-1;
- strlcpy(line, &bufline[2], count-2);
+ if (count > sizeof(line))
+ count = sizeof(line);
+ strlcpy(line, &bufline[2], count-1);
udev->ignore_remove = atoi(line);
break;
}
udev->ignore_remove = atoi(line);
break;
}
switch(bufline[0]) {
case 'P':
if (count > sizeof(path))
switch(bufline[0]) {
case 'P':
if (count > sizeof(path))
- count = sizeof(path)-1;
- strlcpy(path, &bufline[2], count-2);
+ count = sizeof(path);
+ strlcpy(path, &bufline[2], count-1);
break;
case 'N':
case 'S':
if (count > sizeof(nodename))
break;
case 'N':
case 'S':
if (count > sizeof(nodename))
- count = sizeof(nodename)-1;
- strlcpy(nodename, &bufline[2], count-2);
+ count = sizeof(nodename);
+ strlcpy(nodename, &bufline[2], count-1);
dbg("compare '%s' '%s'", nodename, name);
if (strcmp(nodename, name) == 0) {
strlcpy(devpath, path, len);
dbg("compare '%s' '%s'", nodename, name);
if (strcmp(nodename, name) == 0) {
strlcpy(devpath, path, len);
switch(bufline[0]) {
case 'P':
if (count > sizeof(path))
switch(bufline[0]) {
case 'P':
if (count > sizeof(path))
- count = sizeof(path)-1;
- strlcpy(path, &bufline[2], count-2);
+ count = sizeof(path);
+ strlcpy(path, &bufline[2], count-1);
break;
case 'N':
if (count > sizeof(nodename))
break;
case 'N':
if (count > sizeof(nodename))
- count = sizeof(nodename)-1;
- strlcpy(nodename, &bufline[2], count-2);
+ count = sizeof(nodename);
+ strlcpy(nodename, &bufline[2], count-1);
break;
default:
continue;
break;
default:
continue;
#define __OWN_USERDB_PARSER__
#endif
#define __OWN_USERDB_PARSER__
#endif
+#ifdef __GLIBC__
+#define __OWN_STRLCPYCAT__
+#endif
+
#ifdef USE_STATIC
#define __OWN_USERDB_PARSER__
#endif
#ifdef USE_STATIC
#define __OWN_USERDB_PARSER__
#endif
+#ifdef __OWN_STRLCPYCAT__
size_t strlcpy(char *dst, const char *src, size_t size)
{
size_t bytes = 0;
size_t strlcpy(char *dst, const char *src, size_t size)
{
size_t bytes = 0;
char ch;
while ((ch = *p++)) {
char ch;
while ((ch = *p++)) {
*q = '\0';
return bytes;
}
*q = '\0';
return bytes;
}
size_t strlcat(char *dst, const char *src, size_t size)
{
size_t bytes = 0;
size_t strlcat(char *dst, const char *src, size_t size)
{
size_t bytes = 0;
+ if (bytes == size)
+ return (bytes + strlen(src));
*q = '\0';
return bytes;
}
*q = '\0';
return bytes;
}
+#endif /* __OWN_STRLCPYCAT__ */
#ifndef __OWN_USERDB_PARSER__
#include <sys/types.h>
#ifndef __OWN_USERDB_PARSER__
#include <sys/types.h>