[5/5] libmultipath: Fix overflow in sysfs_get_str()

Message ID	1387263848-73945-6-git-send-email-hare@suse.de (mailing list archive)
State	Not Applicable, archived
Delegated to:	christophe varoqui
Headers	show Return-Path: <dm-devel-bounces@redhat.com> From: Hannes Reinecke <hare@suse.de> To: Christophe Varoqui <christophe.varoqui@opensvc.com> Date: Tue, 17 Dec 2013 08:04:08 +0100 Message-Id: <1387263848-73945-6-git-send-email-hare@suse.de> In-Reply-To: <1387263848-73945-1-git-send-email-hare@suse.de> References: <1387263848-73945-1-git-send-email-hare@suse.de> Cc: dm-devel@redhat.com Subject: [dm-devel] [PATCH 5/5] libmultipath: Fix overflow in sysfs_get_str() Precedence: junk Reply-To: device-mapper development <dm-devel@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: dm-devel-bounces@redhat.com Errors-To: dm-devel-bounces@redhat.com

Message ID

1387263848-73945-6-git-send-email-hare@suse.de (mailing list archive)

State

Not Applicable, archived

Delegated to:

christophe varoqui

Headers

From: Hannes Reinecke <hare@suse.de>
To: Christophe Varoqui <christophe.varoqui@opensvc.com>
Date: Tue, 17 Dec 2013 08:04:08 +0100
Message-Id: <1387263848-73945-6-git-send-email-hare@suse.de>
In-Reply-To: <1387263848-73945-1-git-send-email-hare@suse.de>
References: <1387263848-73945-1-git-send-email-hare@suse.de>
Cc: dm-devel@redhat.com
Subject: [dm-devel] [PATCH 5/5] libmultipath: Fix overflow in sysfs_get_str()
Precedence: junk
Reply-To: device-mapper development <dm-devel@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dm-devel-bounces@redhat.com
Errors-To: dm-devel-bounces@redhat.com

Commit Message

Hannes Reinecke Dec. 17, 2013, 7:04 a.m. UTC

sysfs_get_str() should first do a strchop() before comparing the
returned string length with the provided buffer. Otherwise we might
incur a false positive as the overflowing bits might be occupied
by spaces, which will be removed later on.

Signed-off-by: Hannes Reinecke <hare@suse.de>
---
 libmultipath/discovery.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/libmultipath/discovery.c b/libmultipath/discovery.c
index b7470f8..228ffd3 100644
--- a/libmultipath/discovery.c
+++ b/libmultipath/discovery.c
@@ -157,13 +157,12 @@  sysfs_get_##fname (struct udev_device * udev, char * buff, size_t len)	\
 			devname, #fname);				\
 		return -ENXIO;						\
 	}								\
-	if (strlen(attr) > len) {					\
+	if (strchop(attr) > len) {					\
 		condlog(3, "%s: overflow in attribute %s",		\
 			devname, #fname);				\
 		return -EINVAL;						\
 	}								\
-	strlcpy(buff, attr, len);					\
-	return strchop(buff);						\
+	return strlcpy(buff, attr, len);				\
 }
 
 declare_sysfs_get_str(devtype);

[5/5] libmultipath: Fix overflow in sysfs_get_str()

Commit Message

Patch