korg/e2fsprogs
0
0
Fork 0
mirror of https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git synced 2024-11-27 12:04:43 +08:00
Code Issues Packages Projects Releases Wiki Activity

fsck: avoid buffer overflow if user passes in an insanely long fs type

Browse Source 
Reported-by: <Hornseth_Brenan@bah.com>

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
This commit is contained in:
Theodore Ts'o 2018-02-23 15:42:27 -05:00
parent 6074cf36b9
commit d8e5da0a3b
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
misc/fsck.c
View File

@ -408,7 +408,8 @@ static char *find_fsck(char *type)
tpl = (strncmp(type, "fsck.", 5) ? "%s/fsck.%s" : "%s/%s");
for(s = strtok(p, ":"); s; s = strtok(NULL, ":")) {
sprintf(prog, tpl, s, type);
if (snprintf(prog, sizeof(prog), tpl, s, type) >= sizeof(prog))
continue;
if (stat(prog, &st) == 0) break;
}
free(p);
@ -435,7 +436,7 @@ static int progress_active(NOARGS)
static int execute(const char *type, const char *device, const char *mntpt,
int interactive)
{
char *s, *argv[80], prog[80];
char *s, *argv[80], prog[256];
int argc, i;
struct fsck_instance *inst, *p;
pid_t pid;
@ -445,7 +446,8 @@ static int execute(const char *type, const char *device, const char *mntpt,
return ENOMEM;
memset(inst, 0, sizeof(struct fsck_instance));
sprintf(prog, "fsck.%s", type);
if (snprintf(prog, sizeof(prog), "fsck.%s", type) >= sizeof(prog))
return EINVAL;
argv[0] = string_copy(prog);
argc = 1;