Util-Linux Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH 1/1] sfdisk: Avoid out of boundary read with readline
@ 2019-02-17 21:55 Tobias Stoeckmann
  2019-02-18 12:06 ` Karel Zak
  0 siblings, 1 reply; 2+ messages in thread
From: Tobias Stoeckmann @ 2019-02-17 21:55 UTC (permalink / raw)
  To: util-linux

It is not guaranteed that the returned string of readline() actually
contains as many bytes as buf can contain.

If bufsz is larger than the allocated memory by readline, an out of
boundary read occurs and leads to undefined behaviour. Most likely
that will be a crash.

This can be reproduced when readline-support is compiled in and when
you directly enter "quit" and "n" (to not write changes back to disk)
when sfdisk was called with any given device.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
---
 disk-utils/sfdisk.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/disk-utils/sfdisk.c b/disk-utils/sfdisk.c
index 3911dda85..52ccc5251 100644
--- a/disk-utils/sfdisk.c
+++ b/disk-utils/sfdisk.c
@@ -133,7 +133,9 @@ static int get_user_reply(const char *prompt, char *buf, size_t bufsz)
 		p = readline(prompt);
 		if (!p)
 			return 1;
-		memcpy(buf, p, bufsz);
+		strncpy(buf, p, bufsz);
+		if (bufsz != 0)
+			buf[bufsz - 1] = '\0';
 		free(p);
 	} else
 #endif
-- 
2.20.1


^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [PATCH 1/1] sfdisk: Avoid out of boundary read with readline
  2019-02-17 21:55 [PATCH 1/1] sfdisk: Avoid out of boundary read with readline Tobias Stoeckmann
@ 2019-02-18 12:06 ` Karel Zak
  0 siblings, 0 replies; 2+ messages in thread
From: Karel Zak @ 2019-02-18 12:06 UTC (permalink / raw)
  To: Tobias Stoeckmann; +Cc: util-linux

On Sun, Feb 17, 2019 at 10:55:29PM +0100, Tobias Stoeckmann wrote:
>  disk-utils/sfdisk.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)

Applied, thanks.

-- 
 Karel Zak  <kzak@redhat.com>
 http://karelzak.blogspot.com

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, back to index

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-02-17 21:55 [PATCH 1/1] sfdisk: Avoid out of boundary read with readline Tobias Stoeckmann
2019-02-18 12:06 ` Karel Zak

Util-Linux Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/util-linux/0 util-linux/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 util-linux util-linux/ https://lore.kernel.org/util-linux \
		util-linux@vger.kernel.org util-linux@archiver.kernel.org
	public-inbox-index util-linux


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.util-linux


AGPL code for this site: git clone https://public-inbox.org/ public-inbox