diff options
| author | Eric Andersen <andersen@codepoet.org> | 2002-06-06 14:24:57 +0000 |
|---|---|---|
| committer | Eric Andersen <andersen@codepoet.org> | 2002-06-06 14:24:57 +0000 |
| commit | 6fb4e4877a9d447c45b4f511e9851f2f8f7443b3 (patch) | |
| tree | 83c7886aa0521108d5b82d5b91422f2f34e7c29b | |
| parent | 0d2d1eb59983097f95acc4da874e8f5a78c8b1de (diff) | |
| download | busybox-w32-6fb4e4877a9d447c45b4f511e9851f2f8f7443b3.tar.gz busybox-w32-6fb4e4877a9d447c45b4f511e9851f2f8f7443b3.tar.bz2 busybox-w32-6fb4e4877a9d447c45b4f511e9851f2f8f7443b3.zip | |
Fix buffer overflows noted by Gerardo Puga
-Erik
| -rw-r--r-- | modutils/insmod.c | 34 |
1 files changed, 20 insertions, 14 deletions
diff --git a/modutils/insmod.c b/modutils/insmod.c index cab2cc204..c89cd3c8d 100644 --- a/modutils/insmod.c +++ b/modutils/insmod.c | |||
| @@ -233,7 +233,7 @@ | |||
| 233 | #ifndef MODUTILS_MODULE_H | 233 | #ifndef MODUTILS_MODULE_H |
| 234 | static const int MODUTILS_MODULE_H = 1; | 234 | static const int MODUTILS_MODULE_H = 1; |
| 235 | 235 | ||
| 236 | #ident "$Id: insmod.c,v 1.83 2002/05/24 06:50:15 andersen Exp $" | 236 | #ident "$Id: insmod.c,v 1.84 2002/06/06 14:24:57 andersen Exp $" |
| 237 | 237 | ||
| 238 | /* This file contains the structures used by the 2.0 and 2.1 kernels. | 238 | /* This file contains the structures used by the 2.0 and 2.1 kernels. |
| 239 | We do not use the kernel headers directly because we do not wish | 239 | We do not use the kernel headers directly because we do not wish |
| @@ -454,7 +454,7 @@ int delete_module(const char *); | |||
| 454 | #ifndef MODUTILS_OBJ_H | 454 | #ifndef MODUTILS_OBJ_H |
| 455 | static const int MODUTILS_OBJ_H = 1; | 455 | static const int MODUTILS_OBJ_H = 1; |
| 456 | 456 | ||
| 457 | #ident "$Id: insmod.c,v 1.83 2002/05/24 06:50:15 andersen Exp $" | 457 | #ident "$Id: insmod.c,v 1.84 2002/06/06 14:24:57 andersen Exp $" |
| 458 | 458 | ||
| 459 | /* The relocatable object is manipulated using elfin types. */ | 459 | /* The relocatable object is manipulated using elfin types. */ |
| 460 | 460 | ||
| @@ -3426,7 +3426,7 @@ extern int insmod_main( int argc, char **argv) | |||
| 3426 | int k_crcs; | 3426 | int k_crcs; |
| 3427 | int k_new_syscalls; | 3427 | int k_new_syscalls; |
| 3428 | int len; | 3428 | int len; |
| 3429 | char *tmp; | 3429 | char *tmp, *tmp1; |
| 3430 | unsigned long m_size; | 3430 | unsigned long m_size; |
| 3431 | ElfW(Addr) m_addr; | 3431 | ElfW(Addr) m_addr; |
| 3432 | FILE *fp; | 3432 | FILE *fp; |
| @@ -3464,7 +3464,7 @@ extern int insmod_main( int argc, char **argv) | |||
| 3464 | flag_export = 0; | 3464 | flag_export = 0; |
| 3465 | break; | 3465 | break; |
| 3466 | case 'o': /* name the output module */ | 3466 | case 'o': /* name the output module */ |
| 3467 | strncpy(m_name, optarg, FILENAME_MAX); | 3467 | safe_strncpy(m_name, optarg, sizeof(m_name)); |
| 3468 | break; | 3468 | break; |
| 3469 | case 'L': /* Stub warning */ | 3469 | case 'L': /* Stub warning */ |
| 3470 | /* This is needed for compatibility with modprobe. | 3470 | /* This is needed for compatibility with modprobe. |
| @@ -3482,20 +3482,26 @@ extern int insmod_main( int argc, char **argv) | |||
| 3482 | } | 3482 | } |
| 3483 | 3483 | ||
| 3484 | /* Grab the module name */ | 3484 | /* Grab the module name */ |
| 3485 | if ((tmp = strrchr(argv[optind], '/')) != NULL) { | 3485 | tmp1 = xstrdup(argv[optind]); |
| 3486 | tmp++; | 3486 | tmp = basename(tmp1); |
| 3487 | } else { | ||
| 3488 | tmp = argv[optind]; | ||
| 3489 | } | ||
| 3490 | len = strlen(tmp); | 3487 | len = strlen(tmp); |
| 3491 | 3488 | ||
| 3492 | if (len > 2 && tmp[len - 2] == '.' && tmp[len - 1] == 'o') | 3489 | if (len > 2 && tmp[len - 2] == '.' && tmp[len - 1] == 'o') { |
| 3493 | len -= 2; | 3490 | len-=2; |
| 3494 | memcpy(m_fullName, tmp, len); | 3491 | tmp[len] = '\0'; |
| 3495 | m_fullName[len]='\0'; | 3492 | } |
| 3493 | if (len >= sizeof(m_fullName)) { | ||
| 3494 | len = sizeof(m_fullName); | ||
| 3495 | } | ||
| 3496 | safe_strncpy(m_fullName, tmp, len); | ||
| 3497 | if (tmp1) | ||
| 3498 | free(tmp1); | ||
| 3496 | if (*m_name == '\0') { | 3499 | if (*m_name == '\0') { |
| 3497 | strcpy(m_name, m_fullName); | 3500 | safe_strncpy(m_name, m_fullName, sizeof(m_name)); |
| 3498 | } | 3501 | } |
| 3502 | len = strlen(m_fullName); | ||
| 3503 | if (len > (sizeof(m_fullName)-3)) | ||
| 3504 | error_msg_and_die("%s: no module by that name found", m_fullName); | ||
| 3499 | strcat(m_fullName, ".o"); | 3505 | strcat(m_fullName, ".o"); |
| 3500 | 3506 | ||
| 3501 | /* Get a filedesc for the module. Check we we have a complete path */ | 3507 | /* Get a filedesc for the module. Check we we have a complete path */ |