diff options
| author | andersen <andersen@69ca8d6d-28ef-0310-b511-8ec308f3f277> | 2002-06-08 12:44:17 +0000 |
|---|---|---|
| committer | andersen <andersen@69ca8d6d-28ef-0310-b511-8ec308f3f277> | 2002-06-08 12:44:17 +0000 |
| commit | f0479c04470a5cb8de27c6fdda4c3284abb55201 (patch) | |
| tree | 2c9afaf518e22478ea9d76e023f8232f243bbbd5 /miscutils | |
| parent | 254b3919cb856a5c99cecbeeebe626fabc6e9f13 (diff) | |
| download | busybox-w32-f0479c04470a5cb8de27c6fdda4c3284abb55201.tar.gz busybox-w32-f0479c04470a5cb8de27c6fdda4c3284abb55201.tar.bz2 busybox-w32-f0479c04470a5cb8de27c6fdda4c3284abb55201.zip | |
vodz' last_patch42_2, which is an updated fix for buffer overflows
noted by Gerardo Puga
git-svn-id: svn://busybox.net/trunk/busybox@4876 69ca8d6d-28ef-0310-b511-8ec308f3f277
Diffstat (limited to 'miscutils')
| -rw-r--r-- | miscutils/makedevs.c | 44 |
1 files changed, 19 insertions, 25 deletions
diff --git a/miscutils/makedevs.c b/miscutils/makedevs.c index f55995685..67b28b534 100644 --- a/miscutils/makedevs.c +++ b/miscutils/makedevs.c | |||
| @@ -17,57 +17,51 @@ | |||
| 17 | 17 | ||
| 18 | int makedevs_main(int argc, char **argv) | 18 | int makedevs_main(int argc, char **argv) |
| 19 | { | 19 | { |
| 20 | dev_t dev = 0; | 20 | mode_t mode; |
| 21 | mode_t mode = 0; | 21 | char *basedev, *type, *nodname, buf[255]; |
| 22 | char *basedev, *type, devname[255], buf[255]; | 22 | int major, Sminor, S, E; |
| 23 | int major, Sminor, S, E, sbase; | ||
| 24 | 23 | ||
| 25 | if (argc < 7 || *argv[1]=='-') | 24 | if (argc < 7 || *argv[1]=='-') |
| 26 | show_usage(); | 25 | show_usage(); |
| 27 | 26 | ||
| 28 | basedev = argv[1]; | 27 | basedev = argv[1]; |
| 29 | type = argv[2]; | 28 | type = argv[2]; |
| 30 | major = atoi(argv[3]); | 29 | major = atoi(argv[3]) << 8; /* correcting param to mknod() */ |
| 31 | Sminor = atoi(argv[4]); | 30 | Sminor = atoi(argv[4]); |
| 32 | S = atoi(argv[5]); | 31 | S = atoi(argv[5]); |
| 33 | E = atoi(argv[6]); | 32 | E = atoi(argv[6]); |
| 34 | sbase = argc == 8 ? 1 : 0; | 33 | nodname = argc == 8 ? basedev : buf; |
| 34 | |||
| 35 | mode = 0660; | ||
| 35 | 36 | ||
| 36 | switch (type[0]) { | 37 | switch (type[0]) { |
| 37 | case 'c': | 38 | case 'c': |
| 38 | mode = S_IFCHR; | 39 | mode |= S_IFCHR; |
| 39 | break; | 40 | break; |
| 40 | case 'b': | 41 | case 'b': |
| 41 | mode = S_IFBLK; | 42 | mode |= S_IFBLK; |
| 42 | break; | 43 | break; |
| 43 | case 'f': | 44 | case 'f': |
| 44 | mode = S_IFIFO; | 45 | mode |= S_IFIFO; |
| 45 | break; | 46 | break; |
| 46 | default: | 47 | default: |
| 47 | show_usage(); | 48 | show_usage(); |
| 48 | } | 49 | } |
| 49 | mode |= 0660; | ||
| 50 | 50 | ||
| 51 | while (S <= E) { | 51 | while (S <= E) { |
| 52 | int sz; | ||
| 52 | 53 | ||
| 53 | if (type[0] != 'f') | 54 | sz = snprintf(buf, sizeof(buf), "%s%d", basedev, S); |
| 54 | dev = (major << 8) | Sminor; | 55 | if(sz<0 || sz>=sizeof(buf)) /* libc different */ |
| 55 | safe_strncpy(devname, basedev, sizeof(devname)); | 56 | error_msg_and_die("%s too large", basedev); |
| 56 | 57 | ||
| 57 | if (sbase == 0) { | 58 | /* if mode != S_IFCHR and != S_IFBLK third param in mknod() ignored */ |
| 58 | int len; | ||
| 59 | len = strlen(devname); | ||
| 60 | if (S > 10000 || len > (sizeof(devname)-6)) | ||
| 61 | error_msg_and_die("%s: number too large", buf); | ||
| 62 | sprintf(buf, "%d", S); | ||
| 63 | strcat(devname, buf); | ||
| 64 | } else { | ||
| 65 | sbase = 0; | ||
| 66 | } | ||
| 67 | 59 | ||
| 68 | if (mknod(devname, mode, dev)) | 60 | if (mknod(nodname, mode, major | Sminor)) |
| 69 | printf("Failed to create: %s\n", devname); | 61 | error_msg("Failed to create: %s", nodname); |
| 70 | 62 | ||
| 63 | if (nodname == basedev) /* ex. /dev/hda - to /dev/hda1 ... */ | ||
| 64 | nodname = buf; | ||
| 71 | S++; | 65 | S++; |
| 72 | Sminor++; | 66 | Sminor++; |
| 73 | } | 67 | } |