'[BusyBox] bug#1019: Buffer overrun in find_real_root_device()'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       busybox
Subject:    [BusyBox] bug#1019: Buffer overrun in find_real_root_device()
From:       David Vrabel <dvrabel () arcom ! co ! uk>
Date:       2000-07-27 8:36:05
[Download RAW message or body]

Package: busybox
Version: 0.45
Severity: normal

There is a buffer overrun in find_real_root_device() (in utility.c) if
the root device name is longer than the what was previously in `name'. 
This results in incorrect display of the mount point in `df'.

example:
/proc/mounts contents
   /dev/root / jffs 0 0
   ...
Actual device: /dev/mtdblock0

df output:
Filesystem          1k-blocks    Used Available Use% Mounted on
/dev/mtdblock0           8000    3586      4404  45% ock0

Suggested fix (not tested)
--- utility.c   Thu Jul 27 09:33:40 2000
+++ utility.c.new       Thu Jul 27 09:34:20 2000
@@ -1555,7 +1555,7 @@
                if (strcmp(entry->d_name, "..") == 0)
                        continue;
 
-               sprintf( fileName, "/dev/%s", entry->d_name);
+               snprintf( fileName, strlen(name)+1, "/dev/%s",
entry->d_name);
 
                if (stat(fileName, &statBuf) != 0)
                        continue;





[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic