1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-16 10:20:30 +00:00

Fix misuse of the basename() and dirname() functions.

These functions are allowed to overwrite their input. Pull a copy of the
input parameter and call dirname() and basename() on that instead. Do
ensure that we reload the pathname value between calls.
This commit is contained in:
Ed Schouten 2016-09-21 13:02:43 +00:00
parent dab6d6fb5a
commit ecc288634a
Notes: svn2git 2020-12-20 02:59:44 +00:00
svn path=/head/; revision=306099

View File

@ -264,6 +264,7 @@ pci_vtcon_sock_add(struct pci_vtcon_softc *sc, const char *name,
{
struct pci_vtcon_sock *sock;
struct sockaddr_un sun;
char *pathcopy;
int s = -1, fd = -1, error = 0;
sock = calloc(1, sizeof(struct pci_vtcon_sock));
@ -278,15 +279,24 @@ pci_vtcon_sock_add(struct pci_vtcon_softc *sc, const char *name,
goto out;
}
fd = open(dirname(path), O_RDONLY | O_DIRECTORY);
pathcopy = strdup(path);
if (pathcopy == NULL) {
error = -1;
goto out;
}
fd = open(dirname(pathcopy), O_RDONLY | O_DIRECTORY);
if (fd < 0) {
free(pathcopy);
error = -1;
goto out;
}
sun.sun_family = AF_UNIX;
sun.sun_len = sizeof(struct sockaddr_un);
strncpy(sun.sun_path, basename((char *)path), sizeof(sun.sun_path));
strcpy(pathcopy, path);
strncpy(sun.sun_path, basename(pathcopy), sizeof(sun.sun_path));
free(pathcopy);
if (bindat(fd, s, (struct sockaddr *)&sun, sun.sun_len) < 0) {
error = -1;