diff options
| author | mananth <mananth> | 2004-03-12 06:56:23 +0000 |
|---|---|---|
| committer | mananth <mananth> | 2004-03-12 06:56:23 +0000 |
| commit | 6b7758f5885bb6678e8ac74680bc3b1aeab64951 (patch) | |
| tree | 10802196f5c1d91b74b6b90a8f4f3c320e920202 | |
| parent | 9b6ef1d534b424dd26d7a441516a7f6659815bda (diff) | |
| download | sysfsutils-6b7758f5885bb6678e8ac74680bc3b1aeab64951.tar.gz | |
bufoverflow-take3.patch max-size.patch to take care of buffer overflow
possibilities
| -rw-r--r-- | ChangeLog | 4 | ||||
| -rw-r--r-- | cmd/systool.c | 10 | ||||
| -rw-r--r-- | include/libsysfs.h | 18 | ||||
| -rw-r--r-- | lib/dlist.c | 2 | ||||
| -rw-r--r-- | lib/sysfs_bus.c | 41 | ||||
| -rw-r--r-- | lib/sysfs_class.c | 59 | ||||
| -rw-r--r-- | lib/sysfs_device.c | 95 | ||||
| -rw-r--r-- | lib/sysfs_dir.c | 66 | ||||
| -rw-r--r-- | lib/sysfs_driver.c | 24 | ||||
| -rw-r--r-- | lib/sysfs_utils.c | 62 |
10 files changed, 201 insertions, 180 deletions
@@ -1,4 +1,8 @@ +03/12/2004 - Ananth Mavinakayanahalli <ananth@in.ibm.com> + * Modified string functions to use wrappers to take care + of potential buffer overflow issues + 03/08/2004 - Ananth Mavinakayanahalli <ananth@in.ibm.com> * Remove "unsigned" declarations for prototype compatibility per Lev Makhlis' suggestion diff --git a/cmd/systool.c b/cmd/systool.c index 696d96e..1bd0137 100644 --- a/cmd/systool.c +++ b/cmd/systool.c @@ -278,8 +278,8 @@ static void show_device(struct sysfs_device *device, int level) fprintf(stdout, "%s ", device->bus_id); memset(path, 0, SYSFS_PATH_MAX); memset(value, 0, SYSFS_PATH_MAX); - strcpy(path, device->path); - strcat(path, "/config"); + safestrcpy(path, device->path); + safestrcat(path, "/config"); if ((sysfs_read_attribute_value(path, value, 256)) == 0) { vendor_id = get_pciconfig_word @@ -611,7 +611,7 @@ static int show_default_info(void) char *cur = NULL; int retval = 0; - strcpy(subsys, SYSFS_BUS_NAME); + safestrcpy(subsys, SYSFS_BUS_NAME); list = sysfs_open_subsystem_list(subsys); if (list != NULL) { fprintf(stdout, "Supported sysfs buses:\n"); @@ -620,7 +620,7 @@ static int show_default_info(void) } sysfs_close_list(list); - strcpy(subsys, SYSFS_CLASS_NAME); + safestrcpy(subsys, SYSFS_CLASS_NAME); list = sysfs_open_subsystem_list(subsys); if (list != NULL) { fprintf(stdout, "Supported sysfs classes:\n"); @@ -629,7 +629,7 @@ static int show_default_info(void) } sysfs_close_list(list); - strcpy(subsys, SYSFS_DEVICES_NAME); + safestrcpy(subsys, SYSFS_DEVICES_NAME); list = sysfs_open_subsystem_list(subsys); if (list != NULL) { fprintf(stdout, "Supported sysfs devices:\n"); diff --git a/include/libsysfs.h b/include/libsysfs.h index c6dff1e..29194f6 100644 --- a/include/libsysfs.h +++ b/include/libsysfs.h @@ -27,6 +27,24 @@ #include <string.h> #include "dlist.h" +/* + * Defines to prevent buffer overruns + */ +#define safestrcpy(to, from) strncpy(to, from, sizeof(to)-1) +#define safestrcat(to, from) strncat(to, from, sizeof(to) - strlen(to)-1) + +#define safestrcpymax(to, from, max) \ +do { \ + to[max-1] = '\0'; \ + strncpy(to, from, max-1); \ +} while (0) + +#define safestrcatmax(to, from, max) \ +do { \ + to[max-1] = '\0'; \ + strncat(to, from, max - strlen(to)-1); \ +} while (0) + /* * Generic #defines go here.. */ diff --git a/lib/dlist.c b/lib/dlist.c index 7620653..c6b104c 100644 --- a/lib/dlist.c +++ b/lib/dlist.c @@ -260,7 +260,7 @@ void dlist_unshift(Dlist *list,void *data) } void dlist_unshift_sorted(Dlist *list, void *data, - int (*sorter)(void *new, void *old)) + int (*sorter)(void *new_elem, void *old_elem)) { if (list->count == 0) dlist_unshift(list, data); diff --git a/lib/sysfs_bus.c b/lib/sysfs_bus.c index b852570..d47b94c 100644 --- a/lib/sysfs_bus.c +++ b/lib/sysfs_bus.c @@ -109,9 +109,9 @@ struct dlist *sysfs_get_bus_devices(struct sysfs_bus *bus) return NULL; } memset(path, 0, SYSFS_PATH_MAX); - strcpy(path, bus->path); - strcat(path, "/"); - strcat(path, SYSFS_DEVICES_NAME); + safestrcpy(path, bus->path); + safestrcat(path, "/"); + safestrcat(path, SYSFS_DEVICES_NAME); devdir = sysfs_open_directory(path); if (devdir == NULL) return NULL; @@ -158,9 +158,9 @@ struct dlist *sysfs_get_bus_drivers(struct sysfs_bus *bus) return NULL; } memset(path, 0, SYSFS_PATH_MAX); - strcpy(path, bus->path); - strcat(path, "/"); - strcat(path, SYSFS_DRIVERS_NAME); + safestrcpy(path, bus->path); + safestrcat(path, "/"); + safestrcat(path, SYSFS_DRIVERS_NAME); drvdir = sysfs_open_directory(path); if (drvdir == NULL) return NULL; @@ -209,10 +209,10 @@ struct sysfs_bus *sysfs_open_bus(const char *name) return NULL; } - strcat(buspath, "/"); - strcat(buspath, SYSFS_BUS_NAME); - strcat(buspath, "/"); - strcat(buspath, name); + safestrcat(buspath, "/"); + safestrcat(buspath, SYSFS_BUS_NAME); + safestrcat(buspath, "/"); + safestrcat(buspath, name); if ((sysfs_path_is_dir(buspath)) != 0) { dprintf("Invalid path to bus: %s\n", buspath); return NULL; @@ -222,8 +222,8 @@ struct sysfs_bus *sysfs_open_bus(const char *name) dprintf("calloc failed\n"); return NULL; } - strcpy(bus->name, name); - strcpy(bus->path, buspath); + safestrcpy(bus->name, name); + safestrcpy(bus->path, buspath); if ((sysfs_remove_trailing_slash(bus->path)) != 0) { dprintf("Incorrect path to bus %s\n", bus->path); sysfs_close_bus(bus); @@ -370,23 +370,22 @@ int sysfs_find_driver_bus(const char *driver, char *busname, size_t bsize) } memset(subsys, 0, SYSFS_PATH_MAX); - strcat(subsys, "/"); - strcpy(subsys, SYSFS_BUS_NAME); + safestrcpy(subsys, SYSFS_BUS_NAME); buslist = sysfs_open_subsystem_list(subsys); if (buslist != NULL) { dlist_for_each_data(buslist, bus, char) { memset(subsys, 0, SYSFS_PATH_MAX); - strcat(subsys, "/"); - strcpy(subsys, SYSFS_BUS_NAME); - strcat(subsys, "/"); - strcat(subsys, bus); - strcat(subsys, "/"); - strcat(subsys, SYSFS_DRIVERS_NAME); + safestrcpy(subsys, SYSFS_BUS_NAME); + safestrcat(subsys, "/"); + safestrcat(subsys, bus); + safestrcat(subsys, "/"); + safestrcat(subsys, SYSFS_DRIVERS_NAME); drivers = sysfs_open_subsystem_list(subsys); if (drivers != NULL) { dlist_for_each_data(drivers, curdrv, char) { if (strcmp(driver, curdrv) == 0) { - strncpy(busname, bus, bsize); + safestrcpymax(busname, + bus, bsize); sysfs_close_list(drivers); sysfs_close_list(buslist); return 0; diff --git a/lib/sysfs_class.c b/lib/sysfs_class.c index 26892b2..db59aef 100644 --- a/lib/sysfs_class.c +++ b/lib/sysfs_class.c @@ -38,8 +38,7 @@ static int class_name_equal(void *a, void *b) if (a == NULL || b == NULL) return 0; - if (strcmp(((char *)a), ((struct sysfs_class_device *)b)->name) - == 0) + if (strcmp(((char *)a), ((struct sysfs_class_device *)b)->name) == 0) return 1; return 0; @@ -116,7 +115,7 @@ static void set_classdev_classname(struct sysfs_class_device *cdev) } if (c == NULL) - strcpy(cdev->classname, SYSFS_UNKNOWN); + safestrcpy(cdev->classname, SYSFS_UNKNOWN); else { if (*c == '/') c++; @@ -158,7 +157,7 @@ struct sysfs_class_device *sysfs_open_class_device_path(const char *path) return NULL; } - strcpy(cdev->path, path); + safestrcpy(cdev->path, path); if ((sysfs_remove_trailing_slash(cdev->path)) != 0) { dprintf("Invalid path to class device %s\n", cdev->path); sysfs_close_class_device(cdev); @@ -240,13 +239,13 @@ struct sysfs_class *sysfs_open_class(const char *name) * if "name" is "block" and proceed accordingly */ if (strcmp(name, SYSFS_BLOCK_NAME) == 0) { - strcat(classpath, "/"); - strcat(classpath, SYSFS_BLOCK_NAME); + safestrcat(classpath, "/"); + safestrcat(classpath, SYSFS_BLOCK_NAME); } else { - strcat(classpath, "/"); - strcat(classpath, SYSFS_CLASS_NAME); - strcat(classpath, "/"); - strcat(classpath, name); + safestrcat(classpath, "/"); + safestrcat(classpath, SYSFS_CLASS_NAME); + safestrcat(classpath, "/"); + safestrcat(classpath, name); } if ((sysfs_path_is_dir(classpath)) != 0) { dprintf("Class %s not found on the system\n", name); @@ -258,8 +257,8 @@ struct sysfs_class *sysfs_open_class(const char *name) dprintf("calloc failed\n"); return NULL; } - strcpy(cls->name, name); - strcpy(cls->path, classpath); + safestrcpy(cls->name, name); + safestrcpy(cls->path, classpath); if ((sysfs_remove_trailing_slash(cls->path)) != 0) { dprintf("Invalid path to class device %s\n", cls->path); sysfs_close_class(cls); @@ -308,8 +307,8 @@ struct sysfs_device *sysfs_get_classdev_device errno = EINVAL; return NULL; } - strcpy(devpath, clsdev->path); - strcat(devpath, "/device"); + safestrcpy(devpath, clsdev->path); + safestrcat(devpath, "/device"); if ((sysfs_path_is_link(devpath)) != 0) { if (clsdev->sysdevice != NULL) { sysfs_close_device(clsdev->sysdevice); @@ -367,8 +366,8 @@ struct sysfs_driver *sysfs_get_classdev_driver errno = EINVAL; return NULL; } - strcpy(drvpath, clsdev->path); - strcat(drvpath, "/driver"); + safestrcpy(drvpath, clsdev->path); + safestrcat(drvpath, "/driver"); if ((sysfs_path_is_link(drvpath)) != 0) { if (clsdev->driver != NULL) { sysfs_close_driver(clsdev->driver); @@ -418,7 +417,7 @@ static int get_blockdev_parent(struct sysfs_class_device *clsdev) { char parent_path[SYSFS_PATH_MAX], *c = NULL; - strcpy(parent_path, clsdev->path); + safestrcpy(parent_path, clsdev->path); c = strstr(parent_path, SYSFS_BLOCK_NAME); if (c == NULL) { dprintf("Class device %s does not belong to BLOCK subsystem\n", @@ -480,7 +479,8 @@ struct sysfs_class_device *sysfs_get_classdev_parent * structure. Hence, we now call a specialized function for block and * later we can add support functions for other subsystems as required. */ - if (!(strcmp(clsdev->classname, SYSFS_BLOCK_NAME))) { + if (!(strncmp(clsdev->classname, SYSFS_BLOCK_NAME, + sizeof(SYSFS_BLOCK_NAME)))) { if ((get_blockdev_parent(clsdev)) == 0) return (clsdev->parent); } @@ -507,17 +507,18 @@ static int get_classdev_path(const char *classname, const char *clsdev, dprintf("Error getting sysfs mount path\n"); return -1; } - if (strcmp(classname, SYSFS_BLOCK_NAME) == 0) { - strcat(path, "/"); - strcat(path, SYSFS_BLOCK_NAME); + if (strncmp(classname, SYSFS_BLOCK_NAME, + sizeof(SYSFS_BLOCK_NAME)) == 0) { + safestrcatmax(path, "/", len); + safestrcatmax(path, SYSFS_BLOCK_NAME, len); } else { - strcat(path, "/"); - strcat(path, SYSFS_CLASS_NAME); - strcat(path, "/"); - strcat(path, classname); + safestrcatmax(path, "/", len); + safestrcatmax(path, SYSFS_CLASS_NAME, len); + safestrcatmax(path, "/", len); + safestrcatmax(path, classname, len); } - strcat(path, "/"); - strcat(path, clsdev); + safestrcatmax(path, "/", len); + safestrcatmax(path, clsdev, len); return 0; } @@ -685,8 +686,8 @@ struct sysfs_attribute *sysfs_open_classdev_attr(const char *classname, dev, classname); return NULL; } - strcat(path, "/"); - strcat(path, attrib); + safestrcat(path, "/"); + safestrcat(path, attrib); attribute = sysfs_open_attribute(path); if (attribute == NULL) { dprintf("Error opening attribute %s on class device %s\n", diff --git a/lib/sysfs_device.c b/lib/sysfs_device.c index 97dab32..f2f8d2d 100644 --- a/lib/sysfs_device.c +++ b/lib/sysfs_device.c @@ -42,29 +42,29 @@ static int get_dev_driver(struct sysfs_device *dev) return 1; memset(path, 0, SYSFS_PATH_MAX); memset(devpath, 0, SYSFS_PATH_MAX); - strcat(path, SYSFS_BUS_NAME); - strcat(path, "/"); - strcat(path, dev->bus); - strcat(path, "/"); - strcat(path, SYSFS_DRIVERS_NAME); + safestrcpy(path, SYSFS_BUS_NAME); + safestrcat(path, "/"); + safestrcat(path, dev->bus); + safestrcat(path, "/"); + safestrcat(path, SYSFS_DRIVERS_NAME); - strcpy(devpath, dev->path); + safestrcpy(devpath, dev->path); c = strstr(devpath, SYSFS_DEVICES_NAME); if (c == NULL) return 1; *c = '\0'; - strcat(c, path); + safestrcatmax(c, path, (sizeof(devpath) - strlen(devpath))); drvlist = sysfs_open_subsystem_list(path); if (drvlist != NULL) { dlist_for_each_data(drvlist, drv, char) { - strcpy(path, devpath); - strcat(path, "/"); - strcat(path, drv); - strcat(path, "/"); - strcat(path, dev->bus_id); + safestrcpy(path, devpath); + safestrcat(path, "/"); + safestrcat(path, drv); + safestrcat(path, "/"); + safestrcat(path, dev->bus_id); if (sysfs_path_is_link(path) == 0) { - strcpy(dev->driver_name, drv); + safestrcpy(dev->driver_name, drv); sysfs_close_list(drvlist); return 0; } @@ -92,13 +92,12 @@ int sysfs_get_device_bus(struct sysfs_device *dev) } memset(subsys, 0, SYSFS_NAME_LEN); - strcat(subsys, "/"); - strcpy(subsys, SYSFS_BUS_NAME); /* subsys = /bus */ + safestrcpy(subsys, SYSFS_BUS_NAME); /* subsys = bus */ buslist = sysfs_open_subsystem_list(subsys); if (buslist != NULL) { dlist_for_each_data(buslist, bus, char) { memset(path, 0, SYSFS_PATH_MAX); - strcpy(path, dev->path); + safestrcpy(path, dev->path); c = strstr(path, "/devices"); if (c == NULL) { dprintf("Invalid path to device %s\n", path); @@ -106,25 +105,25 @@ int sysfs_get_device_bus(struct sysfs_device *dev) return -1; } *c = '\0'; - strcat(path, "/"); - strcat(path, SYSFS_BUS_NAME); - strcat(path, "/"); - strcat(path, bus); - strcat(path, "/"); - strcat(path, SYSFS_DEVICES_NAME); - strcat(path, "/"); - strcat(path, dev->bus_id); + safestrcat(path, "/"); + safestrcat(path, SYSFS_BUS_NAME); + safestrcat(path, "/"); + safestrcat(path, bus); + safestrcat(path, "/"); + safestrcat(path, SYSFS_DEVICES_NAME); + safestrcat(path, "/"); + safestrcat(path, dev->bus_id); if ((sysfs_path_is_link(path)) == 0) { memset(target, 0, SYSFS_PATH_MAX); if ((sysfs_get_link(path, target, - SYSFS_PATH_MAX)) != 0) { + SYSFS_PATH_MAX)) != 0) { dprintf("Error getting link target\n"); sysfs_close_list(buslist); return -1; } if (!(strncmp(target, dev->path, SYSFS_PATH_MAX))) { - strcpy(dev->bus, bus); + safestrcpy(dev->bus, bus); sysfs_close_list(buslist); return 0; } @@ -247,7 +246,7 @@ struct sysfs_device *sysfs_open_device_path(const char *path) sysfs_close_device(dev); return NULL; } - strcpy(dev->path, path); + safestrcpy(dev->path, path); if ((sysfs_remove_trailing_slash(dev->path)) != 0) { dprintf("Invalid path to device %s\n", dev->path); sysfs_close_device(dev); @@ -258,14 +257,14 @@ struct sysfs_device *sysfs_open_device_path(const char *path) * sysfs representation instead, in the "dev->name" field, which * implies that the dev->name and dev->bus_id contain same data. */ - strncpy(dev->name, dev->bus_id, SYSFS_NAME_LEN); + safestrcpy(dev->name, dev->bus_id); if (sysfs_get_device_bus(dev) != 0) dprintf("Could not get device bus\n"); if (get_dev_driver(dev) != 0) { dprintf("Could not get device %s's driver\n", dev->bus_id); - strcpy(dev->driver_name, SYSFS_UNKNOWN); + safestrcpy(dev->driver_name, SYSFS_UNKNOWN); } return dev; @@ -396,10 +395,10 @@ struct sysfs_root_device *sysfs_open_root_device(const char *name) return NULL; } - strcat(rootpath, "/"); - strcat(rootpath, SYSFS_DEVICES_NAME); - strcat(rootpath, "/"); - strcat(rootpath, name); + safestrcat(rootpath, "/"); + safestrcat(rootpath, SYSFS_DEVICES_NAME); + safestrcat(rootpath, "/"); + safestrcat(rootpath, name); if ((sysfs_path_is_dir(rootpath)) != 0) { errno = EINVAL; dprintf("Invalid root device: %s\n", name); @@ -411,8 +410,8 @@ struct sysfs_root_device *sysfs_open_root_device(const char *name) dprintf("calloc failure\n"); return NULL; } - strcpy(root->name, name); - strcpy(root->path, rootpath); + safestrcpy(root->name, name); + safestrcpy(root->path, rootpath); if ((sysfs_remove_trailing_slash(root->path)) != 0) { dprintf("Invalid path to root device %s\n", root->path); sysfs_close_root_device(root); @@ -518,14 +517,14 @@ static int get_device_absolute_path(const char *device, const char *bus, dprintf ("Sysfs not supported on this system\n"); return -1; } - strcat(bus_path, "/"); - strcat(bus_path, SYSFS_BUS_NAME); - strcat(bus_path, "/"); - strcat(bus_path, bus); - strcat(bus_path, "/"); - strcat(bus_path, SYSFS_DEVICES_NAME); - strcat(bus_path, "/"); - strcat(bus_path, device); + safestrcat(bus_path, "/"); + safestrcat(bus_path, SYSFS_BUS_NAME); + safestrcat(bus_path, "/"); + safestrcat(bus_path, bus); + safestrcat(bus_path, "/"); + safestrcat(bus_path, SYSFS_DEVICES_NAME); + safestrcat(bus_path, "/"); + safestrcat(bus_path, device); /* * We now are at /sys/bus/"bus_name"/devices/"device" which is a link. * Now read this link to reach to the device. @@ -592,13 +591,13 @@ struct sysfs_device *sysfs_get_device_parent(struct sysfs_device *dev) return (dev->parent); memset(ppath, 0, SYSFS_PATH_MAX); - strcpy(ppath, dev->path); + safestrcpy(ppath, dev->path); tmp = strrchr(ppath, '/'); if (tmp == NULL) { dprintf("Invalid path to device %s\n", ppath); return NULL; } - if (*(tmp +1) == '\0') { + if (*(tmp + 1) == '\0') { *tmp = '\0'; tmp = strrchr(tmp, '/'); if (tmp == NULL) { @@ -611,7 +610,7 @@ struct sysfs_device *sysfs_get_device_parent(struct sysfs_device *dev) /* * All "devices" have the "detach_state" attribute - validate here */ - strcat(ppath, "/detach_state"); + safestrcat(ppath, "/detach_state"); if ((sysfs_path_is_file(ppath)) != 0) { dprintf("Device at %s does not have a parent\n", dev->path); return NULL; @@ -655,8 +654,8 @@ struct sysfs_attribute *sysfs_open_device_attr(const char *bus, dprintf("Error getting to device %s\n", bus_id); return NULL; } - strcat(devpath, "/"); - strcat(devpath, attrib); + safestrcat(devpath, "/"); + safestrcat(devpath, attrib); attribute = sysfs_open_attribute(devpath); if (attribute == NULL) { dprintf("Error opening attribute %s for device %s\n", diff --git a/lib/sysfs_dir.c b/lib/sysfs_dir.c index da7d85a..6936904 100644 --- a/lib/sysfs_dir.c +++ b/lib/sysfs_dir.c @@ -58,9 +58,9 @@ static int dir_attribute_name_equal(void *a, void *b) if (a == NULL || b == NULL) return 0; - if (strcmp(((char *)a), ((struct sysfs_attribute *)b)->name) - == 0) + if (strcmp(((char *)a), ((struct sysfs_attribute *)b)->name) == 0) return 1; + return 0; } @@ -75,9 +75,9 @@ static int dir_link_name_equal(void *a, void *b) if (a == NULL || b == NULL) return 0; - if (strcmp(((char *)a), ((struct sysfs_link *)b)->name) - == 0) + if (strcmp(((char *)a), ((struct sysfs_link *)b)->name) == 0) return 1; + return 0; } @@ -92,9 +92,9 @@ static int dir_subdir_name_equal(void *a, void *b) if (a == NULL || b == NULL) return 0; - if (strcmp(((char *)a), ((struct sysfs_directory *)b)->name) - == 0) + if (strcmp(((char *)a), ((struct sysfs_directory *)b)->name) == 0) return 1; + return 0; } @@ -140,14 +140,13 @@ struct sysfs_attribute *sysfs_open_attribute(const char *path) dprintf("Error allocating attribute at %s\n", path); return NULL; } - if (sysfs_get_name_from_path(path, sysattr->name, SYSFS_NAME_LEN) - != 0) { - dprintf("Error retrieving attribute name from path: %s\n", - path); + if (sysfs_get_name_from_path(path, sysattr->name, + SYSFS_NAME_LEN) != 0) { + dprintf("Error retrieving attrib name from path: %s\n", path); sysfs_close_attribute(sysattr); return NULL; } - strncpy(sysattr->path, path, SYSFS_PATH_MAX); + safestrcpy(sysattr->path, path); if ((stat(sysattr->path, &fileinfo)) != 0) { dprintf("Stat failed: No such attribute?\n"); sysattr->method = 0; @@ -237,13 +236,13 @@ int sysfs_write_attribute(struct sysfs_attribute *sysattr, */ if (sysattr->method & SYSFS_METHOD_SHOW) { if (length != sysattr->len) { - sysattr->value = (char *)realloc(sysattr->value, - length); + sysattr->value = (char *)realloc + (sysattr->value, length); sysattr->len = length; - strncpy(sysattr->value, new_value, length); + safestrcpymax(sysattr->value, new_value, length); } else { /*"length" of the new value is same as old one */ - strncpy(sysattr->value, new_value, length); + safestrcpymax(sysattr->value, new_value, length); } } @@ -251,7 +250,6 @@ int sysfs_write_attribute(struct sysfs_attribute *sysattr, return 0; } - /** * sysfs_read_attribute: reads value from attribute * @sysattr: attribute to read @@ -350,7 +348,7 @@ int sysfs_read_attribute_value(const char *attrpath, if (length > vsize) dprintf("Value length %d is larger than supplied buffer %d\n", length, vsize); - strncpy(value, attr->value, vsize); + safestrcpymax(value, attr->value, vsize); sysfs_close_attribute(attr); return 0; @@ -488,7 +486,7 @@ struct sysfs_directory *sysfs_open_directory(const char *path) sysfs_close_directory(sdir); return NULL; } - strncpy(sdir->path, path, SYSFS_PATH_MAX); + safestrcpy(sdir->path, path); return sdir; } @@ -512,7 +510,7 @@ struct sysfs_link *sysfs_open_link(const char *linkpath) dprintf("Error allocating link %s\n", linkpath); return NULL; } - strcpy(ln->path, linkpath); + safestrcpy(ln->path, linkpath); if ((sysfs_get_name_from_path(linkpath, ln->name, SYSFS_NAME_LEN)) != 0 || (sysfs_get_link(linkpath, ln->target, SYSFS_PATH_MAX)) != 0) { errno = EINVAL; @@ -626,9 +624,9 @@ int sysfs_read_dir_attributes(struct sysfs_directory *sysdir) if (0 == strcmp(dirent->d_name, "..")) continue; memset(file_path, 0, SYSFS_PATH_MAX); - strncpy(file_path, sysdir->path, SYSFS_PATH_MAX); - strcat(file_path, "/"); - strcat(file_path, dirent->d_name); + safestrcpy(file_path, sysdir->path); + safestrcat(file_path, "/"); + safestrcat(file_path, dirent->d_name); if ((sysfs_path_is_file(file_path)) == 0) retval = add_attribute(sysdir, file_path); } @@ -665,9 +663,9 @@ int sysfs_read_dir_links(struct sysfs_directory *sysdir) if (0 == strcmp(dirent->d_name, "..")) continue; memset(file_path, 0, SYSFS_PATH_MAX); - strncpy(file_path, sysdir->path, SYSFS_PATH_MAX); - strcat(file_path, "/"); - strcat(file_path, dirent->d_name); + safestrcpy(file_path, sysdir->path); + safestrcat(file_path, "/"); + safestrcat(file_path, dirent->d_name); if ((sysfs_path_is_link(file_path)) == 0) { retval = add_link(sysdir, file_path); if (retval != 0) @@ -707,9 +705,9 @@ int sysfs_read_dir_subdirs(struct sysfs_directory *sysdir) if (0 == strcmp(dirent->d_name, "..")) continue; memset(file_path, 0, SYSFS_PATH_MAX); - strncpy(file_path, sysdir->path, SYSFS_PATH_MAX); - strcat(file_path, "/"); - strcat(file_path, dirent->d_name); + safestrcpy(file_path, sysdir->path); + safestrcat(file_path, "/"); + safestrcat(file_path, dirent->d_name); if ((sysfs_path_is_dir(file_path)) == 0) retval = add_subdirectory(sysdir, file_path); } @@ -747,9 +745,9 @@ int sysfs_read_directory(struct sysfs_directory *sysdir) if (0 == strcmp(dirent->d_name, "..")) continue; memset(file_path, 0, SYSFS_PATH_MAX); - strncpy(file_path, sysdir->path, SYSFS_PATH_MAX); - strcat(file_path, "/"); - strcat(file_path, dirent->d_name); + safestrcpy(file_path, sysdir->path); + safestrcat(file_path, "/"); + safestrcat(file_path, dirent->d_name); if ((lstat(file_path, &astats)) != 0) { dprintf("stat failed\n"); continue; @@ -892,9 +890,9 @@ struct sysfs_attribute *sysfs_get_directory_attribute } } else { memset(new_path, 0, SYSFS_PATH_MAX); - strcpy(new_path, dir->path); - strcat(new_path, "/"); - strcat(new_path, attrname); + safestrcpy(new_path, dir->path); + safestrcat(new_path, "/"); + safestrcat(new_path, attrname); if ((sysfs_path_is_file(new_path)) == 0) { if ((add_attribute(dir, new_path)) == 0) { attr = (struct sysfs_attribute *) diff --git a/lib/sysfs_driver.c b/lib/sysfs_driver.c index 9b9bec0..88d26b5 100644 --- a/lib/sysfs_driver.c +++ b/lib/sysfs_driver.c @@ -102,7 +102,7 @@ struct sysfs_driver *sysfs_open_driver_path(const char *path) free(driver); return NULL; } - strcpy(driver->path, path); + safestrcpy(driver->path, path); if ((sysfs_remove_trailing_slash(driver->path)) != 0) { dprintf("Invalid path to driver %s\n", driver->path); sysfs_close_driver(driver); @@ -327,7 +327,7 @@ struct sysfs_device *sysfs_get_driver_device(struct sysfs_driver *driver, static int get_driver_path(const char *bus, const char *drv, char *path, size_t psize) { - if (bus == NULL || drv == NULL || path == NULL) { + if (bus == NULL || drv == NULL || path == NULL || psize == 0) { errno = EINVAL; return -1; } @@ -335,14 +335,14 @@ static int get_driver_path(const char *bus, const char *drv, dprintf("Error getting sysfs mount path\n"); return -1; } - strcat(path, "/"); - strcat(path, SYSFS_BUS_NAME); - strcat(path, "/"); - strcat(path, bus); - strcat(path, "/"); - strcat(path, SYSFS_DRIVERS_NAME); - strcat(path, "/"); - strcat(path, drv); + safestrcatmax(path, "/", psize); + safestrcatmax(path, SYSFS_BUS_NAME, psize); + safestrcatmax(path, "/", psize); + safestrcatmax(path, bus, psize); + safestrcatmax(path, "/", psize); + safestrcatmax(path, SYSFS_DRIVERS_NAME, psize); + safestrcatmax(path, "/", psize); + safestrcatmax(path, drv, psize); return 0; } @@ -373,8 +373,8 @@ struct sysfs_attribute *sysfs_open_driver_attr(const char *bus, dprintf("Error getting to driver %s\n", drv); return NULL; } - strcat(path, "/"); - strcat(path, attrib); + safestrcat(path, "/"); + safestrcat(path, attrib); attribute = sysfs_open_attribute(path); if (attribute == NULL) { dprintf("Error opening attribute %s for driver %s\n", diff --git a/lib/sysfs_utils.c b/lib/sysfs_utils.c index 58967d2..8b1f56e 100644 --- a/lib/sysfs_utils.c +++ b/lib/sysfs_utils.c @@ -82,7 +82,7 @@ static int sysfs_get_fs_mnt_path(const char *fs_type, if (strcmp(mntent->mnt_type, fs_type) == 0) { dirlen = strlen(mntent->mnt_dir); if (dirlen <= (len - 1)) { - strcpy(mnt_path, mntent->mnt_dir); + safestrcpymax(mnt_path, mntent->mnt_dir, len); } else { dprintf("Error - mount path too long\n"); ret = -1; @@ -118,7 +118,7 @@ int sysfs_get_mnt_path(char *mnt_path, size_t len) } sysfs_path = getenv(SYSFS_PATH_ENV); if (sysfs_path != NULL) { - strncpy(mnt_path, sysfs_path, len); + safestrcpymax(mnt_path, sysfs_path, len); if ((sysfs_remove_trailing_slash(mnt_path)) != 0) return 1; } else @@ -133,8 +133,7 @@ int sysfs_get_mnt_path(char *mnt_path, size_t len) * @name: where to put name * @len: size of name */ -int sysfs_get_name_from_path(const char *path, char *name, - size_t len) +int sysfs_get_name_from_path(const char *path, char *name, size_t len) { char tmp[SYSFS_PATH_MAX]; char *n = NULL; @@ -144,7 +143,7 @@ int sysfs_get_name_from_path(const char *path, char *name, return -1; } memset(tmp, 0, SYSFS_PATH_MAX); - strcpy(tmp, path); + safestrcpy(tmp, path); n = strrchr(tmp, '/'); if (n == NULL) { errno = EINVAL; @@ -159,7 +158,7 @@ int sysfs_get_name_from_path(const char *path, char *name, } } n++; - strncpy(name, n, len); + safestrcpymax(name, n, len); return 0; } @@ -185,7 +184,7 @@ int sysfs_get_link(const char *path, char *target, size_t len) memset(devdir, 0, SYSFS_PATH_MAX); memset(linkpath, 0, SYSFS_PATH_MAX); memset(temp_path, 0, SYSFS_PATH_MAX); - strncpy(devdir, path, SYSFS_PATH_MAX); + safestrcpy(devdir, path); if ((readlink(path, linkpath, SYSFS_PATH_MAX)) < 0) { return -1; @@ -202,7 +201,7 @@ int sysfs_get_link(const char *path, char *target, size_t len) /* * handle the case where link is of type ./abcd/xxx */ - strncpy(temp_path, devdir, SYSFS_PATH_MAX); + safestrcpy(temp_path, devdir); if (*(d+1) == '/') d += 2; else if (*(d+1) == '.') @@ -210,11 +209,11 @@ int sysfs_get_link(const char *path, char *target, size_t len) s = strrchr(temp_path, '/'); if (s != NULL) { *(s+1) = '\0'; - strcat(temp_path, d); + safestrcat(temp_path, d); } else { - strcpy(temp_path, d); + safestrcpy(temp_path, d); } - strncpy(target, temp_path, len); + safestrcpymax(target, temp_path, len); break; /* * relative path @@ -233,24 +232,24 @@ parse_path: if (*s == '/') count++; } - strncpy(s, d, (SYSFS_PATH_MAX-strlen(devdir))); - strncpy(target, devdir, len); + safestrcpymax(s, d, (SYSFS_PATH_MAX-strlen(devdir))); + safestrcpymax(target, devdir, len); break; case '/': /* absolute path - copy as is */ - strncpy(target, linkpath, len); + safestrcpymax(target, linkpath, len); break; default: /* relative path from this directory */ - strncpy(temp_path, devdir, len); + safestrcpy(temp_path, devdir); s = strrchr(temp_path, '/'); if (s != NULL) { *(s+1) = '\0'; - strcat(temp_path, linkpath); + safestrcat(temp_path, linkpath); } else { - strncpy(temp_path, linkpath, len); + safestrcpy(temp_path, linkpath); } - strncpy(target, temp_path, len); + safestrcpymax(target, temp_path, len); } return 0; } @@ -297,8 +296,8 @@ struct dlist *sysfs_open_subsystem_list(char *name) return NULL; } - strcat(sysfs_path, "/"); - strcat(sysfs_path, name); + safestrcat(sysfs_path, "/"); + safestrcat(sysfs_path, name); dir = sysfs_open_directory(sysfs_path); if (dir == NULL) { dprintf("Error opening sysfs_directory at %s\n", sysfs_path); @@ -323,7 +322,7 @@ struct dlist *sysfs_open_subsystem_list(char *name) dlist_for_each_data(dir->subdirs, cur, struct sysfs_directory) { subsys_name = (char *)calloc(1, SYSFS_NAME_LEN); - strcpy(subsys_name, cur->name); + safestrcpymax(subsys_name, cur->name, SYSFS_NAME_LEN); dlist_unshift_sorted(list, subsys_name, sort_char); } } @@ -337,10 +336,13 @@ struct dlist *sysfs_open_subsystem_list(char *name) c = strstr(sysfs_path, SYSFS_CLASS_NAME); if (c == NULL) goto out; - strcpy(c, SYSFS_BLOCK_NAME); + *c = '\0'; + safestrcpymax(c, SYSFS_BLOCK_NAME, + sizeof(sysfs_path) - strlen(sysfs_path)); if ((sysfs_path_is_dir(sysfs_path)) == 0) { subsys_name = (char *)calloc(1, SYSFS_NAME_LEN); - strcpy(subsys_name, SYSFS_BLOCK_NAME); + safestrcpymax(subsys_name, SYSFS_BLOCK_NAME, + SYSFS_NAME_LEN); dlist_unshift_sorted(list, subsys_name, sort_char); } } @@ -369,12 +371,12 @@ struct dlist *sysfs_open_bus_devices_list(char *name) return NULL; } - strcat(sysfs_path, "/"); - strcat(sysfs_path, SYSFS_BUS_NAME); - strcat(sysfs_path, "/"); - strcat(sysfs_path, name); - strcat(sysfs_path, "/"); - strcat(sysfs_path, SYSFS_DEVICES_NAME); + safestrcat(sysfs_path, "/"); + safestrcat(sysfs_path, SYSFS_BUS_NAME); + safestrcat(sysfs_path, "/"); + safestrcat(sysfs_path, name); + safestrcat(sysfs_path, "/"); + safestrcat(sysfs_path, SYSFS_DEVICES_NAME); dir = sysfs_open_directory(sysfs_path); if (dir == NULL) { dprintf("Error opening sysfs_directory at %s\n", sysfs_path); @@ -399,7 +401,7 @@ struct dlist *sysfs_open_bus_devices_list(char *name) dlist_for_each_data(dir->links, cur, struct sysfs_link) { device_name = (char *)calloc(1, SYSFS_NAME_LEN); - strcpy(device_name, cur->name); + safestrcpymax(device_name, cur->name, SYSFS_NAME_LEN); dlist_unshift_sorted(list, device_name, sort_char); } } |