d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix misuse of the basename() and dirname() functions.

Browse Source 
These functions are allowed to overwrite their input. Pull a copy of the
input parameter and call dirname() and basename() on that instead. Do
ensure that we reload the pathname value between calls.
This commit is contained in:
Ed Schouten 2016-09-21 13:02:43 +00:00
parent dab6d6fb5a
commit ecc288634a
1 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
usr.sbin/bhyve/pci_virtio_console.c
View File

@ -264,6 +264,7 @@ pci_vtcon_sock_add(struct pci_vtcon_softc *sc, const char *name,
{ {
struct pci_vtcon_sock *sock; struct pci_vtcon_sock *sock;
struct sockaddr_un sun; struct sockaddr_un sun;
char *pathcopy;
int s = -1, fd = -1, error = 0; int s = -1, fd = -1, error = 0;
sock = calloc(1, sizeof(struct pci_vtcon_sock)); sock = calloc(1, sizeof(struct pci_vtcon_sock));
@ -278,15 +279,24 @@ pci_vtcon_sock_add(struct pci_vtcon_softc *sc, const char *name,
goto out; goto out;
} }
fd = open(dirname(path), O_RDONLY | O_DIRECTORY); pathcopy = strdup(path);
if (pathcopy == NULL) {
error = -1;
goto out;
}
fd = open(dirname(pathcopy), O_RDONLY | O_DIRECTORY);
if (fd < 0) { if (fd < 0) {
free(pathcopy);
error = -1; error = -1;
goto out; goto out;
} }
sun.sun_family = AF_UNIX; sun.sun_family = AF_UNIX;
sun.sun_len = sizeof(struct sockaddr_un); sun.sun_len = sizeof(struct sockaddr_un);
strncpy(sun.sun_path, basename((char *)path), sizeof(sun.sun_path)); strcpy(pathcopy, path);
strncpy(sun.sun_path, basename(pathcopy), sizeof(sun.sun_path));
free(pathcopy);
if (bindat(fd, s, (struct sockaddr *)&sun, sun.sun_len) < 0) { if (bindat(fd, s, (struct sockaddr *)&sun, sun.sun_len) < 0) {
error = -1; error = -1;