jimzah/openafs
1
0
Fork 0
mirror of https://git.openafs.org/openafs.git synced 2025-01-18 15:00:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Check length before .readonly/.backup suffix

Browse Source 
A few places in the tree check if a volume name ends in
.readonly/.backup, but don't check the string length beforehand. This
can result in looking at a few bytes before the start of the string,
which may contain garbage data, or may be an invalid memory address.

A few commits have fixed this same issue over the years, such as
4221d7acc8 (Fix segmentation fault in vsu_GetVolumeID), but haven't
caught all of them. Try to fix all of the remaining cases here.

Change-Id: I736b8fa2a45dce7e5255aa055bcf7975f68e939a
Reviewed-on: https://gerrit.openafs.org/15525
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
This commit is contained in:
Andrew Deason 2023-08-02 17:33:23 -05:00 committed by Benjamin Kaduk
parent 76879b2879
commit 94c8a458a0
4 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/WINNT/afsd/cm_volume.c
View File

@ -1989,9 +1989,9 @@ cm_VolumeStateByName(cm_volume_t *volp, char *volname)
size_t len = strlen(volname);
cm_vol_state_t *statep;
if (cm_stricmp_utf8N(".readonly", &volname[len-9]) == 0)
if (len >= 9 && cm_stricmp_utf8N(".readonly", &volname[len - 9]) == 0)
statep = &volp->vol[ROVOL];
else if (cm_stricmp_utf8N(".backup", &volname[len-7]) == 0)
else if (len >= 7 && cm_stricmp_utf8N(".backup", &volname[len - 7]) == 0)
statep = &volp->vol[BACKVOL];
else
statep = &volp->vol[RWVOL];

4
src/volser/restorevol.c
View File

@ -948,9 +948,9 @@ WorkerBee(struct cmd_syndesc *as, void *arock)
if (strlcat(rootdir, dh.volumeName, sizeof(rootdir)) >= sizeof(rootdir))
goto str_error_exit;
len = strlen(rootdir);
if (strcmp(".backup", rootdir + len - 7) == 0) {
if (len >= 7 && strcmp(".backup", rootdir + len - 7) == 0) {
rootdir[len - 7] = 0;
} else if (strcmp(".readonly", rootdir + len - 9) == 0) {
} else if (len >= 9 && strcmp(".readonly", rootdir + len - 9) == 0) {
rootdir[len - 9] = 0;
}

4
src/volser/vos.c
View File

@ -174,9 +174,9 @@ VolNameOK(char *name)
size_t total;
total = strlen(name);
if (!strcmp(&name[total - 9], ".readonly")) {
if (total >= 9 && !strcmp(&name[total - 9], ".readonly")) {
return 0;
} else if (!strcmp(&name[total - 7], ".backup")) {
} else if (total >= 7 && !strcmp(&name[total - 7], ".backup")) {
return 0;
} else {
return 1;

4
src/volser/vsutils.c
View File

@ -418,12 +418,12 @@ vsu_ExtractName(char rname[], char name[])
strncpy(sname, name, sizeof(sname));
sname[sizeof(sname) - 1] = '\0';
total = strlen(sname);
if (!strcmp(&sname[total - 9], ".readonly")) {
if (total >= 9 && !strcmp(&sname[total - 9], ".readonly")) {
/*discard the last 8 chars */
sname[total - 9] = '\0';
strcpy(rname, sname);
return 0;
} else if (!strcmp(&sname[total - 7], ".backup")) {
} else if (total >= 7 && !strcmp(&sname[total - 7], ".backup")) {
/*discard last 6 chars */
sname[total - 7] = '\0';
strcpy(rname, sname);