0037-proc/devname.c: Use snprintf() in link_name().

Found no problematic use case at the moment, but better safe than sorry.
Also, return an error on snprintf() or readlink() truncation.
This commit is contained in:
Qualys Security Advisory 1970-01-01 00:00:00 +00:00 committed by Craig Small
parent 50b343e068
commit 170397d59c

View File

@ -287,10 +287,11 @@ static int guess_name(char *restrict const buf, unsigned maj, unsigned min){
static int link_name(char *restrict const buf, unsigned maj, unsigned min, int pid, const char *restrict name){ static int link_name(char *restrict const buf, unsigned maj, unsigned min, int pid, const char *restrict name){
struct stat sbuf; struct stat sbuf;
char path[32]; char path[32];
int count; ssize_t count;
sprintf(path, "/proc/%d/%s", pid, name); /* often permission denied */ const int len = snprintf(path, sizeof path, "/proc/%d/%s", pid, name); /* often permission denied */
if(len <= 0 || (size_t)len >= sizeof path) return 0;
count = readlink(path,buf,TTY_NAME_SIZE-1); count = readlink(path,buf,TTY_NAME_SIZE-1);
if(count == -1) return 0; if(count <= 0 || count >= TTY_NAME_SIZE-1) return 0;
buf[count] = '\0'; buf[count] = '\0';
if(stat(buf, &sbuf) < 0) return 0; if(stat(buf, &sbuf) < 0) return 0;
if(min != MINOR_OF(sbuf.st_rdev)) return 0; if(min != MINOR_OF(sbuf.st_rdev)) return 0;