am 2c9d8de7
: Merge "Prevent buffer overflows."
* commit '2c9d8de79a0dd7f894c65777a197c86486aff96c': Prevent buffer overflows.
This commit is contained in:
commit
273d354919
3 changed files with 30 additions and 19 deletions
|
@ -20,6 +20,7 @@
|
|||
#include <unistd.h>
|
||||
#include <errno.h>
|
||||
#include <string.h>
|
||||
#include <stdlib.h>
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/ioctl.h>
|
||||
|
@ -35,6 +36,8 @@
|
|||
|
||||
#include "Devmapper.h"
|
||||
|
||||
#define DEVMAPPER_BUFFER_SIZE 4096
|
||||
|
||||
int Devmapper::dumpState(SocketClient *c) {
|
||||
|
||||
char *buffer = (char *) malloc(1024 * 64);
|
||||
|
@ -44,7 +47,7 @@ int Devmapper::dumpState(SocketClient *c) {
|
|||
}
|
||||
memset(buffer, 0, (1024 * 64));
|
||||
|
||||
char *buffer2 = (char *) malloc(4096);
|
||||
char *buffer2 = (char *) malloc(DEVMAPPER_BUFFER_SIZE);
|
||||
if (!buffer2) {
|
||||
SLOGE("Error allocating memory (%s)", strerror(errno));
|
||||
free(buffer);
|
||||
|
@ -82,9 +85,9 @@ int Devmapper::dumpState(SocketClient *c) {
|
|||
do {
|
||||
n = (struct dm_name_list *) (((char *) n) + nxt);
|
||||
|
||||
memset(buffer2, 0, 4096);
|
||||
memset(buffer2, 0, DEVMAPPER_BUFFER_SIZE);
|
||||
struct dm_ioctl *io2 = (struct dm_ioctl *) buffer2;
|
||||
ioctlInit(io2, 4096, n->name, 0);
|
||||
ioctlInit(io2, DEVMAPPER_BUFFER_SIZE, n->name, 0);
|
||||
if (ioctl(fd, DM_DEV_STATUS, io2)) {
|
||||
if (errno != ENXIO) {
|
||||
SLOGE("DM_DEV_STATUS ioctl failed (%s)", strerror(errno));
|
||||
|
@ -121,12 +124,14 @@ void Devmapper::ioctlInit(struct dm_ioctl *io, size_t dataSize,
|
|||
io->version[2] = 0;
|
||||
io->flags = flags;
|
||||
if (name) {
|
||||
strncpy(io->name, name, sizeof(io->name));
|
||||
int ret = strlcpy(io->name, name, sizeof(io->name));
|
||||
if (ret >= sizeof(io->name))
|
||||
abort();
|
||||
}
|
||||
}
|
||||
|
||||
int Devmapper::lookupActive(const char *name, char *ubuffer, size_t len) {
|
||||
char *buffer = (char *) malloc(4096);
|
||||
char *buffer = (char *) malloc(DEVMAPPER_BUFFER_SIZE);
|
||||
if (!buffer) {
|
||||
SLOGE("Error allocating memory (%s)", strerror(errno));
|
||||
return -1;
|
||||
|
@ -141,7 +146,7 @@ int Devmapper::lookupActive(const char *name, char *ubuffer, size_t len) {
|
|||
|
||||
struct dm_ioctl *io = (struct dm_ioctl *) buffer;
|
||||
|
||||
ioctlInit(io, 4096, name, 0);
|
||||
ioctlInit(io, DEVMAPPER_BUFFER_SIZE, name, 0);
|
||||
if (ioctl(fd, DM_DEV_STATUS, io)) {
|
||||
if (errno != ENXIO) {
|
||||
SLOGE("DM_DEV_STATUS ioctl failed for lookup (%s)", strerror(errno));
|
||||
|
@ -160,7 +165,7 @@ int Devmapper::lookupActive(const char *name, char *ubuffer, size_t len) {
|
|||
|
||||
int Devmapper::create(const char *name, const char *loopFile, const char *key,
|
||||
unsigned int numSectors, char *ubuffer, size_t len) {
|
||||
char *buffer = (char *) malloc(4096);
|
||||
char *buffer = (char *) malloc(DEVMAPPER_BUFFER_SIZE);
|
||||
if (!buffer) {
|
||||
SLOGE("Error allocating memory (%s)", strerror(errno));
|
||||
return -1;
|
||||
|
@ -176,7 +181,7 @@ int Devmapper::create(const char *name, const char *loopFile, const char *key,
|
|||
struct dm_ioctl *io = (struct dm_ioctl *) buffer;
|
||||
|
||||
// Create the DM device
|
||||
ioctlInit(io, 4096, name, 0);
|
||||
ioctlInit(io, DEVMAPPER_BUFFER_SIZE, name, 0);
|
||||
|
||||
if (ioctl(fd, DM_DEV_CREATE, io)) {
|
||||
SLOGE("Error creating device mapping (%s)", strerror(errno));
|
||||
|
@ -186,7 +191,7 @@ int Devmapper::create(const char *name, const char *loopFile, const char *key,
|
|||
}
|
||||
|
||||
// Set the legacy geometry
|
||||
ioctlInit(io, 4096, name, 0);
|
||||
ioctlInit(io, DEVMAPPER_BUFFER_SIZE, name, 0);
|
||||
|
||||
char *geoParams = buffer + sizeof(struct dm_ioctl);
|
||||
// bps=512 spc=8 res=32 nft=2 sec=8190 mid=0xf0 spt=63 hds=64 hid=0 bspf=8 rdcl=2 infs=1 bkbs=2
|
||||
|
@ -201,7 +206,7 @@ int Devmapper::create(const char *name, const char *loopFile, const char *key,
|
|||
}
|
||||
|
||||
// Retrieve the device number we were allocated
|
||||
ioctlInit(io, 4096, name, 0);
|
||||
ioctlInit(io, DEVMAPPER_BUFFER_SIZE, name, 0);
|
||||
if (ioctl(fd, DM_DEV_STATUS, io)) {
|
||||
SLOGE("Error retrieving devmapper status (%s)", strerror(errno));
|
||||
free(buffer);
|
||||
|
@ -216,17 +221,19 @@ int Devmapper::create(const char *name, const char *loopFile, const char *key,
|
|||
struct dm_target_spec *tgt;
|
||||
tgt = (struct dm_target_spec *) &buffer[sizeof(struct dm_ioctl)];
|
||||
|
||||
ioctlInit(io, 4096, name, DM_STATUS_TABLE_FLAG);
|
||||
ioctlInit(io, DEVMAPPER_BUFFER_SIZE, name, DM_STATUS_TABLE_FLAG);
|
||||
io->target_count = 1;
|
||||
tgt->status = 0;
|
||||
|
||||
tgt->sector_start = 0;
|
||||
tgt->length = numSectors;
|
||||
|
||||
strcpy(tgt->target_type, "crypt");
|
||||
strlcpy(tgt->target_type, "crypt", sizeof(tgt->target_type));
|
||||
|
||||
char *cryptParams = buffer + sizeof(struct dm_ioctl) + sizeof(struct dm_target_spec);
|
||||
sprintf(cryptParams, "twofish %s 0 %s 0", key, loopFile);
|
||||
snprintf(cryptParams,
|
||||
DEVMAPPER_BUFFER_SIZE - (sizeof(struct dm_ioctl) + sizeof(struct dm_target_spec)),
|
||||
"twofish %s 0 %s 0", key, loopFile);
|
||||
cryptParams += strlen(cryptParams) + 1;
|
||||
cryptParams = (char *) _align(cryptParams, 8);
|
||||
tgt->next = cryptParams - buffer;
|
||||
|
@ -239,7 +246,7 @@ int Devmapper::create(const char *name, const char *loopFile, const char *key,
|
|||
}
|
||||
|
||||
// Resume the new table
|
||||
ioctlInit(io, 4096, name, 0);
|
||||
ioctlInit(io, DEVMAPPER_BUFFER_SIZE, name, 0);
|
||||
|
||||
if (ioctl(fd, DM_DEV_SUSPEND, io)) {
|
||||
SLOGE("Error Resuming (%s)", strerror(errno));
|
||||
|
@ -255,7 +262,7 @@ int Devmapper::create(const char *name, const char *loopFile, const char *key,
|
|||
}
|
||||
|
||||
int Devmapper::destroy(const char *name) {
|
||||
char *buffer = (char *) malloc(4096);
|
||||
char *buffer = (char *) malloc(DEVMAPPER_BUFFER_SIZE);
|
||||
if (!buffer) {
|
||||
SLOGE("Error allocating memory (%s)", strerror(errno));
|
||||
return -1;
|
||||
|
@ -271,7 +278,7 @@ int Devmapper::destroy(const char *name) {
|
|||
struct dm_ioctl *io = (struct dm_ioctl *) buffer;
|
||||
|
||||
// Create the DM device
|
||||
ioctlInit(io, 4096, name, 0);
|
||||
ioctlInit(io, DEVMAPPER_BUFFER_SIZE, name, 0);
|
||||
|
||||
if (ioctl(fd, DM_DEV_REMOVE, io)) {
|
||||
if (errno != ENXIO) {
|
||||
|
|
4
Loop.cpp
4
Loop.cpp
|
@ -190,8 +190,8 @@ int Loop::create(const char *id, const char *loopFile, char *loopDeviceBuffer, s
|
|||
struct loop_info64 li;
|
||||
|
||||
memset(&li, 0, sizeof(li));
|
||||
strncpy((char*) li.lo_crypt_name, id, LO_NAME_SIZE);
|
||||
strncpy((char*) li.lo_file_name, loopFile, LO_NAME_SIZE);
|
||||
strlcpy((char*) li.lo_crypt_name, id, LO_NAME_SIZE);
|
||||
strlcpy((char*) li.lo_file_name, loopFile, LO_NAME_SIZE);
|
||||
|
||||
if (ioctl(fd, LOOP_SET_STATUS64, &li) < 0) {
|
||||
SLOGE("Error setting loopback status (%s)", strerror(errno));
|
||||
|
|
6
vdc.c
6
vdc.c
|
@ -21,6 +21,7 @@
|
|||
#include <signal.h>
|
||||
#include <errno.h>
|
||||
#include <fcntl.h>
|
||||
#include <stdlib.h>
|
||||
|
||||
#include <sys/socket.h>
|
||||
#include <sys/select.h>
|
||||
|
@ -56,6 +57,7 @@ int main(int argc, char **argv) {
|
|||
static int do_cmd(int sock, int argc, char **argv) {
|
||||
char final_cmd[255] = { '\0' };
|
||||
int i;
|
||||
int ret;
|
||||
|
||||
for (i = 1; i < argc; i++) {
|
||||
char *cmp;
|
||||
|
@ -65,7 +67,9 @@ static int do_cmd(int sock, int argc, char **argv) {
|
|||
else
|
||||
asprintf(&cmp, "\"%s\"%s", argv[i], (i == (argc -1)) ? "" : " ");
|
||||
|
||||
strcat(final_cmd, cmp);
|
||||
ret = strlcat(final_cmd, cmp, sizeof(final_cmd));
|
||||
if (ret >= sizeof(final_cmd))
|
||||
abort();
|
||||
free(cmp);
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue