eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-16 21:29:59 +01:00
Code Issues Packages Projects Releases Wiki Activity

Avoid buffer overflow in uuid_or_device.

Browse Source 
The function uuid_or_device is prone to a buffer overflow if a very long
spec has been defined. The range check happens against PATH_MAX, with
i being set to 5 (due to "UUID=" offset of spec), but "/dev/disk/by-uuid"
has been already written into device.

The difference between "/dev/disk/by-uuid" and "UUID=" is 13, therefore
the correct range check must happen against PATH_MAX - 13.
@@ -204,7 +204,7 @@ const char *uuid_or_device(const char *spec)
                strcpy(device, "/dev/disk/by-uuid/");
This commit is contained in:
Tobias Stoeckmann
2016-07-02 19:59:32 +02:00
committed by Milan Broz
parent 67d55d08f8
commit 14ebbce280
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/utils_tools.c
View File

@@ -204,7 +204,7 @@ const char *uuid_or_device(const char *spec)
strcpy(device, "/dev/disk/by-uuid/");
ptr = &device[strlen(device)];
i = uuid_len;
while ((s = spec[i++]) && i < PATH_MAX) {
while ((s = spec[i++]) && i < (PATH_MAX - 13)) {
if (!isxdigit(s) && s != '-')
return spec; /* Bail it out */
if (isalpha(s))