2012-11-08 14:13:55

by Tomas Hozza

Subject: [PATCH] Tools: hv: Fix for long file names from readdir

kvp_get_if_name and kvp_mac_to_if_name copy strings into statically
sized buffers which could be too small to store really long names.

Buffer sizes have been increased and length checks added via snprintf.

Signed-off-by: Tomas Hozza <[email protected]>
---
tools/hv/hv_kvp_daemon.c | 25 ++++++++-----------------
1 file changed, 8 insertions(+), 17 deletions(-)

diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c
index 13c2a14..bbd426c 100644
--- a/tools/hv/hv_kvp_daemon.c
+++ b/tools/hv/hv_kvp_daemon.c
@@ -592,26 +592,22 @@ static char *kvp_get_if_name(char *guid)
DIR *dir;
struct dirent *entry;
FILE *file;
- char *p, *q, *x;
+ char *p, *x;
char *if_name = NULL;
char buf[256];
char *kvp_net_dir = "/sys/class/net/";
- char dev_id[256];
+ char dev_id[512];

dir = opendir(kvp_net_dir);
if (dir == NULL)
return NULL;

- snprintf(dev_id, sizeof(dev_id), "%s", kvp_net_dir);
- q = dev_id + strlen(kvp_net_dir);
-
while ((entry = readdir(dir)) != NULL) {
/*
* Set the state for the next pass.
*/
- *q = '\0';
- strcat(dev_id, entry->d_name);
- strcat(dev_id, "/device/device_id");
+ snprintf(dev_id, sizeof(dev_id), "%s%s/device/device_id", kvp_net_dir,
+ entry->d_name);

file = fopen(dev_id, "r");
if (file == NULL)
@@ -684,28 +680,23 @@ static char *kvp_mac_to_if_name(char *mac)
DIR *dir;
struct dirent *entry;
FILE *file;
- char *p, *q, *x;
+ char *p, *x;
char *if_name = NULL;
char buf[256];
char *kvp_net_dir = "/sys/class/net/";
- char dev_id[256];
+ char dev_id[512];
int i;

dir = opendir(kvp_net_dir);
if (dir == NULL)
return NULL;

- snprintf(dev_id, sizeof(dev_id), kvp_net_dir);
- q = dev_id + strlen(kvp_net_dir);
-
while ((entry = readdir(dir)) != NULL) {
/*
* Set the state for the next pass.
*/
- *q = '\0';
-
- strcat(dev_id, entry->d_name);
- strcat(dev_id, "/address");
+ snprintf(dev_id, sizeof(dev_id), "%s%s/address", kvp_net_dir,
+ entry->d_name);

file = fopen(dev_id, "r");
if (file == NULL)
--
1.7.11.7

2012-11-08 14:34:37

by Olaf Hering

Subject: Re: [PATCH] Tools: hv: Fix for long file names from readdir

On Thu, Nov 08, Tomas Hozza wrote:

> kvp_get_if_name and kvp_mac_to_if_name copy strings into statically
> sized buffers which could be too small to store really long names.

> - char dev_id[256];
> + char dev_id[512];

Shouldnt that be PATH_MAX or similar?

Olaf

2012-11-08 14:52:55

by Tomas Hozza

Subject: Re: [PATCH] Tools: hv: Fix for long file names from readdir

> > - char dev_id[256];
> > + char dev_id[512];
>
> Shouldnt that be PATH_MAX or similar?

dirent->d_name should be PATH_MAX, but it is mostly
not guaranteed. And then the dev_id is concatenated
with two strings so it can exceed 256 bytes.

After discussion with K. Y. Srinivasan I just doubled
the size and added size checks for sanity.

Tomas

2012-11-08 15:59:28

by KY Srinivasan

Subject: RE: [PATCH] Tools: hv: Fix for long file names from readdir

> -----Original Message-----
> From: Tomas Hozza [mailto:[email protected]]
> Sent: Thursday, November 08, 2012 9:53 AM
> To: Olaf Hering
> Cc: [email protected]; [email protected];
> [email protected]; [email protected]; [email protected]; KY
> Srinivasan
> Subject: Re: [PATCH] Tools: hv: Fix for long file names from readdir
>
> > > - char dev_id[256];
> > > + char dev_id[512];
> >
> > Shouldnt that be PATH_MAX or similar?
>
> dirent->d_name should be PATH_MAX, but it is mostly
> not guaranteed. And then the dev_id is concatenated
> with two strings so it can exceed 256 bytes.

PATH_MAX (currently 4096 bytes) I think should suffice.

Regards,

K. Y

????{.n?+???????+%?????ݶ??w??{.n?+????{??G?????{ay?ʇڙ?,j??f???h?????????z_??(?階?ݢj"???m??????G????????????&???~???iO???z??v?^?m????????????I?

2012-11-09 12:48:19

by Tomas Hozza

Subject: [PATCH] Tools: hv: Fix for long file names from readdir

kvp_get_if_name and kvp_mac_to_if_name copy strings into statically
sized buffers which could be too small to store really long names.

Buffer sizes have been changed to PATH_MAX, include "limits.h" where
PATH_MAX is defined was added and length checks ware added via snprintf.

Signed-off-by: Tomas Hozza <[email protected]>
---
tools/hv/hv_kvp_daemon.c | 26 +++++++++-----------------
1 file changed, 9 insertions(+), 17 deletions(-)

diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c
index 13c2a14..54ecb95 100644
--- a/tools/hv/hv_kvp_daemon.c
+++ b/tools/hv/hv_kvp_daemon.c
@@ -44,6 +44,7 @@
#include <fcntl.h>
#include <dirent.h>
#include <net/if.h>
+#include <limits.h>

/*
* KVP protocol: The user mode component first registers with the
@@ -592,26 +593,22 @@ static char *kvp_get_if_name(char *guid)
DIR *dir;
struct dirent *entry;
FILE *file;
- char *p, *q, *x;
+ char *p, *x;
char *if_name = NULL;
char buf[256];
char *kvp_net_dir = "/sys/class/net/";
- char dev_id[256];
+ char dev_id[PATH_MAX];

dir = opendir(kvp_net_dir);
if (dir == NULL)
return NULL;

- snprintf(dev_id, sizeof(dev_id), "%s", kvp_net_dir);
- q = dev_id + strlen(kvp_net_dir);
-
while ((entry = readdir(dir)) != NULL) {
/*
* Set the state for the next pass.
*/
- *q = '\0';
- strcat(dev_id, entry->d_name);
- strcat(dev_id, "/device/device_id");
+ snprintf(dev_id, sizeof(dev_id), "%s%s/device/device_id", kvp_net_dir,
+ entry->d_name);

file = fopen(dev_id, "r");
if (file == NULL)
@@ -684,28 +681,23 @@ static char *kvp_mac_to_if_name(char *mac)
DIR *dir;
struct dirent *entry;
FILE *file;
- char *p, *q, *x;
+ char *p, *x;
char *if_name = NULL;
char buf[256];
char *kvp_net_dir = "/sys/class/net/";
- char dev_id[256];
+ char dev_id[PATH_MAX];
int i;

dir = opendir(kvp_net_dir);
if (dir == NULL)
return NULL;

- snprintf(dev_id, sizeof(dev_id), kvp_net_dir);
- q = dev_id + strlen(kvp_net_dir);
-
while ((entry = readdir(dir)) != NULL) {
/*
* Set the state for the next pass.
*/
- *q = '\0';
-
- strcat(dev_id, entry->d_name);
- strcat(dev_id, "/address");
+ snprintf(dev_id, sizeof(dev_id), "%s%s/address", kvp_net_dir,
+ entry->d_name);

file = fopen(dev_id, "r");
if (file == NULL)
--
1.7.11.7

2012-11-26 20:44:10

by KY Srinivasan

Subject: RE: [PATCH] Tools: hv: Fix for long file names from readdir

> -----Original Message-----
> From: Tomas Hozza [mailto:[email protected]]
> Sent: Friday, November 09, 2012 7:47 AM
> To: [email protected]; KY Srinivasan
> Cc: [email protected]; [email protected];
> [email protected]; [email protected]; [email protected];
> Tomas Hozza
> Subject: [PATCH] Tools: hv: Fix for long file names from readdir
>
> kvp_get_if_name and kvp_mac_to_if_name copy strings into statically
> sized buffers which could be too small to store really long names.
>
> Buffer sizes have been changed to PATH_MAX, include "limits.h" where
> PATH_MAX is defined was added and length checks ware added via snprintf.
>
> Signed-off-by: Tomas Hozza <[email protected]>
Acked-by: K. Y. Srinivasan <[email protected]>

> ---
> tools/hv/hv_kvp_daemon.c | 26 +++++++++-----------------
> 1 file changed, 9 insertions(+), 17 deletions(-)
>
> diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c
> index 13c2a14..54ecb95 100644
> --- a/tools/hv/hv_kvp_daemon.c
> +++ b/tools/hv/hv_kvp_daemon.c
> @@ -44,6 +44,7 @@
> #include <fcntl.h>
> #include <dirent.h>
> #include <net/if.h>
> +#include <limits.h>
>
> /*
> * KVP protocol: The user mode component first registers with the
> @@ -592,26 +593,22 @@ static char *kvp_get_if_name(char *guid)
> DIR *dir;
> struct dirent *entry;
> FILE *file;
> - char *p, *q, *x;
> + char *p, *x;
> char *if_name = NULL;
> char buf[256];
> char *kvp_net_dir = "/sys/class/net/";
> - char dev_id[256];
> + char dev_id[PATH_MAX];
>
> dir = opendir(kvp_net_dir);
> if (dir == NULL)
> return NULL;
>
> - snprintf(dev_id, sizeof(dev_id), "%s", kvp_net_dir);
> - q = dev_id + strlen(kvp_net_dir);
> -
> while ((entry = readdir(dir)) != NULL) {
> /*
> * Set the state for the next pass.
> */
> - *q = '\0';
> - strcat(dev_id, entry->d_name);
> - strcat(dev_id, "/device/device_id");
> + snprintf(dev_id, sizeof(dev_id), "%s%s/device/device_id",
> kvp_net_dir,
> + entry->d_name);
>
> file = fopen(dev_id, "r");
> if (file == NULL)
> @@ -684,28 +681,23 @@ static char *kvp_mac_to_if_name(char *mac)
> DIR *dir;
> struct dirent *entry;
> FILE *file;
> - char *p, *q, *x;
> + char *p, *x;
> char *if_name = NULL;
> char buf[256];
> char *kvp_net_dir = "/sys/class/net/";
> - char dev_id[256];
> + char dev_id[PATH_MAX];
> int i;
>
> dir = opendir(kvp_net_dir);
> if (dir == NULL)
> return NULL;
>
> - snprintf(dev_id, sizeof(dev_id), kvp_net_dir);
> - q = dev_id + strlen(kvp_net_dir);
> -
> while ((entry = readdir(dir)) != NULL) {
> /*
> * Set the state for the next pass.
> */
> - *q = '\0';
> -
> - strcat(dev_id, entry->d_name);
> - strcat(dev_id, "/address");
> + snprintf(dev_id, sizeof(dev_id), "%s%s/address", kvp_net_dir,
> + entry->d_name);
>
> file = fopen(dev_id, "r");
> if (file == NULL)
> --
> 1.7.11.7