rpms / ding-libs

Clone
Source Code
GIT

Files

f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 main rawhide
  1.   f17
  2.   0001-path_utils-handle-off-by-one-error-in-path_concat.patch
Blob Blame History Raw 
From 6bc68b4dfeaf3320adc58e52dea5530ce2ce8a6c Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Tue, 6 Mar 2012 11:05:53 -0500
Subject: [PATCH 1/2] path_utils: handle off-by-one error in path_concat()

https://fedorahosted.org/sssd/ticket/1230
---
 path_utils/path_utils.c    |    2 +-
 path_utils/path_utils_ut.c |   18 ++++++++++++++----
 2 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/path_utils/path_utils.c b/path_utils/path_utils.c
index 97c845c70f41e071c0d9524172ad3b0b33a84c3b..360d49943436681970691cc829c8039f3a0e8a5f 100644
--- a/path_utils/path_utils.c
+++ b/path_utils/path_utils.c
@@ -210,7 +210,7 @@ int path_concat(char *path, size_t path_size, const char *head, const char *tail
         for (p = tail; *p && *p == '/'; p++);   /* skip any leading slashes in tail */
         if (dst > path)
             if (dst < dst_end) *dst++ = '/';    /* insert single slash between head & tail */
-        for (src = p; *src && dst <= dst_end;) *dst++ = *src++; /* copy tail */
+        for (src = p; *src && dst < dst_end;) *dst++ = *src++; /* copy tail */
         if (*src) return ENOBUFS; /* failed to copy everything */
     }
     *dst = 0;
diff --git a/path_utils/path_utils_ut.c b/path_utils/path_utils_ut.c
index 044e9ea2d12e396f9f68a23bde8b11f6ac3fcc09..fbefcab1eb66b5c36a3d7a74a099f569ea764b3b 100644
--- a/path_utils/path_utils_ut.c
+++ b/path_utils/path_utils_ut.c
@@ -241,16 +241,26 @@ END_TEST
 START_TEST(test_path_concat_neg)
 {
     char small[3];
-    char small2[4];
-    char p2[8];
+    char small2[5];
+    char small3[7];
+    char p2[9];
 
     /* these two test different conditions */
+
+    /* Test if head is longer than the buffer */
     fail_unless(path_concat(small, 3, "/foo", "bar") == ENOBUFS);
-    fail_unless(path_concat(small2, 4, "/foo", "bar") == ENOBUFS);
+
+    /* Test if head is the same length as the buffer */
+    fail_unless(path_concat(small2, 5, "/foo", "bar") == ENOBUFS);
+
+    /* Test if head+tail is the longer than the buffer */
+    fail_unless(path_concat(small3, 7, "/foo", "bar") == ENOBUFS);
 
     /* off-by-one */
+    p2[8] = 1; /* Check whether we've written too far */
     fail_unless(path_concat(p2, 8, "/foo", "bar") == ENOBUFS);
-    fail_unless_str_equal(p2, "/foo/bar");
+    fail_unless(p2[8] == 1); /* This should be untouched */
+    fail_unless_str_equal(p2, "/foo/ba");
 }
 END_TEST
 
-- 
1.7.7.6
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.