diff options
| author | Tobias Stoeckmann | 2019-02-17 22:55:29 +0100 |
|---|---|---|
| committer | Karel Zak | 2019-02-18 13:05:14 +0100 |
| commit | a6fb1ce79dba98c01678561236e9364bedc02b38 (patch) | |
| tree | f8b3588800a3f92f2c81b24db1fa7a4c5dbc1f2b /disk-utils | |
| parent | libfdisk: sanity check, to prevent overlapping partitions from being partly r... (diff) | |
| download | kernel-qcow2-util-linux-a6fb1ce79dba98c01678561236e9364bedc02b38.tar.gz kernel-qcow2-util-linux-a6fb1ce79dba98c01678561236e9364bedc02b38.tar.xz kernel-qcow2-util-linux-a6fb1ce79dba98c01678561236e9364bedc02b38.zip | |
sfdisk: Avoid out of boundary read with readline
It is not guaranteed that the returned string of readline() actually
contains as many bytes as buf can contain.
If bufsz is larger than the allocated memory by readline, an out of
boundary read occurs and leads to undefined behaviour. Most likely
that will be a crash.
This can be reproduced when readline-support is compiled in and when
you directly enter "quit" and "n" (to not write changes back to disk)
when sfdisk was called with any given device.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Diffstat (limited to 'disk-utils')
| -rw-r--r-- | disk-utils/sfdisk.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/disk-utils/sfdisk.c b/disk-utils/sfdisk.c index 3911dda85..52ccc5251 100644 --- a/disk-utils/sfdisk.c +++ b/disk-utils/sfdisk.c @@ -133,7 +133,9 @@ static int get_user_reply(const char *prompt, char *buf, size_t bufsz) p = readline(prompt); if (!p) return 1; - memcpy(buf, p, bufsz); + strncpy(buf, p, bufsz); + if (bufsz != 0) + buf[bufsz - 1] = '\0'; free(p); } else #endif |