From f5a80bd5d3d478354d6044b6d2b9951fd29a8d59 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dan=20Hor=C3=A1k?= Date: Fri, 18 Mar 2011 16:37:54 +0100 Subject: [PATCH 66/66] fdasd: buffer overflow when writing to read-only device Description: fdasd: buffer overflow when writing to read-only device Symptom: When fdasd tries to write to a read-only disk, it fails with a '*** buffer overflow detected ***' error message. Problem: It is expected that fdasd cannot write to a read-only disk, and such an operation should end with a proper error message. The libvtoc code, which writes this message, contains the bug that causes the buffer overflow. Solution: Directly print the error message, without formatting it first in a buffer. --- libvtoc/vtoc.c | 15 +++++---------- 1 files changed, 5 insertions(+), 10 deletions(-) diff --git a/libvtoc/vtoc.c b/libvtoc/vtoc.c index 36269a4..ae1de8c 100644 --- a/libvtoc/vtoc.c +++ b/libvtoc/vtoc.c @@ -146,30 +146,25 @@ static char buffer[85]; */ static void vtoc_error(enum failure why, char *s1, char *s2) { - char error[LINE_LENGTH]; - switch (why) { case unable_to_open: - sprintf(error, "%s opening device '%s' failed.\n%s\n", + fprintf(stderr, "\n%s opening device '%s' failed.\n%s\n", VTOC_ERROR, s1, s2); break; case unable_to_seek: - sprintf(error, "%s seeking device '%s' failed.\n%s\n", + fprintf(stderr, "\n%s seeking device '%s' failed.\n%s\n", VTOC_ERROR, s1, s2); break; case unable_to_write: - sprintf(error, "%s writing to device '%s' failed,\n%s\n", + fprintf(stderr, "\n%s writing to device '%s' failed,\n%s\n", VTOC_ERROR, s1, s2); break; case unable_to_read: - sprintf(error, "%s reading from device '%s' failed.\n%s\n", + fprintf(stderr, "\n%s reading from device '%s' failed.\n%s\n", VTOC_ERROR, s1, s2); break; - default: sprintf(error, "Fatal error\n"); + default: fprintf(stderr, "\nFatal error\n"); } - - fputc('\n', stderr); - fputs(error, stderr); exit(1); } -- 1.7.4